| |  Schwarzer Desktop, Icons versteckt, "delayed write failed..."
 Wie bei vielen anderen hat der Schädling auch meine Platte mit seiner Anwesenheit beglückt. Was genau macht der Virus/Trojaner/wasauchimmer gerade mit meinem System? Muss ich das Sytem neu aufsetzen? Wäre super wenn mir jemand helfen könnte 
Hier die LogFiles Zitat:
OTL logfile created on: 16.11.2011 21:08:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,48 Mb Total Physical Memory | 261,03 Mb Available Physical Memory | 51,03% Memory free
2,47 Gb Paging File | 2,18 Gb Available in Paging File | 88,13% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 90,45 Gb Total Space | 26,55 Gb Free Space | 29,35% Space Free | Partition Type: FAT32
Drive D: | 90,94 Gb Total Space | 77,15 Gb Free Space | 84,84% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,25 Gb Free Space | 97,22% Space Free | Partition Type: FAT32
Computer Name: ACER-59DE6FF88D | User Name: CSCH1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - F:\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
PRC - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
PRC - C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
MOD - C:\WINDOWS\system32\redmonnt.dll ()
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (NMSAccessU) -- C:\Programme\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MA_CMIDI_InstallerService) -- C:\Programme\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 200(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NvnUsbAudio) -- C:\WINDOWS\system32\drivers\nvnusbaudio.sys (Novation DMS Ltd.)
DRV - (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) -- C:\WINDOWS\system32\drivers\BLKWGU.sys (Belkin Corporation)
DRV - (BCMIDI) -- C:\WINDOWS\system32\drivers\bcmidi2.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (MA_CMIDI) -- C:\WINDOWS\system32\drivers\ma_cmidi.sys (M-Audio)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (int15.sys) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (BCR2000) B-Control Rotary/Fader 2000 (12/23/2004,1.1.1.1) -- C:\WINDOWS\system32\drivers\bcr2000.sys (Behringer Spezielle Studiotechnik GmbH)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (DELTA) Service for Delta Driver (WDM) -- C:\WINDOWS\system32\drivers\delta.sys (Midiman/M-Audio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.wer-kennt-wen.de/start
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.sequencer.de/synthesizer/index.php"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2008.07.02 19:52:38 | 000,000,000 | ---D | M]
[2008.07.02 19:52:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Extensions
[2006.07.18 12:47:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions
[2010.04.27 17:33:20 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.04 14:03:26 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.11.11 16:56:10 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.09.26 14:24:04 | 000,000,000 | -H-D | M] (PitchDark) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009.03.30 20:02:52 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\extensions\moveplayer@movenetworks.com
[2009.07.15 17:57:48 | 000,000,687 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\searchplugins\icq-search.xml
[2009.07.15 17:58:08 | 000,000,950 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\Mozilla\Firefox\Profiles\joa8o0hr.default\searchplugins\icqplugin.xml
[2008.07.02 19:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.03.30 20:41:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\CSCH1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JOA8O0HR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\CSCH1\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JOA8O0HR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 21:23:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.09.01 22:14:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.05 18:44:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2011.10.05 18:44:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.05 18:44:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.05 18:44:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.05 18:44:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.05 18:44:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.11.02 16:54:30 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006.06.22 10:03:46 | 000,000,100 | -H-- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{81801140-fe44-11e0-872f-0016ec1a3802}\Shell - "" = AutoRun
O33 - MountPoints2\{81801140-fe44-11e0-872f-0016ec1a3802}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{81801140-fe44-11e0-872f-0016ec1a3802}\Shell\AutoRun\command - "" = F:\HPLauncher.exe
O33 - MountPoints2\{97e9e4d3-82d3-11db-be04-001150b13bc9}\Shell - "" = AutoRun
O33 - MountPoints2\{97e9e4d3-82d3-11db-be04-001150b13bc9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{97e9e4d3-82d3-11db-be04-001150b13bc9}\Shell\AutoRun\command - "" = J:\LaunchU3.exe
O33 - MountPoints2\{e7a9c166-e9a8-11df-857a-0016ec1a3802}\Shell\AutoRun\command - "" = F:\TranscendService(JF).exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.11.16 20:25:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\CSCH1\Recent
[2011.11.16 20:21:04 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2011.11.16 19:56:34 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2011.11.16 18:33:04 | 000,491,520 | -H-- | C] (Rcvr Inc) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IoWwDnqsYPU.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.11.16 20:39:52 | 000,000,684 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.16 20:39:44 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.16 20:38:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.16 20:38:30 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.16 20:37:20 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011.11.16 18:28:50 | 000,491,520 | -H-- | M] (Rcvr Inc) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IoWwDnqsYPU.exe
[2011.11.16 15:30:44 | 000,001,324 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011.11.15 19:43:42 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011.11.10 18:59:40 | 239,534,758 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\audlab1-8.zip
[2011.11.10 18:43:24 | 036,756,734 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\Cutout-BipolarEP-Audlab8-MP3-Promo.zip
[2011.11.10 18:43:10 | 034,033,893 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\S-Tek-RoteErdeEP-Audlab9-MP3-Promo.zip
[2011.11.10 17:49:10 | 000,236,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.06 11:45:26 | 002,915,824 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\anleitung_sound_windowsxp.pdf
[2011.11.05 20:49:30 | 002,026,713 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\09-patch_panel_pg-2010-d.pdf
[2011.11.05 18:05:34 | 000,653,279 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\PX2000_GER_Rev_D.pdf
[2011.11.02 13:47:12 | 000,006,654 | -H-- | M] () -- C:\Dokumente und Einstellungen\CSCH1\.recently-used.xbel
[2011.10.30 08:20:00 | 000,235,960 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.11.16 20:38:29 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2011.11.16 20:08:26 | 000,000,684 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011.11.10 18:36:24 | 239,534,758 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\audlab1-8.zip
[2011.11.10 18:36:05 | 034,033,893 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\S-Tek-RoteErdeEP-Audlab9-MP3-Promo.zip
[2011.11.10 18:35:51 | 036,756,734 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\Cutout-BipolarEP-Audlab8-MP3-Promo.zip
[2011.11.06 11:45:25 | 002,915,824 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\anleitung_sound_windowsxp.pdf
[2011.11.05 20:49:26 | 002,026,713 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\09-patch_panel_pg-2010-d.pdf
[2011.11.05 18:05:33 | 000,653,279 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Desktop\PX2000_GER_Rev_D.pdf
[2011.11.02 13:47:11 | 000,006,654 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\.recently-used.xbel
[2011.08.18 15:42:28 | 000,036,864 | -H-- | C] () -- C:\WINDOWS\InstFunc.exe
[2010.11.05 18:31:28 | 000,082,289 | RH-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010.09.22 12:34:51 | 000,001,324 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.03 10:23:10 | 000,000,041 | -H-- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2010.04.07 19:05:53 | 000,010,660 | -H-- | C] () -- C:\WINDOWS\hpdj3500.ini
[2009.12.22 20:33:55 | 000,007,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.10.07 01:46:36 | 000,025,752 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009.10.07 01:23:08 | 000,013,584 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009.08.06 15:32:07 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.11.29 13:49:57 | 000,001,725 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\MStereoExpanderpresets.xml
[2008.11.22 11:53:53 | 000,002,892 | -H-- | C] () -- C:\WINDOWS\System32\audcon.sys
[2008.11.22 11:53:41 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\Synsopos.exe
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibytr.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibsfh.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibrty.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\sslibpop.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\ssliblww.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\solejttd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slibdd.dll
[2008.05.06 18:20:27 | 000,002,756 | -H-- | C] () -- C:\WINDOWS\System32\slhpt.dll
[2008.05.05 14:39:49 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2008.05.05 14:39:49 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2008.01.20 13:34:12 | 000,000,522 | -H-- | C] () -- C:\WINDOWS\AN1xEdit.INI
[2007.12.12 19:54:43 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A4W.INI
[2007.12.12 19:54:13 | 000,001,279 | -H-- | C] () -- C:\WINDOWS\pstudio.ini
[2007.12.12 19:54:13 | 000,000,011 | -H-- | C] () -- C:\WINDOWS\album.ini
[2007.11.25 15:17:30 | 000,000,697 | -H-- | C] () -- C:\WINDOWS\Sam9_D.INI
[2007.11.25 15:07:03 | 000,120,200 | -H-- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2007.11.25 15:06:17 | 000,006,768 | -H-- | C] () -- C:\WINDOWS\mgxoschk.ini
[2007.11.19 20:15:27 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.05.19 14:23:12 | 000,001,025 | -H-- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.05.19 14:23:12 | 000,000,342 | -H-- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.05.19 14:23:12 | 000,000,073 | -H-- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.05.18 17:38:30 | 000,000,167 | -H-- | C] () -- C:\WINDOWS\wininit.ini
[2007.04.19 14:12:07 | 000,000,187 | -H-- | C] () -- C:\WINDOWS\OPHC.INI
[2006.09.12 09:42:28 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\Missing.ini
[2006.08.04 13:10:22 | 000,000,253 | -H-- | C] () -- C:\WINDOWS\tm.ini
[2006.08.01 16:18:53 | 000,000,409 | -H-- | C] () -- C:\WINDOWS\cmbtll.ini
[2006.08.01 16:18:53 | 000,000,185 | -H-- | C] () -- C:\WINDOWS\cmbtctl.ini
[2006.08.01 16:18:43 | 000,000,124 | -H-- | C] () -- C:\WINDOWS\combit.ini
[2006.08.01 16:18:43 | 000,000,096 | -H-- | C] () -- C:\WINDOWS\VISKARTE.INI
[2006.07.18 12:47:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2006.07.18 12:47:34 | 000,003,020 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2006.07.11 09:11:48 | 000,236,032 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.07.05 17:40:08 | 000,000,914 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.06.28 11:19:56 | 000,210,944 | -H-- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006.06.27 13:11:59 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\Relax.ini
[2006.06.26 16:47:12 | 000,000,155 | -H-- | C] () -- C:\WINDOWS\imagewiz.ini
[2006.06.22 11:24:01 | 000,073,216 | -H-- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2006.06.01 12:38:02 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2006.06.01 12:04:53 | 000,005,038 | -H-- | C] () -- C:\Dokumente und Einstellungen\CSCH1\Anwendungsdaten\wklnhst.dat
[2006.06.01 11:46:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006.05.17 22:28:14 | 000,016,031 | -H-- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2006.01.05 20:23:29 | 000,104,373 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005.11.02 17:40:46 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.11.02 17:40:38 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2005.11.02 17:25:14 | 000,235,960 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.11.02 17:00:04 | 000,464,256 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.11.02 17:00:04 | 000,445,792 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.11.02 17:00:04 | 000,086,638 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.11.02 17:00:04 | 000,072,998 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.11.02 16:54:52 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005.11.02 16:54:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005.11.02 16:41:20 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.11.02 16:40:12 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.10.19 16:12:06 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\ALaunch.ini
[2005.07.15 09:48:00 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.07.13 03:05:38 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\sis660.bin
[2005.07.12 14:44:42 | 000,015,872 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2005.02.03 11:11:40 | 000,008,073 | -H-- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004.09.07 07:23:00 | 000,156,672 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2004.08.04 05:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 05:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 05:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 05:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 05:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 05:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 05:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 05:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 05:00:00 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 05:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.04 05:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.03.23 16:38:00 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2003.11.26 16:10:18 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis741.bin
[2003.11.26 16:10:12 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\sis760.bin
[2003.03.14 12:24:00 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2003.02.20 17:53:42 | 000,005,702 | -H-- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.09.18 00:45:00 | 000,119,808 | -H-- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002.05.24 17:34:46 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\AMove.exe
[2001.12.26 16:12:30 | 000,065,536 | RH-- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001.08.26 17:04:08 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.26 17:02:42 | 000,004,524 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.07.30 16:33:56 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | RH-- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000.08.22 23:58:54 | 000,058,928 | -H-- | C] () -- C:\WINDOWS\System32\crnsnmp.dll
< End of report >
| Zitat:
OTL Extras logfile created on: 16.11.2011 21:08:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,48 Mb Total Physical Memory | 261,03 Mb Available Physical Memory | 51,03% Memory free
2,47 Gb Paging File | 2,18 Gb Available in Paging File | 88,13% Paging File free
Paging file location(s): [Binary data over 100 bytes]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 90,45 Gb Total Space | 26,55 Gb Free Space | 29,35% Space Free | Partition Type: FAT32
Drive D: | 90,94 Gb Total Space | 77,15 Gb Free Space | 84,84% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,25 Gb Free Space | 97,22% Space Free | Partition Type: FAT32
Computer Name: ACER-59DE6FF88D | User Name: CSCH1 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Steinberg\WaveLab Lite\WaveLab Lite.exe" = C:\Programme\Steinberg\WaveLab Lite\WaveLab Lite.exe:*:Enabled:WaveLab Lite -- (Steinberg Media Technologies)
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\MAGIX\Samplitude_SE_No9\Sam9_D.exe" = C:\Programme\MAGIX\Samplitude_SE_No9\Sam9_D.exe:*:Enabled:Samplitude
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"E:\EasySetupAssistant\wr841n\EasySetupAssistant.exe" = E:\EasySetupAssistant\wr841n\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{060D5B35-5C21-406A-9EAD-370999618F86}" = KORG Legacy Collection VST
"{18D03DE2-D142-4A6C-B346-2FA7C8D76A57}" = BassStation
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379BD39E-F13E-458F-96D8-56BD7F2CC516}" = MA_CMIDI
"{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5D729200-F340-4A74-A1E9-32387CDC63EF}" = OKI Colour Correct Utility
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4810699-E859-43A6-8F40-1743873E72AB}" = Delta
"{A6359CCF-215D-43D9-8366-479D231F2A72}" = Belkin Wireless USB Utility
"{A6457851-5EA9-45B0-AF1D-D2A0A4781CFB}" = MIDI-OX
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{B26E3B0D-C2FA-4370-B068-7C476766F029}" = Microsoft Works
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7EC0699-D82C-4451-B701-C98C330D43AF}" = hp deskjet 3500
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB091860-8C2B-4E49-A543-666373C39E6F}" = microKORG SoundEditor
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Acoustica_is1" = Acoustica 3.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"eLicenser Control" = eLicenser Control
"Eraser" = Eraser
"Euro-Rechnungsdruckerei" = Euro-Rechnungsdruckerei
"FileZilla Client" = FileZilla Client 3.2.0
"FL Studio 10" = FL Studio 10
"FL Studio 8" = FL Studio 8
"FL Studio 9" = FL Studio 9
"FLV Player" = FLV Player 2.0 (build 25)
"FreeAlpha 3" = FreeAlpha 3
"FreePDF_XP" = FreePDF XP (Remove only)
"Genesis Vst" = Genesis Vst
"Glitch One MB VSTi V1.0b_is1" = Glitch One MB VSTi Version 1.0b
"Hardcore" = Hardcore
"IL Download Manager" = IL Download Manager
"iZotope Vinyl_is1" = iZotope Vinyl
"KEYS Alpha" = KEYS Alpha
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"MeldaProduction MStereoExpander" = MeldaProduction MStereoExpander
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"PDF Reader 2" = PDF Reader 2
"PoiZone" = PoiZone
"Prophet '08 Sound Editor_is1" = Prophet '08 Sound Editor Ver. 2.0.1a
"RADVideo" = RAD Video Tools
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Rock V1.06_is1" = Rock
"Sawer" = Sawer
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"StormGate1 1.0c_is1" = StormGate1 1.0c
"Synth1" = Synth1
"Toxic Biohazard" = Toxic Biohazard
"VLC media player" = VideoLAN VLC media player 0.8.6f
"WaveLabLite" = WaveLab Lite
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WWAYM - NWBass V1.1" = WWAYM - NWBass V1.1
"WWAYM - NWEQ V1.21" = WWAYM - NWEQ V1.21
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 25.06.2011 09:34:14 | Computer Name = ACER-59DE6FF88D | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.
Error - 03.08.2011 11:09:02 | Computer Name = ACER-59DE6FF88D | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 03.08.2011 11:09:02 | Computer Name = ACER-59DE6FF88D | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 05.08.2011 12:22:37 | Computer Name = ACER-59DE6FF88D | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 11.0.5510.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 07.09.2011 21:17:50 | Computer Name = ACER-59DE6FF88D | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 13.10.2011 21:01:28 | Computer Name = ACER-59DE6FF88D | Source = MsiInstaller | ID = 1023
Description = Produkt: Microsoft .NET Framework 1.1 - Update "{EFCE7BE0-510E-4932-9475-F44CD90DE16A}"
konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in
der Protokolldatei C:\WINDOWS\TEMP\NDP1.1sp1-KB2572067-X86\NDP1.1sp1-KB2572067-X86-msi.0.log
enthalten.
Error - 13.10.2011 21:01:29 | Computer Name = ACER-59DE6FF88D | Source = NativeWrapper | ID = 5000
Description =
Error - 17.10.2011 13:35:08 | Computer Name = ACER-59DE6FF88D | Source = ESENT | ID = 490
Description = svchost (888) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 25.10.2011 05:44:31 | Computer Name = ACER-59DE6FF88D | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 0.8.6.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 25.10.2011 05:44:32 | Computer Name = ACER-59DE6FF88D | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 0.8.6.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 16.11.2011 15:07:33 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService.
Error - 16.11.2011 15:30:16 | Computer Name = ACER-59DE6FF88D | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
Error - 16.11.2011 15:30:28 | Computer Name = ACER-59DE6FF88D | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig,
der aufgrund folgenden Fehlers nicht gestartet wurde: %%31
Error - 16.11.2011 15:31:19 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip
Error - 16.11.2011 15:37:56 | Computer Name = ACER-59DE6FF88D | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 16.11.2011 15:53:13 | Computer Name = ACER-59DE6FF88D | Source = Service Control Manager | ID = 7034
Description = Dienst "Process Monitor" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
| Besten Dank im Voraus
|
16.11.2011, 21:29
Baum-Darstellung