Ertfor.B.30 und Dldr.Agent.dmgo machen meinem Rechner zu schaffen

Wonderblade · 02.05.2010, 15:17

Hallo,

Antivir hat bei mir eine ganze Reihe von Trojanern diagnostiziert.
Jedes mal, wenn ich Windows XP starte, erscheint eine große Latte von Warnhinweisen von Antivir. Ich klicke jeweils auf "Zugriff verweigern" und
sofort kommt der nächste Hinweis. Irgendwann passiert nichts mehr. Ich sehe zwar den Desktop, aber es erscheinen keine Icons und keine Task-Leiste.
Dann rufe ich mit Alt, Steuerung und Entfernen den Task-Manager auf und
sehe, dass der Prozess "slmdmsr.exe" 70 % der CPU-Auslastung ausmacht.
Die "slmdmsr.exe"-Datei findet sich bei mir im system32-Ordner.
Nach ein- oder zweimaligem Neustart des Rechners erscheinen dann die Icons und die Task-Leiste, zusammen mit einer weiteren Reihe von Warnhinweisen.
Dabei ist der "Ertfor.B.30". Weitere Trojaner, die angezeigt werden, heißen "Rootkit.Gen" und "Dldr.Agent.dmgo".
Ich kann dann in der Anfangsphase nach dem Neustart wenig machen und viele Programme, wie z.B. Word, sind erheblich verlangsamt oder stürzen ab.
Was kann ich tun, um die Trojaner von meinem Rechner zu bekommen?

Ich bin für Eure Hilfe sehr dankbar.

Herzlichen Gruß

Wonderblade

Wonderblade · 02.05.2010, 19:05

Ich habe jetzt zwei OTL-Logs erstellt:

OTL logfile created on: 02.05.2010 19:38:35 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

447,00 Mb Total Physical Memory | 124,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 14,28 Gb Free Space | 19,16% Space Free | Partition Type: NTFS
Drive D: | 1,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 229,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\guardgui.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ()
PRC - C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winamp.exe (Nullsoft)
PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\WINDOWS\system32\slmdmsr.exe ( )
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (perfmons) -- File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (BlueSoleil Hid Service) -- C:\Programme\IVT Corporation\BlueSoleil\BTNtService.exe ()
SRV - (Start BT in service) -- C:\Programme\IVT Corporation\BlueSoleil\StartSkysolSvc.exe ()
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SLService) -- C:\WINDOWS\System32\slmdmsr.exe ( )
SRV - (FirebirdServerMAGIXInstance) -- C:\MAGIX\Common\Database\bin\fbserver.exe (The Firebird Project)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (mcdbus) -- C:\WINDOWS\system32\drivers\mcdbus.sys (MagicISO, Inc.)
DRV - (Btcsrusb) -- C:\WINDOWS\system32\drivers\btcusb.sys (IVT Corporation.)
DRV - (BlueletSCOAudio) -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys (IVT Corporation.)
DRV - (BlueletAudio) -- C:\WINDOWS\system32\drivers\blueletaudio.sys (IVT Corporation.)
DRV - (BT) -- C:\WINDOWS\system32\drivers\btnetdrv.sys (IVT Corporation.)
DRV - (BTHidMgr) -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys (IVT Corporation.)
DRV - (BTHidEnum) -- C:\WINDOWS\System32\Drivers\vbtenum.sys (IVT Corporation.)
DRV - (VcommMgr) -- C:\WINDOWS\system32\drivers\VcommMgr.sys (IVT Corporation.)
DRV - (VComm) -- C:\WINDOWS\system32\drivers\VComm.sys (IVT Corporation.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\cvirta.sys (Cisco Systems, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Slntamr) -- C:\WINDOWS\system32\drivers\SLDRV\slntamr.sys ( )
DRV - (SlNtHal) -- C:\WINDOWS\system32\drivers\SLDRV\slnthal.sys ( )
DRV - (SlWdmSup) -- C:\WINDOWS\system32\drivers\SLDRV\slwdmsup.sys ( )
DRV - (Mtlstrm) -- C:\WINDOWS\system32\drivers\SLDRV\mtlstrm.sys ( )
DRV - (RecAgent) -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys ( )
DRV - (Mtlmnt5) -- C:\WINDOWS\system32\drivers\SLDRV\mtlmnt5.sys ( )
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (nvraid) -- C:\WINDOWS\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\system32\drivers\nvatabus.sys (NVIDIA Corporation)
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (SiSRaid2) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys (Silicon Integrated Systems Corp)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (viaagp1) -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys (VIA Technologies, Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://de.yahoo.com/fsc/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "h**p://**/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.71
FF - prefs.js..extensions.enabledItems: videofinder@veoh.com:1.3
FF - prefs.js..extensions.enabledItems: info@mail.youtubeipod.net:1.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.04 09:36:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.04.16 08:45:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.03.17 09:30:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.04.16 08:45:31 | 000,000,000 | ---D | M]

[2008.09.16 00:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.05.02 14:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b6kw6tn1.default\extensions
[2010.04.12 08:56:44 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b6kw6tn1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.04.28 08:35:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b6kw6tn1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.20 10:48:59 | 000,000,000 | ---D | M] (Linkification) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b6kw6tn1.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010.04.30 07:40:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b6kw6tn1.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.05.01 08:26:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b6kw6tn1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007.09.13 08:36:58 | 000,002,386 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\b6kw6tn1.default\searchplugins\siteadvisor.xml
[2010.05.02 14:32:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.03.11 22:18:27 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.11 22:18:27 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.11 22:18:27 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.11 22:18:27 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.11 22:18:27 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2007.10.31 05:42:58 | 000,000,854 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.86.179 officialrespect.net
O2 - BHO: (C:\WINDOWS\system32\m8xaq.dll) - {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - C:\WINDOWS\system32\m8xaq.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Programme\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_3_19_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (eSXi)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (eSXi)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\nerocheck.exe (eSXi)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (eSXi)
O4 - HKLM..\Run: [QuickTime Task] c:\programme\quicktime\qttask .exe (eSXi)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\System32\soundman.exe (eSXi)
O4 - HKLM..\Run: [VTTimer] C:\WINDOWS\System32\vttimer.exe (eSXi)
O4 - HKLM..\Run: [VTTrayp] C:\WINDOWS\System32\vttrayp.exe (eSXi)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] c:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\install .exe (eSXi)
O4 - HKCU..\Run: [hsf87sdhfush87fsufhuie3fddf] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\dnq9tr.exe (eSXi)
O4 - HKCU..\Run: [mcexecwin] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\vgurocutl.dll ()
O4 - HKCU..\Run: [MsnMsgr] C:\Programme\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (eSXi)
O4 - HKCU..\Run: [Veoh] C:\Programme\Veoh Networks\Veoh\VeohClient.exe (eSXi)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\MagicDisc.lnk = C:\Programme\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Programme\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Programme\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Programme\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &Download All by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm ()
O8 - Extra context menu item: &Download by FlashGet - C:\Programme\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm ()
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Download with Youtube2iPod - C:\Programme\Angoe Solutions\ContextMenu.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Download with Youtube2iPod - {73116ADB-B1AF-4062-A2B3-090B57B2E07D} - C:\Programme\Angoe Solutions\Button.htm ()
O9 - Extra 'Tools' menuitem : Download with Youtube2iPod - {73116ADB-B1AF-4062-A2B3-090B57B2E07D} - C:\Programme\Angoe Solutions\Button.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Programme\BitComet\tools\BitCometBHO_1.1.11.30.dll (BitComet)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Programme\Yahoo!\Messenger\YPager.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} h**p://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5334504D-9980-0010-8000-00AA00389B71} h**p://download.microsoft.com/download/0/8/D/08D91A3B-CFF6-45DE-95DF-64415075E344/mpg4sdmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Key error. (Shockwave Flash Object)
O18 - Protocol\Handler\h**p\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\system32\sdra64.exe ()
O20 - HKLM Winlogon: TaskMan - (C:\Dokumente und Einstellungen\***\csrss.exe) - C:\Dokumente und Einstellungen\***\csrss.exe ()
O22 - SharedTaskScheduler: {A2BA40A0-74F1-52BD-F411-00B15A2C8953} - kjsfi8sjefiuoshiefyhiusdhfdf - C:\WINDOWS\system32\m8xaq.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\explorer.exe: Debugger - C:\Programme\Microsoft Common\svchost.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.13 19:13:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.08.14 19:33:12 | 000,000,082 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1cebf950-bffb-11dd-88d7-00c0a8afdcd7}\Shell - "" = AutoRun
O33 - MountPoints2\{1cebf950-bffb-11dd-88d7-00c0a8afdcd7}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{1cebf950-bffb-11dd-88d7-00c0a8afdcd7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2791da1c-4c1c-11dc-867f-00c0a8afdcd7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2791da1c-4c1c-11dc-867f-00c0a8afdcd7}\Shell\AutoRun\command - "" = G:\UDRI\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{2791da1c-4c1c-11dc-867f-00c0a8afdcd7}\Shell\explore\command - "" = G:\UDRI\\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{2791da1c-4c1c-11dc-867f-00c0a8afdcd7}\Shell\open\command - "" = G:\UDRI\\\\\\MUJO.exe -- File not found
O33 - MountPoints2\{5674da2a-b3d8-11de-8a37-00c0a8afdcd7}\Shell - "" = AutoRun
O33 - MountPoints2\{5674da2a-b3d8-11de-8a37-00c0a8afdcd7}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{5674da2a-b3d8-11de-8a37-00c0a8afdcd7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7d8683de-b32d-11da-a145-0002e345a6e2}\Shell\AutoRun\command - "" = ~tmp0.1st.exe
O33 - MountPoints2\{b57186b9-2306-11dd-87eb-00c0a8afdcd7}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Windows Server\yesybr.dll) - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Windows Server\yesybr.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.01 08:01:26 | 000,036,864 | ---- | C] (eSXi) -- C:\WINDOWS\System32\soundman.exe
[2010.04.27 23:19:04 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\rundll32.exe
[2010.04.27 23:19:04 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\rundll32 .exe
[2010.04.27 09:03:04 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.04.27 08:43:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Windows Server
[2010.04.27 08:37:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.04.27 08:37:35 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.04.27 08:26:33 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\soundman.exe
[2010.04.27 08:26:33 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\soundman .exe
[2010.04.27 08:26:30 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\vttrayp.exe
[2010.04.27 08:26:30 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\vttrayp .exe
[2010.04.27 08:26:28 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\vttimer.exe
[2010.04.27 08:26:28 | 000,036,864 | ---- | C] (eSXi) -- C:\Dokumente und Einstellungen\***\vttimer .exe
[2010.04.27 08:25:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Common
[2010.04.27 08:25:47 | 000,000,000 | -HSD | C] -- C:\WINDOWS\System32\lowsec
[2010.04.27 08:25:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Windows Server
[2010.04.21 08:43:03 | 000,000,000 | ---D | C] -- C:\Programme\Audacity
[2010.04.16 14:41:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\pdf24
[2010.04.16 14:40:36 | 000,000,000 | ---D | C] -- C:\Programme\pdf24
[2006.03.13 20:06:34 | 000,015,000 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.02 19:37:04 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.02 19:29:07 | 000,000,250 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.05.02 19:00:11 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2010.05.02 18:00:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2010.05.02 17:00:12 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2010.05.02 16:00:05 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2010.05.02 15:00:06 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2010.05.02 14:38:39 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Musik Wunschliste.doc
[2010.05.02 14:11:31 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.02 14:11:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.02 14:11:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.02 14:11:17 | 469,286,912 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.02 14:09:55 | 008,126,464 | ---- | M] () -- C:\Dokumente und Einstellungen\***\NTUSER.DAT
[2010.05.02 14:09:55 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.05.02 14:00:29 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2010.05.02 13:48:16 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.01 12:00:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2010.05.01 11:00:41 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2010.05.01 10:00:36 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2010.05.01 08:26:49 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.05.01 08:26:41 | 000,036,864 | ---- | M] (eSXi) -- C:\WINDOWS\System32\nerocheck.exe
[2010.05.01 08:26:39 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\soundman.exe
[2010.05.01 08:26:37 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\vttrayp.exe
[2010.05.01 08:26:36 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\vttimer.exe
[2010.05.01 08:26:35 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\rundll32.exe
[2010.05.01 08:25:13 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.05.01 08:01:26 | 000,036,864 | ---- | M] (eSXi) -- C:\WINDOWS\System32\soundman.exe
[2010.05.01 08:01:24 | 000,036,864 | ---- | M] (eSXi) -- C:\WINDOWS\System32\vttrayp.exe
[2010.05.01 08:01:23 | 000,036,864 | ---- | M] (eSXi) -- C:\WINDOWS\System32\vttimer.exe
[2010.04.30 22:13:25 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\~$sik Wunschliste.doc
[2010.04.27 23:19:04 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\rundll32 .exe
[2010.04.27 23:18:24 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\uiubh4.dll
[2010.04.27 08:39:46 | 000,030,000 | ---- | M] () -- C:\WINDOWS\System32\m8xaq.dll
[2010.04.27 08:26:33 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\soundman .exe
[2010.04.27 08:26:30 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\vttrayp .exe
[2010.04.27 08:26:28 | 000,036,864 | ---- | M] (eSXi) -- C:\Dokumente und Einstellungen\***\vttimer .exe
[2010.04.23 14:41:35 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.20 20:18:37 | 000,152,064 | RHS- | M] () -- C:\Dokumente und Einstellungen\***\csrss.exe
[2010.04.18 00:27:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.07 08:06:25 | 001,074,602 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.07 08:06:25 | 000,460,908 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.07 08:06:25 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.07 08:06:25 | 000,085,594 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.07 08:06:25 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.30 22:13:25 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\~$sik Wunschliste.doc
[2010.04.27 23:18:24 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\uiubh4.dll
[2010.04.27 08:39:46 | 000,030,000 | ---- | C] () -- C:\WINDOWS\System32\m8xaq.dll
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2010.04.27 08:27:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2010.04.27 08:27:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2010.04.27 08:27:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2010.04.27 08:27:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2010.04.27 08:27:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2010.04.27 08:27:02 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2010.04.27 08:27:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2010.04.27 08:27:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2010.04.27 08:27:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2010.04.27 08:27:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2010.04.27 08:27:01 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2010.04.27 08:27:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2010.04.20 20:20:05 | 000,152,064 | RHS- | C] () -- C:\Dokumente und Einstellungen\***\csrss.exe
[2009.05.18 16:40:06 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009.01.13 11:29:00 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009.01.13 11:28:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.09.19 23:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.19 23:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.04.22 06:43:46 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.01.06 00:02:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2007.10.26 20:01:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007.10.26 20:01:26 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007.10.26 20:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007.10.26 20:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth2.dll
[2007.10.26 20:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\serauth1.dll
[2007.10.26 20:01:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nsprs.dll
[2007.10.26 19:57:11 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007.10.26 19:57:11 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007.08.19 14:27:14 | 000,000,102 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006.09.07 17:25:23 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.03.14 09:39:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.03.13 20:23:45 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2006.03.13 20:23:45 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2006.03.13 20:23:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2006.03.13 20:23:45 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2006.03.13 20:23:45 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2006.03.13 20:23:45 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2006.03.13 20:20:49 | 000,000,748 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.03.13 20:12:55 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.03.13 20:08:50 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.03.13 20:06:34 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2006.03.13 20:06:34 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2006.03.13 20:06:34 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2006.03.13 19:58:45 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.03.13 19:17:49 | 000,000,778 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.03.13 19:08:57 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004.08.04 14:00:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\drmgs.sys
[2004.08.04 14:00:00 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\comsa32.sys
[2000.02.17 07:20:42 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\slmdmsp.dll
[2000.02.17 07:20:42 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\slmdmgx.dll
[2000.02.17 07:20:42 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\slmdmco.dll
[2000.02.17 07:20:41 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2000.02.17 07:20:36 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2000.02.17 07:19:56 | 000,000,180 | ---- | C] () -- C:\WINDOWS\Option.ini
[2000.02.17 07:16:39 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
< End of report >

Wonderblade · 02.05.2010, 19:29

Und der zweite Log:

OTL Extras logfile created on: 02.05.2010 19:38:35 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

447,00 Mb Total Physical Memory | 124,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,53 Gb Total Space | 14,28 Gb Free Space | 19,16% Space Free | Partition Type: NTFS
Drive D: | 1,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 229,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ***
Current User Name: ***
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"23945:TCP" = 23945:TCP:*:Enabled:BitComet 23945 TCP
"23945:UDP" = 23945:UDP:*:Enabled:BitComet 23945 UDP
"15880:TCP" = 15880:TCP:*:Enabled:utorrent port
"15880:UDP" = 15880:UDP:*:Enabled:utorrent port

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- File not found
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- File not found
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (***)
"C:\Programme\Veoh Networks\Veoh\VeohClient.exe" = C:\Programme\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (eSXi)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\FlashGet Network\FlashGet universal\FlashGet.exe" = C:\Programme\FlashGet Network\FlashGet universal\FlashGet.exe:*:Enabled:Flashget2 -- (FLASHGET)
"C:\Programme\FlashGet Network\FlashGet universal\LiveUpdate.exe" = C:\Programme\FlashGet Network\FlashGet universal\LiveUpdate.exe:*:Enabled:FGLiveUpdate -- File not found
"C:\Programme\FlashGet Network\FlashGet universal\LiveUpdateEx.exe" = C:\Programme\FlashGet Network\FlashGet universal\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx -- File not found
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe" = C:\Programme\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:BlueSoleil -- (IVT Corporation.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B25E12-3E5F-4C13-A637-9EC72A55491E}" = SPSS 15.0 for Windows
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1BCEA516-B4C5-4B2D-BFA0-AB7910BAD862}" = Adobe ExtendScript Toolkit 2
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B8B892-317E-4FDE-9E4D-44B189848A27}" = Adobe Setup
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6815FCDD-401D-481E-BA88-31B4754C2B46}" = Macromedia Flash Player 8
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9A17C96-1348-45CB-BB0A-1BCB3A0F854E}" = Bluesoleil2.7.0.35 VoIP Release 080317
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D504303A-717D-414C-BA9F-FE01093E2EF8}" = Adobe Setup
"{DAA6FBA0-F8D2-4156-87E8-A50A0C419C3C}" = SubAdd 2007 v1.1
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F3CBA4E6-436E-4B51-9651-93830EE38616}" = Windows Messenger 5.1 MUI Pack
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_05ba3a63f36684fe0c5dde2ebe6f8f5" = Adobe InDesign CS3
"Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3
"Adobe_5bc0f8414ec36c555a3e7e5ec2e225e" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"AngoeIPodPlugin_is1" = AngoeIPodPlugin
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSplit Classic (Freeware)_is1" = AviSplit Classic Version 1.43
"BitComet" = BitComet 0.97
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CSCLIB" = Canon Camera Support Core Library
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"EOS Utility" = Canon Utilities EOS Utility
"Firebird SQL Server D" = Firebird SQL Server (D)
"FlashGet 2.0" = FlashGet 2.0
"foobar2000" = foobar2000 v0.9.5
"FreePDF_XP" = FreePDF XP (Remove only)
"FreeRIP_is1" = FreeRIP v2.951
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HijackThis" = HijackThis 1.99.1
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"kazaalite202_is1" = Kazaa Lite 2.6.1
"LegalSounds Music Downloader_is1" = LegalSounds Music Downloader 1.4
"Magic ISO Maker v5.3 (build 0221)" = Magic ISO Maker v5.3 (build 0221)
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE (D)
"MAGIX Fotos auf CD D" = MAGIX Fotos auf CD (D)
"MAGIX Media Suite - Standard Edition D" = MAGIX Media Suite - Standard Edition (D)
"MAGIX Online Druck Service (FS)" = MAGIX Online Druck Service (FS)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monkey's Audio_is1" = Monkey's Audio
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NVEContent!UninstallKey" = NeroVision Express Content
"PhotoStitch" = Canon Utilities PhotoStitch
"Quick AVI Splitter v2.0_is1" = Quick AVI Splitter v2.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scribus 1.3.3.12" = Scribus 1.3.3.12
"SLAMRNTV" = Smart Link 56K Voice Modem
"Soulseek2" = SoulSeek Client 157 test 12c
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UnPacker" = UnPacker 1,3,2,1856
"VLC media player" = VLC media player 0.9.4
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"Yahoo! Companion" = Yahoo! Companion
"Yahoo! Messenger" = Yahoo! Messenger
"You Don't Know Jack 4" = You Don't Know Jack 4 1.00
"YouTube2iPod_is1" = YouTube2iPod 2.0.1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30.04.2010 16:15:32 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung WINWORD.EXE, Version 10.0.6856.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02.05.2010 13:36:48 | Computer Name = ***| Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OTL(2).exe, Version 3.2.4.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

[ System Events ]
Error - 01.05.2010 05:58:20 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 01.05.2010 06:00:20 | Computer Name = *** | Source = DCOM | ID = 10010
Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 02.05.2010 08:00:29 | Computer Name = *** | Source = Schedule | ID = 7901
Description = Der Befehl "At15.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942405

Error - 02.05.2010 08:02:55 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "SmartLinkService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 02.05.2010 08:08:30 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = Dienst "SmartLinkService" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.

Error - 02.05.2010 09:00:06 | Computer Name = *** | Source = Schedule | ID = 7901
Description = Der Befehl "At16.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942405

Error - 02.05.2010 10:00:05 | Computer Name = *** | Source = Schedule | ID = 7901
Description = Der Befehl "At17.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942405

Error - 02.05.2010 11:00:12 | Computer Name = *** | Source = Schedule | ID = 7901
Description = Der Befehl "At18.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942405

Error - 02.05.2010 12:00:05 | Computer Name = *** | Source = Schedule | ID = 7901
Description = Der Befehl "At19.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942405

Error - 02.05.2010 13:00:12 | Computer Name = *** | Source = Schedule | ID = 7901
Description = Der Befehl "At20.job" konnte aufgrund folgenden Fehlers nicht ausgeführt
werden: %%2147942405

< End of report >

Vielen Dank!

Ertfor.B.30 und Dldr.Agent.dmgo machen meinem Rechner zu schaffen

Plagegeister aller Art und deren Bekämpfung: Ertfor.B.30 und Dldr.Agent.dmgo machen meinem Rechner zu schaffen