Skype schickt links an freunde anscheinden ein virus?

mudo121 · 29.08.2010, 21:41

Hi,

Ich habe von ein Kumpel ein Link bekommen

foto

h**p://www.facebook.bodyjoybeauty.com/image_id.php

ich hab halt mal drauf geklickt
leider
Den ich musste feststellen das sich der link an meine freunde weiterleitet
ohe das ich was mach. Ich bin leider noch ein ein anfänger in sache trojaner virus und co. könntet ihr mir da vielleicht weiter helfen was man da tun könnte

und ja hier noch ein paar daten

Habe windows xp professional

Habe das Konstenlose Avira antivir

und firewall dauernd an

vielleicht hilft das weiter

john.doe · 29.08.2010, 21:47

Hallo mudo121 und

Zitat:

ich hab halt mal drauf geklickt

Jo, dann schau doch mal hier => http://www.trojaner-board.de/90118-s...tml#post561130 (3. Absatz)

Vorgestern habe ich das rausgeschickt, es sind statt einer jetzt 6, die das Teil erkennen.

Code:

ATTFilter

File name: 
Picture-8716154.JPG-www.facebook.scr
Submission date: 
2010-08-29 20:42:58 (UTC)
Current status: 
finished
Result: 
6/ 41 (14.6%)	VT Community

not reviewed
 Safety score: - 

Compact 
Print results  Antivirus	Version	Last Update	Result
AhnLab-V3	2010.08.29.00	2010.08.28	-
AntiVir	8.2.4.46	2010.08.29	-
Antiy-AVL	2.0.3.7	2010.08.26	-
Authentium	5.2.0.5	2010.08.28	-
Avast	4.8.1351.0	2010.08.29	-
Avast5	5.0.594.0	2010.08.29	-
AVG	9.0.0.851	2010.08.29	-
BitDefender	7.2	2010.08.29	-
CAT-QuickHeal	11.00	2010.08.28	-
ClamAV	0.96.2.0-git	2010.08.29	-
Comodo	5901	2010.08.29	-
DrWeb	5.0.2.03300	2010.08.29	-
Emsisoft	5.0.0.37	2010.08.29	Trojan.Win32.Meredrop!IK
eSafe	7.0.17.0	2010.08.29	-
eTrust-Vet	36.1.7823	2010.08.27	-
F-Prot	4.6.1.107	2010.08.29	-
F-Secure	9.0.15370.0	2010.08.29	-
Fortinet	4.1.143.0	2010.08.29	-
GData	21	2010.08.29	-
Ikarus	T3.1.1.88.0	2010.08.29	Trojan.Win32.Meredrop
Jiangmin	13.0.900	2010.08.29	-
Kaspersky	7.0.0.125	2010.08.29	-
McAfee	5.400.0.1158	2010.08.29	-
Microsoft	1.6103	2010.08.29	Trojan:Win32/Meredrop
NOD32	5407	2010.08.29	a variant of Win32/Injector.CTQ
Norman	6.05.11	2010.08.29	-
nProtect	2010-08-29.01	2010.08.29	-
Panda	10.0.2.7	2010.08.29	Suspicious file
PCTools	7.0.3.5	2010.08.29	-
Prevx	3.0	2010.08.29	-
Rising	22.62.05.03	2010.08.28	-
Sophos	4.56.0	2010.08.29	-
Sunbelt	6809	2010.08.29	-
SUPERAntiSpyware	4.40.0.1006	2010.08.29	-
Symantec	20101.1.1.7	2010.08.29	-
TheHacker	6.5.2.1.358	2010.08.29	-
TrendMicro	9.120.0.1004	2010.08.29	-
TrendMicro-HouseCall	9.120.0.1004	2010.08.29	-
VBA32	3.12.14.0	2010.08.27	-
ViRobot	2010.8.28.4013	2010.08.29	-
VirusBuster	5.0.27.0	2010.08.29	Trojan.Meredrop.ACPF
Additional information
Show all 
MD5   : fd4dcb2d4dca17301fb6a8f3b29646ba
SHA1  : 1c31a265182d7516b715dd44cde8b0b6d276f8e1
SHA256: 24cc2744101fa9f813ca8aba5c15134f90de89f59cd7b2e7b59076164ba5bdf3
ssdeep: 1536:M9oPWNVc+FzwzTCBMt31DhrCq4GFL3OkCc06yEqZ7/CTvHxWyQ58O11i6qzc:aoeNVc+F+
gMj4GFqej0CTv7O5qzc
File size : 131072 bytes
First seen: 2010-08-28 17:26:16
Last seen : 2010-08-29 20:42:58
TrID: 
Win32 Executable Microsoft Visual Basic 6 (96.9%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck: 
publisher....: Lz5ixxEFh2
copyright....: n/a
product......: EMA
description..: n/a
original name: SAXbXHZeM.exe
internal name: SAXbXHZeM
file version.: 16.874.0267
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1640
timedatestamp....: 0x4C79263F (Sat Aug 28 15:07:43 2010)
machinetype......: 0x14c (I386)

[[ 3 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0xC3FC, 0xD000, 5.59, b33fe1ad09511f5a7f5bdfd7080e3889
.data, 0xE000, 0x13DC, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x10000, 0x103C0, 0x11000, 7.40, 11ffb0df2b8e391684360a3f8abfb92f

[[ 1 import(s) ]]
MSVBVM60.DLL: _CIcos, _adj_fptan, __vbaVarMove, __vbaVarVargNofree, __vbaFreeVar, __vbaAryMove, __vbaLenBstr, __vbaStrVarMove, __vbaFreeVarList, _adj_fdiv_m64, -, _adj_fprem1, __vbaCopyBytes, __vbaStrCat, __vbaLsetFixstr, __vbaHresultCheckObj, -, _adj_fdiv_m32, __vbaAryDestruct, __vbaOnError, _adj_fdiv_m16i, _adj_fdivr_m16i, -, __vbaVarIndexLoad, _CIsin, __vbaErase, -, __vbaVarZero, __vbaChkstk, EVENT_SINK_AddRef, __vbaGenerateBoundsError, __vbaStrCmp, __vbaAryConstruct2, __vbaI2I4, DllFunctionCall, __vbaLbound, __vbaRedimPreserve, _adj_fpatan, __vbaFixstrConstruct, __vbaRedim, __vbaUI1ErrVar, EVENT_SINK_Release, __vbaUI1I2, _CIsqrt, EVENT_SINK_QueryInterface, __vbaStr2Vec, __vbaExceptHandler, _adj_fprem, _adj_fdivr_m64, -, __vbaFPException, -, __vbaUbound, __vbaStrVarVal, __vbaVarCat, -, -, _CIlog, __vbaErrorOverflow, __vbaNew2, __vbaVar2Vec, __vbaInStr, _adj_fdiv_m32i, _adj_fdivr_m32i, Zombie_AddRef, __vbaStrCopy, __vbaI4Str, __vbaFreeStrList, __vbaDerefAry1, _adj_fdivr_m32, _adj_fdiv_r, -, __vbaAryLock, __vbaFpI2, -, _CIatan, __vbaStrMove, __vbaStrVarCopy, _allmul, _CItan, __vbaAryUnlock, _CIexp, __vbaMidStmtBstr, __vbaI4ErrVar, __vbaFreeStr
Symantec reputation:Suspicious.Insight

Klick auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die Liste unter Punkt 2 ab (nur Alternative B). Poste alle drei Logs.

ciao, andreas

mudo121 · 29.08.2010, 22:04

soll ich das gleiche machen was in dem anderen forum steht?

john.doe · 29.08.2010, 22:10

Frage an Radio Eriwan?

Zitat:

Klick auf "Für alle Neuen" in meiner Signatur, lies alles aufmerksam und arbeite die Liste unter Punkt 2 ab (nur Alternative B). Poste alle drei Logs.

ciao, andreas

mudo121 · 29.08.2010, 22:12

aso thx mach ich jetzt mal

john.doe · 29.08.2010, 22:14

Zwei Minuten warte ich noch.

ciao, andreas

mudo121 · 29.08.2010, 22:21

ok habs jetzt mal gemacht

Hier ist der Log Extras:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 29.08.2010 23:16:39 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = E:\Dokumente und Einstellungen\Raphael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 11,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 19,53 Gb Total Space | 4,80 Gb Free Space | 24,58% Space Free | Partition Type: NTFS
Drive D: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 278,55 Gb Total Space | 250,03 Gb Free Space | 89,76% Space Free | Partition Type: NTFS
Drive F: | 244,04 Gb Total Space | 148,56 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 687,37 Gb Total Space | 383,44 Gb Free Space | 55,78% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 403,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RAPHYSPC
Current User Name: Raphael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "E:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- E:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\Steam\Steam.exe" = F:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = E:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"E:\Programme\Microsoft Office\Office12\GROOVE.EXE" = E:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"E:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = E:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"E:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = E:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = H:\Programme\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)
"H:\Programme\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = H:\Programme\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)
"H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\TeamViewer\Version5\TeamViewer.exe" = E:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"F:\Programme\BitTorrent\bittorrent.exe" = F:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe" = H:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"H:\Programme\Dragon Age\bin_ship\daorigins.exe" = H:\Programme\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins -Spiel -- (BioWare)
"H:\Programme\Dragon Age\DAOriginsLauncher.exe" = H:\Programme\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins -Launcher -- (BioWare)
"H:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe" = H:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins -Inhaltsupdater -- (BioWare)
"F:\Programme\Steam\steamapps\common\eve online\bin\ExeFile.exe" = F:\Programme\Steam\steamapps\common\eve online\bin\ExeFile.exe:*:Enabled:CCP ExeFile -- (CCP hf.)
"H:\Programme\505games\1C\Men of War\mow_mp.exe" = H:\Programme\505games\1C\Men of War\mow_mp.exe:*:Enabled:Main executable -- ("Best Way" Corp)
"H:\Programme\Gameforge4D\AirRivals_EN\Launcher.atm" = H:\Programme\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2 -- File not found
"H:\Programme\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe" = H:\Programme\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"H:\Programme\505games\1C\Men of War\outfront_mp.exe" = H:\Programme\505games\1C\Men of War\outfront_mp.exe:*:Enabled:Main executable -- ("Best Way" Corp)
"H:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm" = H:\Programme\Gameforge4D\AirRivals_DE\Launcher.atm:Enabled:GameExe2 -- ()
"H:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe" = H:\Programme\Gameforge4D\AirRivals_DE\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- (Masang Soft)
"H:\Programme\EA Sports\FIFA 08\FIFA08.exe" = H:\Programme\EA Sports\FIFA 08\FIFA08.exe:*:Enabled:FIFA08 -- ()
"F:\Programme\Tunngle\tnglctrl.exe" = F:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"F:\Programme\Tunngle\tunngle.exe" = F:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)
"H:\Programme\EA Sports\FIFA Online\NFE.exe" = H:\Programme\EA Sports\FIFA Online\NFE.exe:*:Enabled:EA SPORTS™ FIFA Online -- (Electronic Arts)
"H:\Programme\Left 4 Dead 2\left4dead2.exe" = H:\Programme\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2 -- ()
"H:\Programme\Activision\Modern Warfare 2\iw4sp.exe" = H:\Programme\Activision\Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp -- ()
"F:\Programme\Steam\steamapps\common\eve online\eve.exe" = F:\Programme\Steam\steamapps\common\eve online\eve.exe:*:Enabled:EVE Online Demo -- (CCP hf.)
"H:\Programme\Activision\Modern Warfare 2\TCSB.exe" = H:\Programme\Activision\Modern Warfare 2\TCSB.exe:*:Enabled:TC Server Browser for Tunngle -- ()
"H:\Programme\Activision\Modern Warfare 2\IWNetServer.exe" = H:\Programme\Activision\Modern Warfare 2\IWNetServer.exe:*:Enabled:IWNetServer -- (Microsoft)
"H:\Programme\Activision\Modern Warfare 2\iw4mp.exe" = H:\Programme\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:  -- ()
"F:\Programme\BuddyW\BuddyW.exe" = F:\Programme\BuddyW\BuddyW.exe:*:Enabled:BuddyW -- ()
"H:\Programme\Starcraft II Beta\Versions\Base15392\SC2.exe" = H:\Programme\Starcraft II Beta\Versions\Base15392\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"H:\Programme\Starcraft II Beta\StarCraft II.exe" = H:\Programme\Starcraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\Programme\Steam\steamapps\common\napoleon total war\Napoleon.exe" = F:\Programme\Steam\steamapps\common\napoleon total war\Napoleon.exe:*:Enabled:Napoleon: Total War -- (The Creative Assembly Ltd)
"F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_Launcher.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator\AvP_DX11.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"F:\Programme\Steam\steamapps\common\aliens vs predator\AvP.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator\AvP.exe:*:Enabled:Aliens vs. Predator -- (Sega Europe Limited)
"F:\Programme\Steam\steamapps\common\aliens vs predator dedicated server\AvP_CLI.exe" = F:\Programme\Steam\steamapps\common\aliens vs predator dedicated server\AvP_CLI.exe:*:Enabled:Aliens vs Predator Dedicated Server -- ()
"H:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = H:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno4Web -- ()
"F:\Programme\Steam\steamapps\common\r.u.s.e. free week end\Ruse.exe" = F:\Programme\Steam\steamapps\common\r.u.s.e. free week end\Ruse.exe:*:Enabled:R.U.S.E. Free Week End -- (Eugen Systems)
"F:\Programme\Steam\steamapps\common\alien swarm\srcds.exe" = F:\Programme\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"F:\Programme\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe" = F:\Programme\Steam\steamapps\common\lead and gold gangs of the wild west\lag_win32_public_dev.exe:*:Enabled:Lead and Gold - Gangs of the Wild West -- ()
"H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- (Electronic Arts Inc.)
"H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat" = H:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde (tm) -- ()
"H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\patchget.dat" = H:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™ -- (Electronic Arts Inc.)
"H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\patchget.dat" = H:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"H:\Programme\Call of Duty - World at War\CoDWaW LanFixed.exe" = H:\Programme\Call of Duty - World at War\CoDWaW LanFixed.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- (Activision Blizzard, Inc.)
"H:\Programme\Call of Duty - World at War\CoDWaWmp.exe" = H:\Programme\Call of Duty - World at War\CoDWaWmp.exe:*:Enabled:Call of Duty(R): World at War Multiplayer -- (Activision Blizzard, Inc.)
"H:\Programme\iTunes\iTunes.exe" = H:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"H:\Programme\Electronic Arts\Der Herr der Ringe® - Die Eroberung™\Conquest.exe" = H:\Programme\Electronic Arts\Der Herr der Ringe® - Die Eroberung™\Conquest.exe:*:Enabled:Game -- (Electronic Arts Inc.)
"H:\Programme\Call of Duty\CoDUOMP.exe" = H:\Programme\Call of Duty\CoDUOMP.exe:*:Enabled:CoDUOMP -- ()
"H:\Programme\Call of Duty\CoDMP.exe" = H:\Programme\Call of Duty\CoDMP.exe:*:Enabled:CoDMP -- ()
"H:\Programme\Mass Effect 2 Demo\Binaries\MassEffect2.exe" = H:\Programme\Mass Effect 2 Demo\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Demo -Spiel -- (BioWare)
"H:\Programme\Mass Effect 2 Demo\MassEffect2Launcher.exe" = H:\Programme\Mass Effect 2 Demo\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Demo -Launcher -- (BioWare)
"H:\Programme\tasofro\th123\th123.exe" = H:\Programme\tasofro\th123\th123.exe:*:Enabled:th123 -- ()
"H:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = H:\Programme\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"F:\Programme\Xfire\Xfire.exe" = F:\Programme\Xfire\Xfire.exe:*:Enabled:Xfire -- (Xfire Inc.)
"F:\Programme\Steam\steamapps\common\boostertrooper\BTroopers.exe" = F:\Programme\Steam\steamapps\common\boostertrooper\BTroopers.exe:*:Enabled:Booster Trooper -- (DnS Development)
"H:\Programme\OGPlanet\LostSaga\autoupgrade.exe" = H:\Programme\OGPlanet\LostSaga\autoupgrade.exe:*:Enabled:LostSaga(upgrade) -- (IO Entertainment Co., Ltd.)
"H:\Programme\OGPlanet\LostSaga\lostsaga.exe" = H:\Programme\OGPlanet\LostSaga\lostsaga.exe:*:Enabled:LostSaga(client) -- (IO Entertainment Co., Ltd.)
"E:\Programme\Google\Google Earth\client\googleearth.exe" = E:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"H:\Programme\StarCraft II\StarCraft II.exe" = H:\Programme\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"H:\Programme\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game" = H:\Programme\Electronic Arts\Command & Conquer 4 Tiberian Twilight\Data\CNC4.game:*:Enabled:Command & Conquer™ 4 -- (Electronic Arts Inc.)
"F:\Programme\Steam\steamapps\common\alien swarm\swarm.exe" = F:\Programme\Steam\steamapps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"F:\Programme\Steam\steamapps\common\alien swarm\bin\SDKLauncher.exe" = F:\Programme\Steam\steamapps\common\alien swarm\bin\SDKLauncher.exe:*:Enabled:Alien Swarm - SDK -- ()
"F:\Programme\Steam\steamapps\mudo121\counter-strike source\hl2.exe" = F:\Programme\Steam\steamapps\mudo121\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"F:\Programme\Steam\steamapps\common\mafia ii\pc\Mafia2.exe" = F:\Programme\Steam\steamapps\common\mafia ii\pc\Mafia2.exe:*:Enabled:Mafia II -- (2K Czech)
"E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Downloads\Picture-8716154.JPG-www.facebook.scr" = E:\WINDOWS\jusched.exe:*:Enabled:Java developer Script Browse -- (Lz5ixxEFh2)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0B5154C0-8F00-4616-B0AB-6240AE80D9CE}" = SimCity™ Societies
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Remove Only)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update &1 für Spiel Men of War
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.17.5.0" = Update &1 für Spiel Men of War
"{19BA95C2-4693-49E5-B454-0C232FFFC452}" = Hearts of Iron 3 - Demo
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{260CA184-10D9-457F-B106-CF5AE0B624A6}_is1" = Elvenstar Mod
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2D9C81F2-CF30-47F9-860E-58DACF92ABC9}" = Razer Arctosa
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5B616A3F-43D9-4F0B-9F49-D39342A98592}" = Creatures of Darkness
"{628C3D50-F524-4C49-A958-672CE7953756}" = Der Herr der Ringe® - Die Eroberung™
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7ED169D4-5053-4166-93DF-53B12AE6C539}" = Energy Saver Advance B9.0316.1
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89173B88-384A-459B-B687-9C0BBC934EF4}" = Die*Sims™*3 Erstelle einen Sim
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8ACE3311-7E11-4D68-BFC8-FC5E2692627B}" = Mass Effect 2 Demo
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1" = “Œ•û”ñ‘z“V‘¥ Ver1.10ƒAƒbƒvƒf[ƒg
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}" = FIFA 10 - Demo
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BF1EC9C0-9C10-11DF-BBC7-005056C00008}" = Google Earth
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E17141A6-211D-5854-61D9-69827A430D82}" = EA Download Manager UI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"{F9942587-59C1-43CC-8B6A-A5DB09CBA735}_is1" = “Œ•û”ê‘z“V
"7-Zip" = 7-Zip 4.65
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AirRivals_DE_is1" = AirRivals_DE 1.0.0.44
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"BuddyW_is1" = BuddyW 1.1.10
"Call of Duty" = Call of Duty
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"Ceville" = Ceville 1.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DBBD4687DB2530A2F7D7FAB13E7DF67638CCA3B9" = Windows Driver Package - Razer (HidUsb) HIDClass  (01/11/2007 1.0)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"Elvenstar Mod 6.0" = Elvenstar Mod 6.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EXPERTool_is1" = EXPERTool 7.5
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"Guild Wars" = GUILD WARS
"Highway Pursuit_is1" = Highway Pursuit v1.1
"Hisoutensoku English" = NSIS Hisoutensoku English
"ie8" = Windows Internet Explorer 8
"InstallShield_{A662E280-64A8-4CF5-8407-13D0808602B3}" = Call of Duty - United Offensive
"LogMeIn Hamachi" = LogMeIn Hamachi
"LostSagaUS" = Lost Saga
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NVIDIA Drivers" = NVIDIA Drivers
"OGPlanet Game Launcher US" = OGPlanet Game Launcher
"Patch for "Men of War"_is1" = Patch 1.17.5 for "Men of War"
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Seven Remix XP" = Seven Remix XP 2.4
"ShotOnline" = ShotOnline
"StarCraft II" = StarCraft II
"Steam App 10680" = Aliens vs. Predator
"Steam App 27920" = Booster Trooper
"Steam App 33310" = R.U.S.E. Free Week End
"Steam App 34030" = Napoleon: Total War
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 50130" = Mafia II
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"Steam App 8510" = EVE Online Demo
"TeamViewer 5" = TeamViewer 5
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.0
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.08.2010 18:55:49 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 27.08.2010 05:22:54 | Computer Name = RAPHYSPC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.08.2010 05:10:00 | Computer Name = RAPHYSPC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 28.08.2010 19:25:51 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 28.08.2010 19:25:51 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 28.08.2010 19:25:51 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100
Description = 424: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 28.08.2010 19:25:51 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 28.08.2010 19:25:51 | Computer Name = RAPHYSPC | Source = Bonjour Service | ID = 100
Description = 436: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 29.08.2010 06:25:39 | Computer Name = RAPHYSPC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
 nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
 
Error - 29.08.2010 16:20:04 | Computer Name = RAPHYSPC | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
 aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x800708ca" (konvertiert
 in 0x800423f4) fehlgeschlagen.
 
[ System Events ]
Error - 30.07.2010 15:22:08 | Computer Name = RAPHYSPC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 7.0.104.53 für die Netzwerkkarte mit der Netzwerkadresse
 00FF98B69C03 wurde durch  den DHCP-Server 7.254.254.254 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 30.07.2010 17:57:07 | Computer Name = RAPHYSPC | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 31.07.2010 16:58:05 | Computer Name = RAPHYSPC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 7.0.104.53 für die Netzwerkkarte mit der Netzwerkadresse
 00FF98B69C03 wurde durch  den DHCP-Server 7.254.254.254 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 01.08.2010 09:42:04 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService.
 
Error - 01.08.2010 13:48:09 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService.
 
Error - 01.08.2010 13:50:12 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrB" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 01.08.2010 13:50:26 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 01.08.2010 14:05:37 | Computer Name = RAPHYSPC | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService.
 
Error - 01.08.2010 15:18:16 | Computer Name = RAPHYSPC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 7.0.104.53 für die Netzwerkkarte mit der Netzwerkadresse
 00FF98B69C03 wurde durch  den DHCP-Server 7.254.254.254 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 02.08.2010 15:10:27 | Computer Name = RAPHYSPC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 7.0.104.53 für die Netzwerkkarte mit der Netzwerkadresse
 00FF98B69C03 wurde durch  den DHCP-Server 7.254.254.254 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
 
< End of report >

--- --- ---

OK hier ist der Log OTL:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.08.2010 23:16:39 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = E:\Dokumente und Einstellungen\Raphael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,00 Gb Available Physical Memory | 11,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 19,53 Gb Total Space | 4,80 Gb Free Space | 24,58% Space Free | Partition Type: NTFS
Drive D: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 278,55 Gb Total Space | 250,03 Gb Free Space | 89,76% Space Free | Partition Type: NTFS
Drive F: | 244,04 Gb Total Space | 148,56 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 687,37 Gb Total Space | 383,44 Gb Free Space | 55,78% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive J: | 403,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RAPHYSPC
Current User Name: Raphael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\WINDOWS\jusched.exe (Lz5ixxEFh2)
PRC - F:\Programme\Steam\GameOverlayUI.exe (Valve Corporation)
PRC - F:\Programme\Steam\steam.exe (Valve Corporation)
PRC - H:\Programme\StarCraft II\Versions\Base15405\SC2.exe (Blizzard Entertainment, Inc.)
PRC - E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - H:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - F:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - F:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - E:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - E:\Programme\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
PRC - E:\Programme\Razer\Arctosa\razertra.exe ()
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Programme\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe (OldTimer Tools)
MOD - E:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - F:\Programme\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TunngleService) -- F:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Apple Mobile Device) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- F:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (StarWindServiceAE) -- E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (DAUpdaterSvc) -- H:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (GEST Service) -- E:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (odserv) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva296) -- E:\WINDOWS\System32\XDva296.sys File not found
DRV - (EagleNT) -- E:\WINDOWS\System32\drivers\EagleNT.sys File not found
DRV - (gdrv) -- E:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PnkBstrK) -- E:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- E:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ElbyCDIO) -- E:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (SCREAMINGBDRIVER) -- E:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- E:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)
DRV - (VClone) -- E:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (nv) -- E:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgio) -- E:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (ArcFltr) -- E:\WINDOWS\system32\drivers\Arctosa.sys (Razer USA Ltd.)
DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (TBPanel) -- E:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- E:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (SaiH5F0D) -- E:\WINDOWS\system32\drivers\SaiH5F0D.sys (Saitek)
DRV - (SaiU5F0D) -- E:\WINDOWS\system32\drivers\SaiU5F0D.sys (Saitek)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - E:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: F:\Programme\Mozilla Firefox\components [2010.07.06 17:12:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: F:\Programme\Mozilla Firefox\plugins [2010.08.19 11:14:39 | 000,000,000 | ---D | M]
 
[2010.06.25 21:37:23 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Extensions
[2010.07.28 13:16:28 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions
[2010.07.03 16:48:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.22 22:03:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.22 21:23:18 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.06 17:12:54 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\eafo3fflauncher@ea.com
 
O1 HOSTS File: ([2001.08.18 14:00:00 | 000,000,820 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Arctosa] E:\Programme\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Java developer Script Browse] E:\WINDOWS\jusched.exe (Lz5ixxEFh2)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] E:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ccleaner] F:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [Java developer Script Browse] E:\WINDOWS\jusched.exe (Lz5ixxEFh2)
O4 - HKCU..\Run: [RocketDock] F:\Programme\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] f:\programme\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.20 22:28:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003.09.19 03:09:22 | 000,000,000 | R--D | M] - J:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003.09.01 01:01:28 | 001,101,824 | R--- | M] () - J:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:46 | 000,000,027 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:25 | 000,001,214 | R--- | M] () - J:\autorun.str -- [ CDFS ]
O33 - MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell - "" = AutoRun
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2003.09.01 01:01:28 | 001,101,824 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.29 23:08:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe
[2010.08.29 22:18:02 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\NtmsData
[2010.08.29 18:34:49 | 000,131,072 | RHS- | C] (Lz5ixxEFh2) -- E:\WINDOWS\jusched.exe
[2010.08.28 16:50:20 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\TS3Client
[2010.08.28 16:50:07 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
[2010.08.23 22:55:27 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Command and Conquer 4
[2010.08.23 08:44:52 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Command and Conquer 4
[2010.08.23 08:44:50 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Electronic_Arts_Inc
[2010.08.19 22:08:39 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\StarCraft II
[2010.08.19 16:14:00 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.08.19 16:11:55 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Google
[2010.08.19 16:10:17 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.08.19 16:09:25 | 000,000,000 | ---D | C] -- E:\Programme\Google
[2010.08.17 17:08:04 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\SimCity Societies
[2010.08.17 17:06:29 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SimCity Societies
[2010.08.17 10:43:39 | 000,000,000 | ---D | C] -- E:\WINDOWS\pss
[2010.08.16 22:04:30 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Pamela Call Recordings
[2010.08.15 21:28:03 | 000,000,000 | ---D | C] -- E:\WINDOWS\Sun
[2010.08.13 21:58:24 | 000,079,256 | ---- | C] (OGPlanet) -- E:\WINDOWS\System32\npOGPPlugin.dll
[2010.08.13 21:58:23 | 000,266,240 | ---- | C] (OGPlanet) -- E:\WINDOWS\System32\OGPIEPlugin.ocx
[2010.08.13 21:58:20 | 000,000,000 | ---D | C] -- E:\Programme\OGPlanet
[2010.08.13 15:34:21 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\BTroopers
[2010.08.13 15:15:50 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire
[2010.08.13 14:53:52 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Xfire
[2010.08.12 11:39:03 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[2010.08.12 11:38:38 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\CAPCOM
[2010.08.12 11:25:56 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\xlive
[2010.08.12 11:25:56 | 000,000,000 | ---D | C] -- E:\Programme\Microsoft Games for Windows - LIVE
[2010.08.11 23:12:49 | 000,000,000 | ---D | C] -- E:\Programme\NVIDIA Corporation
[2010.08.11 00:35:53 | 000,000,000 | ---D | C] -- E:\Programme\Alcohol Soft
[2010.08.11 00:22:26 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Desktop\asd
[2010.08.10 22:06:03 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.08.10 22:06:02 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.08.10 12:33:22 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\2K Games
[2010.08.06 22:14:37 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\FIFA 10 - Demo
[2010.08.06 14:41:09 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Ceville
[2010.08.05 19:57:50 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\vlc
[2010.08.05 19:56:34 | 000,000,000 | ---D | C] -- E:\Programme\VideoLAN
[2010.08.02 14:10:25 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\The Lord of the Rings - Conquest
[2010.08.01 20:01:12 | 000,000,000 | ---D | C] -- E:\Programme\iPod
[62 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.29 23:14:12 | 000,001,090 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.29 23:08:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe
[2010.08.29 23:01:01 | 000,000,230 | ---- | M] () -- E:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.08.29 22:36:15 | 000,001,216 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003UA.job
[2010.08.29 18:34:49 | 000,131,072 | RHS- | M] (Lz5ixxEFh2) -- E:\WINDOWS\jusched.exe
[2010.08.29 16:36:00 | 000,001,164 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003Core.job
[2010.08.29 16:14:00 | 000,001,086 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.29 12:25:51 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- E:\WINDOWS\gdrv.sys
[2010.08.29 12:25:35 | 000,000,262 | ---- | M] () -- E:\WINDOWS\tasks\WGASetup.job
[2010.08.29 12:25:31 | 000,235,289 | ---- | M] () -- E:\WINDOWS\System32\NvApps.xml
[2010.08.29 12:25:28 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010.08.29 12:25:27 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010.08.29 12:25:19 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010.08.29 01:26:37 | 000,000,000 | ---- | M] () -- E:\WINDOWS\System32\Access.dat
[2010.08.29 01:26:31 | 004,194,304 | -H-- | M] () -- E:\Dokumente und Einstellungen\Raphael\NTUSER.DAT
[2010.08.29 01:26:31 | 000,000,190 | -HS- | M] () -- E:\Dokumente und Einstellungen\Raphael\ntuser.ini
[2010.08.28 16:50:11 | 000,001,286 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\TeamSpeak 3 Client.lnk
[2010.08.27 11:26:20 | 000,001,054 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\EA Download Manager.lnk
[2010.08.26 19:21:02 | 000,000,276 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.25 02:00:51 | 002,121,358 | -H-- | M] () -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.19 23:14:49 | 000,000,556 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\CCleaner.exe.lnk
[2010.08.19 16:11:30 | 000,001,887 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.08.17 16:03:47 | 000,000,766 | ---- | M] () -- E:\WINDOWS\CoD.INI
[2010.08.17 10:44:53 | 000,000,552 | ---- | M] () -- E:\WINDOWS\win.ini
[2010.08.17 10:44:53 | 000,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2010.08.13 14:53:50 | 000,000,524 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.08.12 11:04:13 | 000,269,392 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 01:17:47 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2010.08.12 01:17:20 | 000,997,086 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 01:17:20 | 000,448,800 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat
[2010.08.12 01:17:20 | 000,432,492 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010.08.12 01:17:20 | 000,080,108 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat
[2010.08.12 01:17:20 | 000,067,448 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010.08.11 00:40:25 | 000,000,383 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\ax_files.xml
[2010.08.11 00:35:58 | 000,000,805 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Alcohol 120%.lnk
[2010.08.11 00:27:50 | 000,697,328 | ---- | M] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2010.08.10 22:05:50 | 000,000,545 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\LogMeIn Hamachi.lnk
[2010.08.05 19:56:58 | 000,000,691 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.08.04 20:18:10 | 000,000,339 | ---- | M] () -- E:\WINDOWS\CoDUO.INI
[2010.08.01 20:22:51 | 000,137,256 | ---- | M] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.08.01 20:22:42 | 000,218,808 | ---- | M] () -- E:\WINDOWS\System32\PnkBstrB.xtr
[2010.08.01 20:01:44 | 000,001,804 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[62 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
[1 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.28 16:50:11 | 000,001,286 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\TeamSpeak 3 Client.lnk
[2010.08.23 00:44:39 | 000,776,848 | ---- | C] () -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.19 23:14:49 | 000,000,556 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\CCleaner.exe.lnk
[2010.08.19 16:11:30 | 000,001,887 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.08.19 16:09:59 | 000,001,090 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.19 16:09:59 | 000,001,086 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.13 14:53:50 | 000,000,524 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.08.11 00:40:25 | 000,000,383 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\ax_files.xml
[2010.08.11 00:35:58 | 000,000,805 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Alcohol 120%.lnk
[2010.08.10 22:05:50 | 000,000,545 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\LogMeIn Hamachi.lnk
[2010.08.06 14:41:48 | 000,000,002 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\ceville_console_history.txt
[2010.08.05 19:56:58 | 000,000,691 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.08.04 20:09:45 | 000,000,339 | ---- | C] () -- E:\WINDOWS\CoDUO.INI
[2010.08.04 19:48:23 | 000,000,766 | ---- | C] () -- E:\WINDOWS\CoD.INI
[2010.08.01 20:01:44 | 000,001,804 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.07.09 21:00:32 | 000,041,872 | ---- | C] () -- E:\WINDOWS\System32\xfcodec.dll
[2010.07.06 17:14:36 | 000,139,152 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\PnkBstrK.sys
[2010.07.02 18:03:32 | 000,354,816 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2010.07.01 19:20:22 | 000,000,040 | ---- | C] () -- E:\WINDOWS\System32\Sx5363.ini
[2010.06.30 11:22:19 | 000,697,328 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2010.06.25 22:45:51 | 000,137,256 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.06.25 16:26:13 | 000,706,566 | ---- | C] () -- E:\Programme\unins000.exe
[2010.06.25 16:26:13 | 000,035,586 | ---- | C] () -- E:\Programme\unins000.dat
[2010.06.24 23:38:09 | 000,007,680 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- E:\WINDOWS\System32\oeminfo.ini
[2009.07.03 05:11:18 | 000,007,756 | ---- | C] () -- E:\WINDOWS\cadx2.ini
[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- E:\WINDOWS\System32\xlive.dll.cat
 
========== LOP Check ==========
 
[2010.06.27 20:55:34 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare
[2010.06.27 22:55:20 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CCP
[2010.06.25 14:38:06 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core
[2010.07.30 21:10:33 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts
[2010.07.24 11:45:05 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LAG
[2010.07.29 22:12:44 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screaming Bee
[2010.08.17 17:08:06 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SimCity Societies
[2010.07.26 22:59:03 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.06.25 14:34:47 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle
[2010.06.25 16:50:50 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2010.06.25 14:22:02 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.06.25 14:32:24 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Auslogics
[2010.08.22 12:29:35 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\BitTorrent
[2010.07.10 21:29:30 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\BuddyW
[2010.08.23 22:52:12 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Command and Conquer 4
[2010.07.22 21:23:18 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.06.26 20:30:35 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Leadertech
[2010.07.30 15:40:00 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2010.07.31 00:03:16 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Meine Die Schlacht um Mittelerde-Dateien
[2010.07.30 00:34:11 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Meine Die Schlacht um Mittelerde™ II-Dateien
[2010.08.29 18:35:22 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\PriceGong
[2010.06.25 13:58:04 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Razer
[2010.07.29 22:12:46 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Screaming Bee
[2010.07.01 20:14:35 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\TeamViewer
[2010.07.09 13:59:37 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\The Creative Assembly
[2010.08.28 16:51:14 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\TS3Client
[2010.08.25 13:35:15 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Tunngle
[2010.07.18 22:46:20 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Ubisoft
[2010.08.29 23:01:01 | 000,000,230 | ---- | M] () -- E:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2010.08.29 12:25:35 | 000,000,262 | ---- | M] () -- E:\WINDOWS\Tasks\WGASetup.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 130 bytes -> E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7533C49F
< End of report >

--- --- ---

ok bitte schön ^^

john.doe · 29.08.2010, 22:34

Fehlt noch das Log von Malwarebytes. Updaten und vollständiger Scan.

Was ist adobe.com? Sehe ich das erste Mal.

Deinstalliere die Ask-Toolbar.

ciao, andreas

mudo121 · 29.08.2010, 23:01

Soo,
ICh hab jetzt gemacht hier ist der Log:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4504

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

29.08.2010 23:55:52
mbam-log-2010-08-29 (23-55-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131896
Laufzeit: 4 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
E:\WINDOWS\jusched.exe (Trojan.Agent) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\e:\dokumente und einstellungen\raphael\eigene dateien\downloads\picture-8716154.jpg-www.facebook.scr (Trojan.Agent) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
E:\WINDOWS\jusched.exe (Trojan.Agent) -> No action taken.

und ich habe das Ask Toolbar davor deinstalliert

john.doe · 30.08.2010, 20:09

Tunngle und Teamviewer? Ziemlich vertrauensselig.

1.) Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
DRV - (XDva296) -- E:\WINDOWS\System32\XDva296.sys File not found
DRV - (EagleNT) -- E:\WINDOWS\System32\drivers\EagleNT.sys File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fullarticles.net
IE - HKCU\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - E:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - E:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [IMJPMIG8.1] E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Java developer Script Browse] E:\WINDOWS\jusched.exe (Lz5ixxEFh2)
O4 - HKCU..\Run: [Java developer Script Browse] E:\WINDOWS\jusched.exe (Lz5ixxEFh2)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O32 - AutoRun File - [2009.12.20 22:28:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003.09.19 03:09:22 | 000,000,000 | R--D | M] - J:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003.09.01 01:01:28 | 001,101,824 | R--- | M] () - J:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:46 | 000,000,027 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:25 | 000,001,214 | R--- | M] () - J:\autorun.str -- [ CDFS ]
O33 - MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell - "" = AutoRun
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2003.09.01 01:01:28 | 001,101,824 | R--- | M] ()
[2010.08.29 18:34:49 | 000,131,072 | RHS- | C] (Lz5ixxEFh2) -- E:\WINDOWS\jusched.exe
@Alternate Data Stream - 130 bytes -> E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7533C49F
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

2.) Erstelle und poste neue Logs mit OTL.

ciao, andreas

mudo121 · 31.08.2010, 10:24

Also,

Hier ist der Log nach dem Neustart:

All processes killed
========== OTL ==========
Service XDva296 stopped successfully!
Service XDva296 deleted successfully!
File E:\WINDOWS\System32\XDva296.sys File not found not found.
Service EagleNT stopped successfully!
Service EagleNT deleted successfully!
File E:\WINDOWS\System32\drivers\EagleNT.sys File not found not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0063BF63-BFFF-4B8F-9D26-4267DF7F17DD}\ deleted successfully.
E:\WINDOWS\system32\dvmurl.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File E:\Programme\DVDVideoSoftTB\tbDVD1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\ deleted successfully.
File move failed. E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
E:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File E:\Programme\DVDVideoSoftTB\tbDVD1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File E:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File E:\Programme\DVDVideoSoftTB\tbDVD1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File E:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
File E:\Programme\DVDVideoSoftTB\tbDVD1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File E:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IMJPMIG8.1 deleted successfully.
E:\WINDOWS\ime\IMJP8_1\imjpmig.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Java developer Script Browse not found.
File E:\WINDOWS\jusched.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Java developer Script Browse not found.
File E:\WINDOWS\jusched.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Free YouTube to Mp3 Converter\ deleted successfully.
E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully.
E:\Programme\Microsoft Office\Office12\EXCEL.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
E:\Programme\Microsoft Office\Office12\ONBttnIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
File E:\Programme\Microsoft Office\Office12\ONBttnIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
File E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
File E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
E:\Programme\Microsoft Office\Office12\REFIEBAR.DLL moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\AUTOEXEC.BAT moved successfully.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File not found.
File move failed. J:\Autorun.exe scheduled to be moved on reboot.
File move failed. J:\autorun.inf scheduled to be moved on reboot.
File move failed. J:\autorun.str scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cbf590-efd8-11de-bf84-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cbf590-efd8-11de-bf84-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2cbf590-efd8-11de-bf84-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cbf590-efd8-11de-bf84-806d6172696f}\ not found.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\ not found.
File move failed. J:\Autorun.exe scheduled to be moved on reboot.
File E:\WINDOWS\jusched.exe not found.
ADS E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7533C49F deleted successfully.
========== COMMANDS ==========
E:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56504 bytes

User: LocalService

User: NetworkService

User: Raphael
->Flash cache emptied: 58874 bytes

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 69388527 bytes

User: Raphael
->Temp folder emptied: 25927 bytes
->Temporary Internet Files folder emptied: 196742 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 42773369 bytes
->Google Chrome cache emptied: 10316763 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3449388 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 120,00 mb

OTL by OldTimer - Version 3.2.11.0 log created on 08312010_111920

Files\Folders moved on Reboot...
E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll moved successfully.
File move failed. D:\Autorun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.inf scheduled to be moved on reboot.
File\Folder J:\Autorun.exe not found!
File\Folder J:\autorun.inf not found!
File\Folder J:\autorun.str not found!

Registry entries deleted on Reboot...

mudo121 · 31.08.2010, 10:28

Und hier ist der Log nach dem Fix von OTL

Code:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 31.08.2010 11:26:18 - Run 3
OTL by OldTimer - Version 3.2.11.0     Folder = E:\Dokumente und Einstellungen\Raphael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 66,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 19,53 Gb Total Space | 4,80 Gb Free Space | 24,58% Space Free | Partition Type: NTFS
Drive D: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 278,55 Gb Total Space | 250,16 Gb Free Space | 89,81% Space Free | Partition Type: NTFS
Drive F: | 244,04 Gb Total Space | 148,55 Gb Free Space | 60,87% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
Drive H: | 687,37 Gb Total Space | 384,57 Gb Free Space | 55,95% Space Free | Partition Type: NTFS
Drive I: | 1,90 Gb Total Space | 0,92 Gb Free Space | 48,39% Space Free | Partition Type: FAT
Drive J: | 403,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RAPHYSPC
Current User Name: Raphael
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe (OldTimer Tools)
PRC - F:\Programme\Steam\steam.exe (Valve Corporation)
PRC - H:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - F:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - F:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - E:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - E:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - E:\Programme\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
PRC - E:\Programme\Razer\Arctosa\razertra.exe ()
PRC - E:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - F:\Programme\RocketDock\RocketDock.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe (OldTimer Tools)
MOD - E:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - F:\Programme\RocketDock\RocketDock.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TunngleService) -- F:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH)
SRV - (Apple Mobile Device) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- E:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Hamachi2Svc) -- F:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- E:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (StarWindServiceAE) -- E:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (DAUpdaterSvc) -- H:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (GEST Service) -- E:\Programme\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (odserv) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- E:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- E:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (gdrv) -- E:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (sptd) -- E:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (PnkBstrK) -- E:\WINDOWS\system32\drivers\PnkBstrK.sys ()
DRV - (avipbb) -- E:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- E:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- E:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ElbyCDIO) -- E:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (SCREAMINGBDRIVER) -- E:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- E:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net)
DRV - (VClone) -- E:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (nv) -- E:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgio) -- E:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- E:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- E:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- E:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (ArcFltr) -- E:\WINDOWS\system32\drivers\Arctosa.sys (Razer USA Ltd.)
DRV - (HDAudBus) -- E:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (TBPanel) -- E:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (Cardex) -- E:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (SaiH5F0D) -- E:\WINDOWS\system32\drivers\SaiH5F0D.sys (Saitek)
DRV - (SaiU5F0D) -- E:\WINDOWS\system32\drivers\SaiU5F0D.sys (Saitek)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: F:\Programme\Mozilla Firefox\components [2010.07.06 17:12:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: F:\Programme\Mozilla Firefox\plugins [2010.08.19 11:14:39 | 000,000,000 | ---D | M]
 
[2010.06.25 21:37:23 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Extensions
[2010.07.28 13:16:28 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions
[2010.07.03 16:48:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.22 22:03:54 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.22 21:23:18 | 000,000,000 | ---D | M] (No name found) -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.06 17:12:54 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Mozilla\Firefox\Profiles\ovb6z24h.default\extensions\eafo3fflauncher@ea.com
 
O1 HOSTS File: ([2010.08.31 11:19:34 | 000,000,098 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Arctosa] E:\Programme\Razer\Arctosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [avgnt] E:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] E:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AlcoholAutomount] E:\Programme\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [ccleaner] F:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [RocketDock] F:\Programme\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Steam] f:\programme\steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - E:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - E:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2003.09.19 03:09:22 | 000,000,000 | R--D | M] - J:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003.09.01 01:01:28 | 001,101,824 | R--- | M] () - J:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:46 | 000,000,027 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2003.08.31 05:15:25 | 000,001,214 | R--- | M] () - J:\autorun.str -- [ CDFS ]
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell - "" = AutoRun
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f36a1382-a4ce-11df-a8c9-00241dd025a8}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2003.09.01 01:01:28 | 001,101,824 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.31 11:19:20 | 000,000,000 | ---D | C] -- E:\_OTL
[2010.08.29 23:50:28 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Malwarebytes
[2010.08.29 23:50:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.29 23:50:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- E:\WINDOWS\System32\drivers\mbam.sys
[2010.08.29 23:50:16 | 000,000,000 | ---D | C] -- E:\Programme\Malwarebytes' Anti-Malware
[2010.08.29 23:50:16 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.29 23:08:04 | 000,574,976 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe
[2010.08.29 22:18:02 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\NtmsData
[2010.08.28 16:50:20 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\TS3Client
[2010.08.28 16:50:07 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\TeamSpeak 3 Client
[2010.08.23 22:55:27 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Command and Conquer 4
[2010.08.23 08:44:52 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Command and Conquer 4
[2010.08.23 08:44:50 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\Electronic_Arts_Inc
[2010.08.19 22:08:39 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\StarCraft II
[2010.08.19 16:14:00 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.08.19 16:11:55 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Google
[2010.08.19 16:10:17 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.08.19 16:09:25 | 000,000,000 | ---D | C] -- E:\Programme\Google
[2010.08.17 17:08:04 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\SimCity Societies
[2010.08.17 17:06:29 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SimCity Societies
[2010.08.17 10:43:39 | 000,000,000 | ---D | C] -- E:\WINDOWS\pss
[2010.08.16 22:04:30 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Pamela Call Recordings
[2010.08.15 21:28:03 | 000,000,000 | ---D | C] -- E:\WINDOWS\Sun
[2010.08.13 21:58:24 | 000,079,256 | ---- | C] (OGPlanet) -- E:\WINDOWS\System32\npOGPPlugin.dll
[2010.08.13 21:58:23 | 000,266,240 | ---- | C] (OGPlanet) -- E:\WINDOWS\System32\OGPIEPlugin.ocx
[2010.08.13 21:58:20 | 000,000,000 | ---D | C] -- E:\Programme\OGPlanet
[2010.08.13 15:34:21 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\BTroopers
[2010.08.13 15:15:50 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Xfire
[2010.08.13 14:53:52 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\Xfire
[2010.08.12 11:39:03 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[2010.08.12 11:38:38 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\CAPCOM
[2010.08.12 11:25:56 | 000,000,000 | ---D | C] -- E:\WINDOWS\System32\xlive
[2010.08.12 11:25:56 | 000,000,000 | ---D | C] -- E:\Programme\Microsoft Games for Windows - LIVE
[2010.08.11 23:12:49 | 000,000,000 | ---D | C] -- E:\Programme\NVIDIA Corporation
[2010.08.11 00:35:53 | 000,000,000 | ---D | C] -- E:\Programme\Alcohol Soft
[2010.08.11 00:22:26 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Desktop\asd
[2010.08.10 22:06:03 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.08.10 22:06:02 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\LogMeIn Hamachi
[2010.08.10 12:33:22 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\2K Games
[2010.08.06 22:14:37 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\FIFA 10 - Demo
[2010.08.06 14:41:09 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\Ceville
[2010.08.05 19:57:50 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\vlc
[2010.08.05 19:56:34 | 000,000,000 | ---D | C] -- E:\Programme\VideoLAN
[2010.08.02 14:10:25 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\The Lord of the Rings - Conquest
[2010.08.01 20:01:12 | 000,000,000 | ---D | C] -- E:\Programme\iPod
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.31 11:22:40 | 000,235,289 | ---- | M] () -- E:\WINDOWS\System32\NvApps.xml
[2010.08.31 11:22:37 | 000,000,262 | ---- | M] () -- E:\WINDOWS\tasks\WGASetup.job
[2010.08.31 11:22:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- E:\WINDOWS\gdrv.sys
[2010.08.31 11:21:51 | 000,001,086 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.31 11:21:50 | 000,000,006 | -H-- | M] () -- E:\WINDOWS\tasks\SA.DAT
[2010.08.31 11:21:42 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2010.08.31 11:19:41 | 000,000,190 | -HS- | M] () -- E:\Dokumente und Einstellungen\Raphael\ntuser.ini
[2010.08.31 11:19:40 | 004,194,304 | -H-- | M] () -- E:\Dokumente und Einstellungen\Raphael\NTUSER.DAT
[2010.08.31 11:19:34 | 000,000,098 | ---- | M] () -- E:\WINDOWS\System32\drivers\etc\Hosts
[2010.08.31 11:14:12 | 000,001,090 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.31 01:25:55 | 000,000,000 | ---- | M] () -- E:\WINDOWS\System32\Access.dat
[2010.08.31 00:36:00 | 000,001,216 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003UA.job
[2010.08.30 16:36:02 | 000,001,164 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-583907252-796845957-1547161642-1003Core.job
[2010.08.29 23:59:42 | 000,075,224 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.29 23:59:09 | 000,269,392 | ---- | M] () -- E:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.29 23:50:20 | 000,000,676 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.29 23:08:08 | 000,574,976 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Raphael\Desktop\OTL.exe
[2010.08.29 12:25:27 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2010.08.28 16:50:11 | 000,001,286 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\TeamSpeak 3 Client.lnk
[2010.08.27 11:26:20 | 000,001,054 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\EA Download Manager.lnk
[2010.08.26 19:21:02 | 000,000,276 | ---- | M] () -- E:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.08.25 02:00:51 | 002,121,358 | -H-- | M] () -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.08.19 23:14:49 | 000,000,556 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\CCleaner.exe.lnk
[2010.08.19 16:11:30 | 000,001,887 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.08.17 16:03:47 | 000,000,766 | ---- | M] () -- E:\WINDOWS\CoD.INI
[2010.08.17 10:44:53 | 000,000,552 | ---- | M] () -- E:\WINDOWS\win.ini
[2010.08.17 10:44:53 | 000,000,227 | ---- | M] () -- E:\WINDOWS\system.ini
[2010.08.13 14:53:50 | 000,000,524 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.08.12 01:17:47 | 000,001,374 | ---- | M] () -- E:\WINDOWS\imsins.BAK
[2010.08.12 01:17:20 | 000,997,086 | ---- | M] () -- E:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.12 01:17:20 | 000,448,800 | ---- | M] () -- E:\WINDOWS\System32\perfh007.dat
[2010.08.12 01:17:20 | 000,432,492 | ---- | M] () -- E:\WINDOWS\System32\perfh009.dat
[2010.08.12 01:17:20 | 000,080,108 | ---- | M] () -- E:\WINDOWS\System32\perfc007.dat
[2010.08.12 01:17:20 | 000,067,448 | ---- | M] () -- E:\WINDOWS\System32\perfc009.dat
[2010.08.11 00:40:25 | 000,000,383 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\ax_files.xml
[2010.08.11 00:35:58 | 000,000,805 | ---- | M] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Alcohol 120%.lnk
[2010.08.11 00:27:50 | 000,697,328 | ---- | M] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2010.08.10 22:05:50 | 000,000,545 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\LogMeIn Hamachi.lnk
[2010.08.05 19:56:58 | 000,000,691 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.08.04 20:18:10 | 000,000,339 | ---- | M] () -- E:\WINDOWS\CoDUO.INI
[2010.08.01 20:22:51 | 000,137,256 | ---- | M] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.08.01 20:22:42 | 000,218,808 | ---- | M] () -- E:\WINDOWS\System32\PnkBstrB.xtr
[2010.08.01 20:01:44 | 000,001,804 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.29 23:50:20 | 000,000,676 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.28 16:50:11 | 000,001,286 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\TeamSpeak 3 Client.lnk
[2010.08.23 00:44:39 | 000,776,848 | ---- | C] () -- E:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.19 23:14:49 | 000,000,556 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\CCleaner.exe.lnk
[2010.08.19 16:11:30 | 000,001,887 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.08.19 16:09:59 | 000,001,090 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.19 16:09:59 | 000,001,086 | ---- | C] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.13 14:53:50 | 000,000,524 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Xfire.lnk
[2010.08.11 00:40:25 | 000,000,383 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Eigene Dateien\ax_files.xml
[2010.08.11 00:35:58 | 000,000,805 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Desktop\Alcohol 120%.lnk
[2010.08.10 22:05:50 | 000,000,545 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\LogMeIn Hamachi.lnk
[2010.08.06 14:41:48 | 000,000,002 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\ceville_console_history.txt
[2010.08.05 19:56:58 | 000,000,691 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2010.08.04 20:09:45 | 000,000,339 | ---- | C] () -- E:\WINDOWS\CoDUO.INI
[2010.08.04 19:48:23 | 000,000,766 | ---- | C] () -- E:\WINDOWS\CoD.INI
[2010.08.01 20:01:44 | 000,001,804 | ---- | C] () -- E:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.07.09 21:00:32 | 000,041,872 | ---- | C] () -- E:\WINDOWS\System32\xfcodec.dll
[2010.07.06 17:14:36 | 000,139,152 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Anwendungsdaten\PnkBstrK.sys
[2010.07.02 18:03:32 | 000,354,816 | ---- | C] () -- E:\WINDOWS\System32\psisdecd.dll
[2010.07.01 19:20:22 | 000,000,040 | ---- | C] () -- E:\WINDOWS\System32\Sx5363.ini
[2010.06.30 11:22:19 | 000,697,328 | ---- | C] () -- E:\WINDOWS\System32\drivers\sptd.sys
[2010.06.25 22:45:51 | 000,137,256 | ---- | C] () -- E:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.06.25 16:26:13 | 000,706,566 | ---- | C] () -- E:\Programme\unins000.exe
[2010.06.25 16:26:13 | 000,035,586 | ---- | C] () -- E:\Programme\unins000.dat
[2010.06.24 23:38:09 | 000,007,680 | ---- | C] () -- E:\Dokumente und Einstellungen\Raphael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.11 09:24:40 | 000,001,683 | ---- | C] () -- E:\WINDOWS\System32\oeminfo.ini
[2009.07.03 05:11:18 | 000,007,756 | ---- | C] () -- E:\WINDOWS\cadx2.ini
[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- E:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- E:\WINDOWS\System32\nvwimg.dll
[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- E:\WINDOWS\System32\nvshell.dll
[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- E:\WINDOWS\System32\nview.dll
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- E:\WINDOWS\System32\xlive.dll.cat
< End of report >

--- --- ---

john.doe · 01.09.2010, 15:30

Wie geht es dem Rechner, noch irgendwelche Auffälligkeiten oder Meldungen?

ciao, andreas

mudo121 · 02.09.2010, 13:40

Is alles bestens

Als ich das Anti Malware programm durchlaufen gelassen habewar alles weg. Bisher is wieder alles clean
Danke für das ganze

john.doe · 02.09.2010, 20:31

Starte OTL => Klick auf Bereinigung => Rechner startet neu.

Du bist entlassen.

ciao, andreas

Skype schickt links an freunde anscheinden ein virus?

Plagegeister aller Art und deren Bekämpfung: Skype schickt links an freunde anscheinden ein virus?