zwei Fehlermeldungen RUNDLL

kermit6125 · 28.10.2010, 14:17

Hallo,
ich hatte vor kurzem einen Trojaner auf meinem Rechner (zumindest laut Antivir, den genauen Namen habe ich vergessen) und Conficker anscheinend auch. Habe das ganze mit Antivir beseitigt.
Jetzt zeigt der Computer nach dem Hochfahren zwei Fehlermeldungen an:

1. Fehler beim Laden von C:\Windows\ms3dbv.dll - Das angegebene Modul wurde nicht gefunden.

2. Fehler beim Laden von C:\Windows\ejesovomado.dll - Das angegebene Modul wurde nicht gefunden.

Ich habe schon eine Systemwiederherstellung versucht (wie mir von jemandem empfohlen wurde), das hat aber nichts genützt.
Leider habe ich so gut wie keinerlei Ahnung von solchen Dingen.
Was kann ich tun, damit das verschwindet?

cosinus · 28.10.2010, 21:20

Hallo und

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

kermit6125 · 06.11.2010, 19:08

so, leider hat es wegen internetausfall etwas gedauert, aber hier sind die beiden logfiles:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5051

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

05.11.2010 20:33:06
mbam-log-2010-11-05 (20-33-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 283766
Laufzeit: 2 Stunde(n), 0 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

kermit6125 · 06.11.2010, 19:26

und die OTL Logs:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.11.2010 19:18:31 - Run 2
OTL by OldTimer - Version 3.2.17.2     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 231,87 Gb Total Space | 95,97 Gb Free Space | 41,39% Space Free | Partition Type: NTFS
Drive D: | 1,00 Gb Total Space | 1,00 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: ANNA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
PRC - c:\Programme\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
PRC - C:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
PRC - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\BtMmHook.dll (Broadcom Corporation.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (zqkhwhx) -- C:\WINDOWS\System32\bhmwgaj.dll File not found
SRV - (CiscoVpnInstallService) -- C:\PROGRA~1\CISCOS~1\VPN\INSTAL~1.EXE File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (accoca) -- c:\Programme\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cpuz132) -- C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ahcix86) -- C:\WINDOWS\System32\DRIVERS\ahcix86.sys (AMD Technologies Inc.)
DRV - (hpdskflt) -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\system32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (HBtnKey) -- C:\WINDOWS\system32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (SFAUDIO) -- C:\WINDOWS\system32\drivers\sfaudio.sys (Sonic Focus, Inc)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (Amddfltr) -- C:\WINDOWS\system32\DRIVERS\Amddfltr.sys (Advanced Micro Devices)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (HpqKbFiltr) -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=all&pf=cmnb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://ixquick.com/deu?th=night"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1
FF - prefs.js..extensions.enabledItems: {180429ED-AE2C-4962-82CB-1D3AA0D19C0C}:1.9.1
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{180429ED-AE2C-4962-82CB-1D3AA0D19C0C}: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{180429ED-AE2C-4962-82CB-1D3AA0D19C0C} [2010.09.17 12:01:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.10.29 15:32:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.29 15:32:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.12 21:11:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009.12.01 23:41:41 | 000,000,000 | ---D | M]
 
[2010.09.12 21:11:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2010.09.12 21:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.11.06 18:04:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\g9z6j3i7.default\extensions
[2010.09.16 14:14:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\g9z6j3i7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.03 13:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\g9z6j3i7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.11.05 12:56:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\g9z6j3i7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.09.17 22:54:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\g9z6j3i7.default\extensions\searchrecs@veoh.com
[2010.11.06 18:04:30 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\g9z6j3i7.default\searchplugins\ixquick---deutsch.xml
[2010.11.06 18:04:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.07.12 16:12:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.12 21:06:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.06.30 22:40:52 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.30 22:40:52 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.30 22:40:52 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.30 22:40:52 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.30 22:40:52 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 09:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation)
O4 - HKLM..\Run: [accrdsub] c:\Programme\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Cpqset] C:\Programme\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [Fqukipe] C:\WINDOWS\ejesovomado.DLL File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMAX] C:\Programme\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.)
O4 - HKCU..\Run: [Lboqovito] C:\WINDOWS\ms3dbv.DLL File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - c:\WINDOWS\system32\ackpbsc.dll - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - c:\Programme\ActivIdentity\ActivClient\acunlock.dll - c:\Programme\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\Shell\AutoRun\command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\Shell\Explore\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\Shell\Open\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\Shell\AutoRun\command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\Shell\Explore\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\Shell\Open\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{2788f8fa-885b-11df-bddc-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{2788f8fa-885b-11df-bddc-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\Shell\AutoRun\command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\Shell\Explore\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\Shell\Open\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{872c582c-73c1-11de-bc02-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{872c582c-73c1-11de-bc02-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91c8fc87-522b-11df-bd84-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{91c8fc87-522b-11df-bd84-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\Shell\AutoRun\command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\Shell\Explore\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\Shell\Open\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0f3b457-88ef-11df-bddf-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{f0f3b457-88ef-11df-bddf-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.06 13:48:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\World in Conflict
[2010.11.06 13:48:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\World in Conflict
[2010.11.05 14:50:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\92282-zwei-fehlermeldungen-rundll-Dateien
[2010.11.05 14:49:51 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.11.05 14:49:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes
[2010.11.05 14:49:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.05 14:49:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.11.05 14:49:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.05 14:49:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.05 14:48:41 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe
[2010.11.03 15:56:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\praktische-tipps-Dateien
[2010.10.28 13:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2010.10.28 13:45:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.10.27 17:09:00 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010.10.27 17:09:00 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010.10.27 17:08:58 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irbus.sys
[2010.10.27 17:08:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2010.10.27 17:08:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2010.10.27 17:08:58 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\comsdupd.exe
[2010.10.27 17:08:56 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll
[2010.10.27 17:08:56 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll
[2010.10.27 17:08:56 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2010.10.27 17:08:56 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2010.10.27 17:08:56 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll
[2010.10.27 17:08:56 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax
[2010.10.27 17:08:56 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax
[2010.10.27 17:08:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2010.10.27 17:08:55 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2010.10.27 17:08:55 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2010.10.27 17:08:55 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2010.10.27 17:08:55 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2010.10.27 17:08:55 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2010.10.27 17:08:55 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2010.10.27 17:08:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2010.10.27 17:08:55 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2010.10.27 17:08:55 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2010.10.27 17:08:55 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2010.10.27 17:08:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2010.10.27 17:08:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2010.10.27 17:08:55 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2010.10.27 17:08:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2010.10.27 17:08:55 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2010.10.27 17:08:54 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll
[2010.10.27 17:08:53 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2010.10.27 17:08:53 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2010.10.27 17:08:53 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2010.10.27 17:08:53 | 000,086,016 | ---- | C] (Conexant) -- C:\WINDOWS\System32\mdmxsdk.dll
[2010.10.27 17:08:53 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2010.10.27 17:08:53 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2010.10.27 17:08:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2010.10.27 17:08:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2010.10.27 17:08:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2010.10.27 17:08:53 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2010.10.27 17:08:52 | 004,274,816 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nv4_disp.dll
[2010.10.27 17:08:52 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll
[2010.10.27 17:08:52 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2010.10.27 17:08:52 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2010.10.27 17:08:52 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2010.10.27 17:08:52 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2010.10.27 17:08:52 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2010.10.27 17:08:52 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2010.10.27 17:08:51 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll
[2010.10.27 17:08:51 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2010.10.27 17:08:51 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll
[2010.10.27 17:08:51 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll
[2010.10.27 17:08:51 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2010.10.27 17:08:51 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2010.10.27 17:08:51 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll
[2010.10.27 17:08:51 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe
[2010.10.27 17:08:51 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2010.10.27 17:08:51 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2010.10.27 17:08:51 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe
[2010.10.27 17:08:51 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2010.10.27 17:08:49 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2010.10.27 17:08:49 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2010.10.27 17:08:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\verclsid.exe
[2010.10.27 17:08:48 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe
[2010.10.27 17:08:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de
[2010.10.27 17:08:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.10.27 17:05:26 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010.10.27 17:05:26 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010.10.27 17:05:26 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010.10.27 17:05:26 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010.10.27 17:05:26 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010.10.27 17:05:26 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010.10.27 17:05:26 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010.10.27 17:05:26 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010.10.27 17:05:26 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys
[2010.10.27 17:05:26 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010.10.27 17:05:26 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010.10.27 17:05:26 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010.10.27 17:05:26 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010.10.27 17:05:26 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010.10.27 17:05:26 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010.10.27 17:05:26 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010.10.27 17:05:26 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll
[2010.10.27 17:05:26 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010.10.27 17:05:26 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll
[2010.10.27 17:05:26 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll
[2010.10.27 17:05:26 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010.10.27 17:05:26 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll
[2010.10.27 17:05:26 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010.10.27 17:05:26 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010.10.27 17:05:26 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010.10.27 17:05:26 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010.10.27 17:05:26 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll
[2010.10.27 17:05:26 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll
[2010.10.27 17:05:26 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll
[2010.10.27 17:05:26 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll
[2010.10.27 17:05:26 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll
[2010.10.27 17:05:26 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll
[2010.10.27 17:05:26 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll
[2010.10.27 17:05:26 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll
[2010.10.27 17:05:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.10.27 17:05:25 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010.10.27 17:05:25 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys
[2010.10.27 17:05:25 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll
[2010.10.27 17:05:24 | 001,897,408 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nv4_mini.sys
[2010.10.27 17:05:24 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010.10.27 17:05:24 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010.10.27 17:05:24 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010.10.27 17:05:24 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010.10.27 17:05:24 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010.10.27 17:05:24 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010.10.27 17:05:24 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010.10.27 17:05:24 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys
[2010.10.27 17:05:24 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys
[2010.10.27 17:05:24 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010.10.27 17:05:24 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010.10.27 17:05:24 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys
[2010.10.27 17:05:24 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys
[2010.10.27 17:05:24 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll
[2010.10.27 17:05:23 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010.10.27 17:05:23 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010.10.27 17:05:23 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010.10.27 17:05:23 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010.10.27 17:05:23 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010.10.27 17:05:23 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll
[2010.10.27 17:05:23 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010.10.27 17:01:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009.05.04 07:57:01 | 000,180,224 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2007.07.05 09:28:52 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.06 18:00:56 | 000,006,426 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\F2FD6CC2CCCE2038086EF0D4C310B14C.pdf
[2010.11.06 17:59:19 | 000,011,851 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rudolf.odt
[2010.11.06 17:48:39 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.11.06 17:48:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.06 17:47:42 | 2949,500,928 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.06 15:52:31 | 000,009,556 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Geld Geld Geld.odt
[2010.11.05 14:50:20 | 000,044,700 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\92282-zwei-fehlermeldungen-rundll.html
[2010.11.05 14:49:53 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2010.11.05 14:49:15 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.05 14:48:47 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Administrator\Desktop\mbam-setup.exe
[2010.11.03 15:57:49 | 000,834,727 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Infoheft.pdf
[2010.11.03 15:57:01 | 000,014,560 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\praktische-tipps.htm
[2010.11.03 15:47:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.27 17:44:50 | 000,371,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.27 17:05:06 | 000,251,712 | -HS- | M] () -- C:\ntldr
[2010.10.25 21:33:28 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.25 10:06:04 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2010.10.24 21:31:10 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb73ba64d66505.job
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.06 18:00:55 | 000,006,426 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\F2FD6CC2CCCE2038086EF0D4C310B14C.pdf
[2010.11.06 17:59:16 | 000,011,851 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Rudolf.odt
[2010.11.05 14:50:19 | 000,044,700 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\92282-zwei-fehlermeldungen-rundll.html
[2010.11.05 14:49:15 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.03 15:57:48 | 000,834,727 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Infoheft.pdf
[2010.11.03 15:56:58 | 000,014,560 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\praktische-tipps.htm
[2010.10.27 17:05:26 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010.10.27 17:05:25 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010.10.27 17:05:24 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010.10.24 21:31:10 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb73ba64d66505.job
[2010.10.14 11:11:47 | 000,009,556 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Geld Geld Geld.odt
[2010.07.16 07:32:39 | 000,000,030 | ---- | C] () -- C:\Programme\Exiferupdate.ini
[2010.07.06 09:17:19 | 000,004,990 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2010.06.15 00:16:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2010.04.26 19:10:57 | 000,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.03.23 12:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010.03.23 12:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009.06.30 12:43:23 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.27 15:37:42 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\FnF4.txt
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.07.19 01:17:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\QSwitch.txt
[2008.07.19 01:17:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DSwitch.txt
[2008.07.19 01:17:49 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AtStart.txt
[2008.07.19 00:49:31 | 000,029,752 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.07.18 23:59:26 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.05.12 13:51:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.04.10 18:27:34 | 001,804,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2007.05.10 07:16:40 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2006.05.20 03:39:58 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2005.04.03 23:30:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\scardsyn.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2004.08.07 07:08:46 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004.08.07 07:02:10 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.07 06:52:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.05.07 04:10:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll

< End of report >

--- --- ---

kermit6125 · 06.11.2010, 19:27

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.11.2010 19:18:31 - Run 2
OTL by OldTimer - Version 3.2.17.2     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 231,87 Gb Total Space | 95,97 Gb Free Space | 41,39% Space Free | Partition Type: NTFS
Drive D: | 1,00 Gb Total Space | 1,00 Gb Free Space | 99,75% Space Free | Partition Type: FAT32
 
Computer Name: ANNA | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"4980:TCP" = 4980:TCP:*:Enabled:lwekhod
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player  -- File not found
"C:\Spiele\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe" = C:\Spiele\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance -- File not found
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.5
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B62241-5495-46EF-5086-DBE0F37F052C}" = Catalyst Control Center Localization Korean
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{17A7779A-D23F-11D3-8753-0050BABE1202}" = Microtek ScanWizard
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{27FE77BD-2E0A-385C-C2CC-8367D877356F}" = CCC Help Norwegian
"{2CD54AED-740B-1418-464E-CC8E15AD1E4F}" = Catalyst Control Center Localization Swedish
"{2D0EE88B-8720-50A7-7F31-503B4300A8C5}" = Catalyst Control Center Localization French
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35EB3E58-F46C-CB48-C623-16A455C37C5D}" = CCC Help Turkish
"{36C491D0-A196-F49C-C63C-3509D7A2B91D}" = CCC Help Finnish
"{37AF26EB-ACCD-4F9C-A13E-81483F932203}" = Catalyst Control Center - Branding
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{45E6BF4C-6DC8-B1BB-517C-5F2C1D055A9B}" = CCC Help Hungarian
"{48072101-4DFE-9DC2-9F5D-DE0EF7193C98}" = CCC Help Korean
"{49798684-CC48-AF5C-E513-9FFF61EFD3A6}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{4CF11D44-43B7-1359-B438-972C69D7AD6F}" = CCC Help Spanish
"{4ED20E34-D511-A85B-D7E5-755AE64D5F6C}" = CCC Help Portuguese
"{57B186F6-E6A7-A997-92E6-3E8C6189F497}" = Catalyst Control Center Localization Japanese
"{59C5A5D1-1673-4AF6-A22E-DCF1379CAC18}" = HP 3D DriveGuard
"{5AB422C9-E804-1331-233E-E44D8BBC1862}" = CCC Help German
"{5ED80CF6-D54D-5F9B-2B9C-E3B6F927879D}" = CCC Help Czech
"{60AFC32A-B82F-3818-E90B-A71446BBCCD6}" = Catalyst Control Center Localization Greek
"{6162653F-D1AB-6708-C73B-8411296900AE}" = Catalyst Control Center Localization Portuguese
"{6179EAEB-0C72-0241-DC0B-0258E86B982A}" = ccc-core-preinstall
"{64FBF438-35D1-8A01-FB00-36911B07FC72}" = Catalyst Control Center Graphics Light
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6B4469FE-20FA-9E1D-6634-CF971706BD24}" = Catalyst Control Center Localization Chinese Traditional
"{6C17DE97-6A5A-FA9C-0F4C-8B027E6AC014}" = CCC Help Russian
"{6FCA773E-903A-5C83-D379-DD53F9EFD794}" = Catalyst Control Center Localization Turkish
"{70CEFEBA-F757-4DBE-8A21-027C326137CE}" = HP Software Setup 5.00.A.7
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747626CF-7958-290F-A7D8-6EE6549C8614}" = Catalyst Control Center Localization Hungarian
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B459B8C-D870-2C14-9BA7-ABFFBCE7CD34}" = CCC Help Italian
"{7BE1B3CE-5476-B847-4719-4421AEC5C663}" = CCC Help Thai
"{7FD8231E-3991-48D7-A2C8-2C42A7075FB1}" = HP User Guide Bluetooth Addendum 0062
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{875FDD1A-4259-9361-572C-780AC637C81A}" = Catalyst Control Center Localization Czech
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8D774B5B-A1D9-45B3-AFB4-3F85604961BC}" = ODF Add-in für Microsoft Word
"{8F676C36-74D3-9B7B-00FC-733EE5AFDA95}" = CCC Help Chinese Traditional
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A2CB5EC7-E64F-5E35-2A23-63CB198649F5}" = CCC Help Greek
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A777845E-F260-4572-787B-2BD08E560C78}" = Catalyst Control Center Localization Spanish
"{A7A1BCB9-B9EE-3DBB-6F1C-570C532B9190}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{A9884559-F231-7727-95F4-41FDB052A536}" = Catalyst Control Center Localization Russian
"{AB785290-EA80-7A10-B2C6-98919E514A68}" = Catalyst Control Center Graphics Full New
"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient 6.1 x86
"{AC76BA86-7AD7-1031-7B44-A70700000002}" = Adobe Reader 7.0.7 - Deutsch
"{AEA355A4-997D-A49D-A57A-CF537FFFEC84}" = Skins
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B18A542F-C99B-73C9-6552-73E1216E8834}" = CCC Help Dutch
"{B5764B71-4BCE-206A-DE15-2E05469AA74C}" = Catalyst Control Center Localization Polish
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{B817499D-2D52-2F37-DF6F-40735748FA88}" = CCC Help English
"{BC66641A-3279-BB5E-BEAB-99B39D13B3BD}" = CCC Help Polish
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C34CEE1B-BFF5-4716-B8D6-8A4A4F176E0D}" = HP Wallpaper
"{C3D86DED-91D7-A890-5E9E-D14D993B5E9E}" = Catalyst Control Center Localization Dutch
"{C4BEF3C4-9DF1-6D99-6C46-BBBF8E4B07A5}" = ccc-core-static
"{C6BB4BD5-15D5-0B2D-CF4A-49BDCD7B3AC3}" = Catalyst Control Center Localization Norwegian
"{C90BE263-E9B8-AD82-C517-3197FA4DA9C4}" = CCC Help Danish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9C94F63-6B2C-9BFA-F37C-E48E1B6133E1}" = CCC Help Swedish
"{E19DF3EF-351E-EE5E-623B-1A99C8C3EB5F}" = Catalyst Control Center Graphics Full Existing
"{E2EF1380-9963-C7F9-3478-1046EC008C02}" = Catalyst Control Center Localization Chinese Standard
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E78D8DE3-E3CD-E89C-D5A0-D8FFE5F6E7F9}" = CCC Help Chinese Standard
"{EA7D5022-7744-4D28-0E83-2DF9678C27B6}" = Catalyst Control Center Core Implementation
"{EDD0A584-1ABB-8E7B-97AB-743C7E35EEA7}" = Catalyst Control Center Localization German
"{EFBC8D78-75EA-4BB1-0CC6-172BFDF4B70F}" = Catalyst Control Center Localization Danish
"{F01701B8-2C94-282D-9339-23AFBEDBE3E2}" = Catalyst Control Center Localization Italian
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0BE302E-6B30-B816-4EA3-23CD6A23B08D}" = ccc-utility
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3BD8E81-C020-44F9-B014-1E0214D23556}" = SA30xx Media Converter
"{F940B4EC-8504-CEE5-F36C-C2F5471D9E87}" = Catalyst Control Center Localization Thai
"{FBAA2B2F-002D-45BB-2917-35FC46FB1326}" = Catalyst Control Center Localization Finnish
"{FE58B892-3825-4610-A6A2-E6EFCA83BD97}" = Ulead PhotoImpact 10
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"CCleaner" = CCleaner
"Exifer_is1" = Exifer
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"GnuPG" = GNU Privacy Guard
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"jStrip_is1" = jStrip 3.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mobile Partner" = Mobile Partner
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.1.3)" = Mozilla Thunderbird (3.1.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PROHYBRIDR" = 2007 Microsoft Office system
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.97-3
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.09.2010 07:57:14 | Computer Name = ANNA | Source = Google Update | ID = 20
Description = 
 
Error - 18.09.2010 08:08:55 | Computer Name = ANNA | Source = Google Update | ID = 20
Description = 
 
Error - 19.09.2010 12:14:07 | Computer Name = ANNA | Source = Google Update | ID = 20
Description = 
 
Error - 19.09.2010 12:19:28 | Computer Name = ANNA | Source = Google Update | ID = 20
Description = 
 
Error - 19.09.2010 12:25:20 | Computer Name = ANNA | Source = Google Update | ID = 20
Description = 
 
Error - 20.09.2010 04:57:02 | Computer Name = ANNA | Source = Google Update | ID = 20
Description = 
 
Error - 20.09.2010 15:45:35 | Computer Name = ANNA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 7.0.7.142, fehlgeschlagenes
 Modul acrord32.dll, Version 7.0.7.142, Fehleradresse 0x00012223.
 
Error - 14.10.2010 05:32:12 | Computer Name = ANNA | Source = Google Update | ID = 20
Description = 
 
Error - 15.10.2010 11:14:18 | Computer Name = ANNA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 7.0.7.142, fehlgeschlagenes
 Modul acrord32.dll, Version 7.0.7.142, Fehleradresse 0x00012223.
 
Error - 19.10.2010 13:36:46 | Computer Name = ANNA | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 7.0.7.142, fehlgeschlagenes
 Modul acrord32.dll, Version 7.0.7.142, Fehleradresse 0x00012223.
 
[ OSession Events ]
Error - 25.01.2010 06:08:08 | Computer Name = YOUR-9EDDF62A8E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 677
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 28.01.2010 08:42:00 | Computer Name = YOUR-9EDDF62A8E | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1636
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 05.11.2010 15:38:16 | Computer Name = ANNA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cisco Systems, Inc. Installer service" wurde aufgrund 
folgenden Fehlers nicht gestartet:   %%3
 
Error - 05.11.2010 15:38:17 | Computer Name = ANNA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Support Windows" wurde mit folgendem Fehler beendet:   %%126
 
Error - 06.11.2010 08:43:00 | Computer Name = ANNA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.11.2010 08:43:00 | Computer Name = ANNA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.11.2010 08:43:01 | Computer Name = ANNA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.11.2010 08:43:35 | Computer Name = ANNA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cisco Systems, Inc. Installer service" wurde aufgrund 
folgenden Fehlers nicht gestartet:   %%3
 
Error - 06.11.2010 08:43:35 | Computer Name = ANNA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Support Windows" wurde mit folgendem Fehler beendet:   %%126
 
Error - 06.11.2010 12:48:50 | Computer Name = ANNA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "BITS"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {4991D34B-80A1-4291-83B6-3328366B9097}
 
Error - 06.11.2010 12:49:43 | Computer Name = ANNA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Cisco Systems, Inc. Installer service" wurde aufgrund 
folgenden Fehlers nicht gestartet:   %%3
 
Error - 06.11.2010 12:49:44 | Computer Name = ANNA | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Support Windows" wurde mit folgendem Fehler beendet:   %%126
 
 
< End of report >

--- --- ---

cosinus · 06.11.2010, 19:38

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten!

kermit6125 · 06.11.2010, 19:41

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5051

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

05.11.2010 18:19:17
mbam-log-2010-11-05 (18-19-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 1530
Laufzeit: 39 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

kermit6125 · 06.11.2010, 19:42

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5051

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

05.11.2010 20:20:43
mbam-log-2010-11-05 (20-20-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 283766
Laufzeit: 2 Stunde(n), 0 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 06.11.2010, 19:55

Hast du Malwarebytes gestern das erste Mal ausgeführt oder zuvor schonmal?

kermit6125 · 08.11.2010, 16:55

nur am 05.11., direkt nachdem ich es runtergeladen habe.

cosinus · 09.11.2010, 01:04

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - (zqkhwhx) -- C:\WINDOWS\System32\bhmwgaj.dll File not found
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Fqukipe] C:\WINDOWS\ejesovomado.DLL File not found
O4 - HKCU..\Run: [Lboqovito] C:\WINDOWS\ms3dbv.DLL File not found
O33 - MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\Shell\AutoRun\command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\Shell\Explore\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\Shell\Open\Command - "" = F:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\Shell\AutoRun\command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\Shell\Explore\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\Shell\Open\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{2788f8fa-885b-11df-bddc-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{2788f8fa-885b-11df-bddc-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\Shell\AutoRun\command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\Shell\Explore\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\Shell\Open\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{872c582c-73c1-11de-bc02-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{872c582c-73c1-11de-bc02-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{91c8fc87-522b-11df-bd84-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{91c8fc87-522b-11df-bd84-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\Shell\AutoRun\command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\Shell\Explore\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\Shell\Open\Command - "" = G:\System\Security\DriveGuard.exe -- File not found
O33 - MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- File not found
O33 - MountPoints2\{f0f3b457-88ef-11df-bddf-002100cf758b}\Shell - "" = AutoRun
O33 - MountPoints2\{f0f3b457-88ef-11df-bddf-002100cf758b}\Shell\AutoRun - "" = Auto&Play
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

kermit6125 · 09.11.2010, 17:54

All processes killed
========== OTL ==========
Service zqkhwhx stopped successfully!
Service zqkhwhx deleted successfully!
File C:\WINDOWS\System32\bhmwgaj.dll File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Fqukipe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Lboqovito not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f09169-387a-11de-bbc3-002100cf758b}\ not found.
File F:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f09169-387a-11de-bbc3-002100cf758b}\ not found.
File F:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00f09169-387a-11de-bbc3-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00f09169-387a-11de-bbc3-002100cf758b}\ not found.
File F:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ea48248-89cc-11de-bc2c-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ea48248-89cc-11de-bc2c-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ea48248-89cc-11de-bc2c-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ea48248-89cc-11de-bc2c-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2788f8fa-885b-11df-bddc-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2788f8fa-885b-11df-bddc-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2788f8fa-885b-11df-bddc-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2788f8fa-885b-11df-bddc-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b891cec-62b4-11df-bda4-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b891cec-62b4-11df-bda4-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6b891cec-62b4-11df-bda4-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6b891cec-62b4-11df-bda4-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{872c582c-73c1-11de-bc02-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872c582c-73c1-11de-bc02-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{872c582c-73c1-11de-bc02-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872c582c-73c1-11de-bc02-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91c8fc87-522b-11df-bd84-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91c8fc87-522b-11df-bd84-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91c8fc87-522b-11df-bd84-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91c8fc87-522b-11df-bd84-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a58c355e-9b4a-11df-be15-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a58c355e-9b4a-11df-be15-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a58c355e-9b4a-11df-be15-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a58c355e-9b4a-11df-be15-002100cf758b}\ not found.
File G:\System\Security\DriveGuard.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0b454a4-2188-11df-bcfd-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0b454a4-2188-11df-bcfd-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b0b454a4-2188-11df-bcfd-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0b454a4-2188-11df-bcfd-002100cf758b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b70142ee-2240-11df-bd01-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b70142ee-2240-11df-bd01-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b70142ee-2240-11df-bd01-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b70142ee-2240-11df-bd01-002100cf758b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8b63d1a-68cd-11df-bdb2-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2219e1e-2df2-11df-bd2f-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2219e1e-2df2-11df-bd2f-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e2219e1e-2df2-11df-bd2f-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2219e1e-2df2-11df-bd2f-002100cf758b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b47558-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b47558-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b47558-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b47558-230b-11df-bd05-002100cf758b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b47559-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b47559-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0b47559-230b-11df-bd05-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0b47559-230b-11df-bd05-002100cf758b}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0f3b457-88ef-11df-bddf-002100cf758b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0f3b457-88ef-11df-bddf-002100cf758b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f0f3b457-88ef-11df-bddf-002100cf758b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0f3b457-88ef-11df-bddf-002100cf758b}\ not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 584514677 bytes
->Temporary Internet Files folder emptied: 901455 bytes
->Java cache emptied: 1009314 bytes
->FireFox cache emptied: 156231775 bytes
->Flash cache emptied: 46019 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Gast
->Temp folder emptied: 643 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: rob

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 91828643 bytes
RecycleBin emptied: 336524286 bytes

Total Files Cleaned = 1.117,00 mb

OTL by OldTimer - Version 3.2.17.2 log created on 11092010_174838

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 10.11.2010, 08:30

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

kermit6125 · 10.11.2010, 11:11

wollte das programm gerade starten, aber es kommt die meldung, dass antivir desktop noch aktiv ist.
ich habe antivir eigentlich deaktviert, dachte ich. wie kriege ich das denn jetzt "ganz" aus?

cosinus · 10.11.2010, 11:37

Wenn der Regenschirm geschlossen ist, kannst du CF eigentlich gefahrlos starten. Sicherheitshalber kannst du AntiVir aber vorher vorübergehend deinstallieren.

06.11.2010, 19:38	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Wo zwei Fehlermeldungen RUNDLL Lösung! Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten! __________________ --> zwei Fehlermeldungen RUNDLL

06.11.2010, 19:55	#9
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	zwei Fehlermeldungen RUNDLL Hast du Malwarebytes gestern das erste Mal ausgeführt oder zuvor schonmal? __________________ Logfiles bitte immer in CODE-Tags posten

10.11.2010, 11:37	#15
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	zwei Fehlermeldungen RUNDLL [gelöst] Wenn der Regenschirm geschlossen ist, kannst du CF eigentlich gefahrlos starten. Sicherheitshalber kannst du AntiVir aber vorher vorübergehend deinstallieren. __________________ Logfiles bitte immer in CODE-Tags posten

zwei Fehlermeldungen RUNDLL

Alles rund um Windows: zwei Fehlermeldungen RUNDLL

Problem: zwei Fehlermeldungen RUNDLL