| |
| |||||||
Log-Analyse und Auswertung: Swizzor kann nicht entfernt werden!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
09.11.2010, 23:56
| #1 |
| |  Swizzor kann nicht entfernt werden! Hallo, klicke mich schon den ganzen Abend durch alle möglichen Anti-Trojaner Foren und finde keine passende Lösung :/ Habe eine vermeintliche Software (exe-Datei) aus dem Internet geladen und ausgeführt. Als ich während dem Laden gemerkt hatte, dass kein Setup-Fenster geöffnet wird, habe ich sofort die Anwendung geschlossen - offenbar wars schon zu spät... Seitdem öffnen sich ständig IE-Fenster, die auf willkürliche Werbeseiten verweisen. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:36:32, on 09.11.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\CTHELPER.EXE C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Programme\iTunes\iTunesHelper.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Logitech\MouseWare\system\em_exec.exe C:\Programme\Mediafour\MacDrive 8\MacDrive.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\FsUsbExService.Exe C:\WINDOWS\BricoPacks\LeopardXP\Glass2k.exe C:\WINDOWS\Adajua.exe C:\Programme\MacSearch_v.1.4.3\MacSearch.exe C:\Programme\FRITZ!DSL\IGDCTRL.EXE C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe C:\Programme\tclock2_120\tclock2.exe C:\Programme\TrueTransparency\TrueTransparency.exe C:\Programme\UberIcon\UberIcon Manager.exe C:\Programme\YzShadow\YzShadow.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe C:\Programme\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe C:\Programme\Gemeinsame Dateien\Adobe\Updater6\Adobe_Updater.exe C:\Programme\Avira\AntiVir Desktop\avcenter.exe C:\Programme\Avira\AntiVir Desktop\avscan.exe C:\WINDOWS\System32\dllhost.exe C:\DOKUME~1\Marcel\LOKALE~1\Temp\Aci.exe C:\Programme\Safari\Safari.exe C:\DOKUME~1\Marcel\LOKALE~1\Temp\Ach.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Dokumente und Einstellungen\Marcel\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: Loader Class - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKLM\..\Run: [Launch LgDevAgt] "C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe O4 - HKLM\..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [MacDrive 8 application] "C:\Programme\Mediafour\MacDrive 8\MacDrive.exe" O4 - HKLM\..\Run: [Getting started with MacDrive 8] "C:\Programme\Mediafour\MacDrive 8\MDGetStarted.exe" /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorXP] "C:\Program Files\CursorXP\CursorXP.exe" -s O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [U36VRSFLG6] C:\DOKUME~1\Marcel\LOKALE~1\Temp\Ach.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: Glass2k.lnk = C:\WINDOWS\BricoPacks\LeopardXP\Glass2k.exe O4 - Startup: MacSearch.lnk = C:\Programme\MacSearch_v.1.4.3\MacSearch.exe O4 - Startup: panther.CurXPTheme.lnk = ? O4 - Startup: RK Launcher.lnk = C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe O4 - Startup: tclock2.lnk = C:\Programme\tclock2_120\tclock2.exe O4 - Startup: TrueTransparency.lnk = C:\Programme\TrueTransparency\TrueTransparency.exe O4 - Startup: UberIcon.lnk = C:\Programme\UberIcon\UberIcon Manager.exe O4 - Startup: YzShadow.lnk = C:\Programme\YzShadow\YzShadow.exe O4 - Global Startup: AntiVir starten.lnk = C:\Programme\Avira\AntiVir Desktop\avcenter.exe O4 - Global Startup: Windows Search.lnk = C:\Programme\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\PartyPoker\RunApp.exe (file missing) O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\PartyPoker\RunApp.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: acaptuser32.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Programme\FRITZ!DSL\IGDCTRL.EXE O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: MacDrive 8 service (MacDrive8Service) - Mediafour Corporation - C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programme\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe -- End of file - 11936 bytes Die Anleitung http://www.trojaner-board.de/28388-a...n-swizzor.html zur Entfernung des Swizzors habe ich befolgt, allerdings sind keine Einträge vorhanden, die mit "C:\Dokumente..." beginnen... Kann mir jmd. einen Tipp geben? Vielen Dank! Geändert von Lui86 (10.11.2010 um 00:02 Uhr) |
|
10.11.2010, 11:30
| #2 |
| /// Malware-holic   | Swizzor kann nicht entfernt werden! ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt beide posten.
__________________ |
|
10.11.2010, 21:36
| #3 |
| | Swizzor kann nicht entfernt werden! Hallo Markus,
__________________vielen Dank schonmal für deine Hilfe. Anbei die Inhalte der *.txt-Dateien: OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2010 14:27:34 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Marcel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 298,00 Mb Available Physical Memory | 29,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,69 Gb Total Space | 32,72 Gb Free Space | 42,66% Space Free | Partition Type: NTFS Drive D: | 153,38 Gb Total Space | 28,60 Gb Free Space | 18,65% Space Free | Partition Type: NTFS Drive E: | 153,38 Gb Total Space | 1,11 Gb Free Space | 0,72% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Aci.exe (Opera Software) PRC - C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Ach.exe (Opera Software) PRC - C:\WINDOWS\Adajua.exe (Opera Software) PRC - C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Safari\Safari.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programme\TrueTransparency\TrueTransparency.exe () PRC - C:\WINDOWS\BricoPacks\LeopardXP\Glass2k.exe (Chime Softwares) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe (RaduKing) PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\MacSearch_v.1.4.3\MacSearch.exe () PRC - C:\Programme\UberIcon\UberIcon Manager.exe () PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.) PRC - C:\Programme\tclock2_120\tclock2.exe (Two_toNe) PRC - C:\Programme\YzShadow\YzShadow.exe (Y'z@Home) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\TrueTransparency\TrueTransparencyHook.dll () MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation) MOD - C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.dll (RaduKing) MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd) MOD - C:\Programme\UberIcon\UberIcon.dll () MOD - C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL (Logitech Inc.) MOD - C:\Programme\Logitech\MouseWare\system\LgWndHk.dll (Logitech Inc.) MOD - C:\Programme\YzShadow\YzShadow.dll () ========== Win32 Services (SafeList) ========== SRV - (SSHNAS) -- C:\WINDOWS\system32\sshnas21.dll (Opera Software) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (MacDrive8Service) -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (sfrem01) SF FrontLine Drivers Auto Removal (v1) -- C:\WINDOWS\System32\sfrem01.exe (Protection Technology (StarForce)) SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (MDFSYSNT) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation) DRV - (MDPMGRNT) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation) DRV - (CBDisk) -- C:\WINDOWS\system32\drivers\CBDisk.sys (EldoS Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation ) DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\system32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\system32\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll (A Part of the LessCliX Suite by Alianyn) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-329068152-1788223648-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Programme\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDevAgt] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [MacDrive 8 application] C:\Programme\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-21-329068152-1788223648-725345543-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( ) O4 - HKU\S-1-5-21-329068152-1788223648-725345543-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-329068152-1788223648-725345543-1003..\Run: [U36VRSFLG6] C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Ach.exe (Opera Software) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AntiVir starten.lnk = C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\Glass2k.lnk = C:\WINDOWS\BricoPacks\LeopardXP\Glass2k.exe (Chime Softwares) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\MacSearch.lnk = C:\Programme\MacSearch_v.1.4.3\MacSearch.exe () O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\panther.CurXPTheme.lnk = C:\Programme\CursorXP\Themes\panther.Cur File not found O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\RK Launcher.lnk = C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe (RaduKing) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\tclock2.lnk = C:\Programme\tclock2_120\tclock2.exe (Two_toNe) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\TrueTransparency.lnk = C:\Programme\TrueTransparency\TrueTransparency.exe () O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\UberIcon.lnk = C:\Programme\UberIcon\UberIcon Manager.exe () O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\YzShadow.lnk = C:\Programme\YzShadow\YzShadow.exe (Y'z@Home) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.24 22:56:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.03.14 17:47:20 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{763022ad-a0a9-11df-b2bf-0007e964d29c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{763022ad-a0a9-11df-b2bf-0007e964d29c}\Shell\default\command - "" = strongkey.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (Opera Software) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902053519425536) ========== Files/Folders - Created Within 30 Days ========== [2010.11.10 14:24:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe [2010.11.09 22:49:29 | 000,000,000 | ---D | C] -- C:\!KillBox [2010.11.09 22:45:26 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\Marcel\Desktop\KillBox.exe [2010.11.09 22:35:07 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Marcel\Desktop\HiJackThis.exe [2010.11.09 19:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag [2010.11.09 19:00:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\O&O [2010.11.09 18:59:43 | 000,000,000 | ---D | C] -- C:\Programme\OO Software [2010.11.09 18:53:33 | 000,057,800 | ---- | C] (EldoS Corporation) -- C:\WINDOWS\System32\drivers\CBDisk.sys [2010.11.09 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Mediafour [2010.11.09 18:53:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mediafour [2010.11.09 18:50:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.11.09 18:30:56 | 000,208,896 | ---- | C] (Opera Software) -- C:\WINDOWS\Adajua.exe [2010.11.09 18:30:32 | 000,274,432 | ---- | C] (Opera Software) -- C:\WINDOWS\System32\sshnas21.dll [2010.11.09 18:20:54 | 000,000,000 | ---D | C] -- C:\Programme\Mediafour [2010.11.09 18:18:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Avira [2010.11.09 18:07:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.11.09 18:07:00 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.09 18:07:00 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.11.09 18:07:00 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.11.09 18:06:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.11.03 22:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.11.03 19:58:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010.10.23 14:04:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.10.23 14:03:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.10.23 14:03:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.10.23 14:03:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.10.23 12:31:58 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.23 12:31:58 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.23 12:31:47 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.11 18:41:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.10.11 18:16:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.11 18:16:15 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.10.11 18:11:24 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.10.11 18:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2006.08.11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.10 14:34:34 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.11.10 14:33:53 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.11.10 14:26:50 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7F8A674-88A2-40C4-8291-ADF9F7A23DCB}.job [2010.11.10 14:23:22 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.10 14:22:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.10 14:21:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.10 14:21:05 | 000,000,582 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2010.11.10 00:30:54 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.11.10 00:30:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.11.10 00:29:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20021102}.CDF [2010.11.10 00:29:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20021102}.BAK [2010.11.09 23:23:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.11.09 22:45:28 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\Marcel\Desktop\KillBox.exe [2010.11.09 22:35:17 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Marcel\Desktop\HiJackThis.exe [2010.11.09 18:50:11 | 001,975,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Yan_Tiersen_-Amelie_-_Comptine.mp3 [2010.11.09 18:30:34 | 000,208,896 | ---- | M] (Opera Software) -- C:\WINDOWS\Adajua.exe [2010.11.09 18:30:32 | 000,274,432 | ---- | M] (Opera Software) -- C:\WINDOWS\System32\sshnas21.dll [2010.11.09 18:07:21 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AntiVir starten.lnk [2010.11.05 22:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe [2010.11.02 20:46:23 | 000,055,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pdf [2010.11.02 20:45:31 | 000,063,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pptx [2010.11.02 17:37:59 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.02 17:37:58 | 000,476,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.02 17:37:58 | 000,090,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.02 17:37:58 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.23 14:06:34 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.23 13:08:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.23 13:07:05 | 005,665,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Peter Sarstedt - Where Do You Go To My Lovely.mp3 [2010.10.23 13:01:28 | 003,362,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Weezer - Island in the sun.mp3 [2010.10.11 18:40:05 | 000,035,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.11 18:40:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.23 13:00:18 | 005,665,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Peter Sarstedt - Where Do You Go To My Lovely.mp3 [2010.11.09 19:03:01 | 000,000,582 | ---- | C] () -- C:\WINDOWS\System32\OODBS.lor [2010.11.09 18:31:07 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.11.09 18:30:42 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.11.09 18:30:40 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.09 18:07:21 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AntiVir starten.lnk [2010.11.02 20:46:24 | 000,055,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pdf [2010.11.02 20:45:31 | 000,063,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pptx [2010.10.23 22:25:58 | 001,975,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Yan_Tiersen_-Amelie_-_Comptine.mp3 [2010.08.24 07:01:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.08.24 07:01:50 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.08.24 07:01:42 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\$_hpcst$.hpc [2010.03.06 21:18:19 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.03.06 21:18:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.02.28 16:56:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.02.28 16:56:08 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.27 20:03:00 | 000,000,836 | ---- | C] () -- C:\WINDOWS\QIII.INI [2010.02.26 16:10:03 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.02.26 15:50:39 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2010.02.26 15:50:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2010.02.26 15:50:39 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010.02.24 21:18:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.04.23 11:54:00 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.07.23 11:40:54 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\setup.txt [2006.08.11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006.05.23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005.06.16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini ========== LOP Check ========== [2010.11.09 18:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mediafour [2010.08.24 07:02:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2010.04.03 17:18:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.03 16:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.08.24 14:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Audacity [2010.02.26 22:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\FindeXer [2010.08.24 07:01:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Samsung [2010.02.28 20:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Desktop Search [2010.03.07 18:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Search [2010.11.10 14:26:50 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7F8A674-88A2-40C4-8291-ADF9F7A23DCB}.job [2010.11.10 14:34:34 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.11.10 14:23:22 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.10 14:33:53 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.27 18:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Adobe [2010.08.30 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Apple Computer [2010.08.24 14:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Audacity [2010.11.09 18:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Avira [2010.02.26 15:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Creative [2010.02.26 23:52:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\CyberLink [2010.06.15 16:27:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\DivX [2010.02.26 22:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\FindeXer [2010.02.24 23:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Identities [2010.02.27 18:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Macromedia [2010.11.02 20:46:49 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft [2010.02.26 23:08:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Nero [2010.08.24 07:01:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Samsung [2010.09.29 19:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Skype [2010.02.26 22:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Sun [2010.08.06 18:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\vlc [2010.02.28 20:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Desktop Search [2010.03.07 18:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Search < %APPDATA%\*.exe /s > [2010.02.27 17:48:29 | 000,011,502 | R--- | M] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\ARPPRODUCTICON.exe [2010.02.27 17:48:29 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.02.27 17:48:29 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.02.27 17:48:29 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.02.27 17:48:29 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 07:52:46 | 003,192,320 | ---- | M] (Microsoft Corporation) MD5=3A7F047D24D0A3768D91702D66B72C6A -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 003,192,320 | ---- | M] (Microsoft Corporation) MD5=3A7F047D24D0A3768D91702D66B72C6A -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 07:52:32 | 000,573,952 | ---- | M] (Microsoft Corporation) MD5=E871913340498750BEB5F97E6D8BDC01 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,573,952 | ---- | M] (Microsoft Corporation) MD5=E871913340498750BEB5F97E6D8BDC01 -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.26 16:10:03 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2010.02.24 22:17:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.02.24 22:17:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.02.24 22:17:02 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2010 14:27:34 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Marcel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 298,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,69 Gb Total Space | 32,72 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Drive D: | 153,38 Gb Total Space | 28,60 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive E: | 153,38 Gb Total Space | 1,11 Gb Free Space | 0,72% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-329068152-1788223648-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Programme\Safari\Safari.exe (Apple Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"D:\Spiele\Steam\steamapps\sf-nikita@web.de\counter-strike source\hl2.exe" = D:\Spiele\Steam\steamapps\sf-nikita@web.de\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Spiele\FlatOut2\FlatOut2.exe" = D:\Spiele\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"D:\Spiele\Quake III Arena\quake3.exe" = D:\Spiele\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"D:\Spiele\Steam\steamapps\sf-nikita@web.de\half-life\hl.exe" = D:\Spiele\Steam\steamapps\sf-nikita@web.de\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Spiele\Unreal Tournement\System\UnrealTournament.exe" = D:\Spiele\Unreal Tournement\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- ()
"D:\Spiele\Steam\steamapps\sf-nikita@web.de\team fortress 2\hl2.exe" = D:\Spiele\Steam\steamapps\sf-nikita@web.de\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"D:\Spiele\Fun Games\Blobby Volley 2\blobby.exe" = D:\Spiele\Fun Games\Blobby Volley 2\blobby.exe:*:Enabled:blobby -- ()
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"D:\Spiele\Steam\steamapps\sf-luigi@web.de\half-life\hl.exe" = D:\Spiele\Steam\steamapps\sf-luigi@web.de\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"D:\Spiele\Steam\steamapps\sf-luigi@web.de\day of defeat\hl.exe" = D:\Spiele\Steam\steamapps\sf-luigi@web.de\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"D:\Spiele\Steam\steamapps\sf-luigi@web.de\counter-strike\hl.exe" = D:\Spiele\Steam\steamapps\sf-luigi@web.de\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0523EAF4-402C-4435-A0DA-13C40193D811}" = Logitech GamePanel Software 2.02
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}" = FlatOut2
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel(R) Network Connections 12.4.38.0
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FAECE08E-4DEE-4164-A92A-3521C84C3B5A}" = MacDrive 8
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudioConSole" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CursorXP" = CursorXP
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"HijackThis" = HijackThis 2.0.2
"iColorFolder" = iColorFolder
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pack LeopardXP" = Pack LeopardXP 1.0
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.2
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\CYBERLINK POWERDVD 8.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8 DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8 DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 09.11.2010 13:13:08 | Computer Name = MARCEL-PC | Source = Bonjour Service | ID = 100
Description = 324: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 09.11.2010 13:39:11 | Computer Name = MARCEL-PC | Source = Bonjour Service | ID = 100
Description = 324: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 09.11.2010 13:47:03 | Computer Name = MARCEL-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avscan.exe, Version 10.0.3.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 03.11.2010 17:09:00 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 03.11.2010 17:17:02 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 05.11.2010 14:51:08 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 12:44:50 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 13:07:33 | Computer Name = MARCEL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 09.11.2010 13:07:35 | Computer Name = MARCEL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 09.11.2010 13:14:36 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 13:40:42 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 14:03:26 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 10.11.2010 09:21:30 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
< End of report >
|
|
10.11.2010, 21:36
| #4 |
| | Swizzor kann nicht entfernt werden! Hallo Markus, vielen Dank schonmal für deine Hilfe. Anbei die Inhalte der *.txt-Dateien: OTL.Txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.11.2010 14:27:34 - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Marcel\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.022,00 Mb Total Physical Memory | 298,00 Mb Available Physical Memory | 29,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 76,69 Gb Total Space | 32,72 Gb Free Space | 42,66% Space Free | Partition Type: NTFS Drive D: | 153,38 Gb Total Space | 28,60 Gb Free Space | 18,65% Space Free | Partition Type: NTFS Drive E: | 153,38 Gb Total Space | 1,11 Gb Free Space | 0,72% Space Free | Partition Type: NTFS Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Aci.exe (Opera Software) PRC - C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Ach.exe (Opera Software) PRC - C:\WINDOWS\Adajua.exe (Opera Software) PRC - C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Safari\Safari.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe (Adobe Systems Incorporated) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) PRC - C:\Programme\TrueTransparency\TrueTransparency.exe () PRC - C:\WINDOWS\BricoPacks\LeopardXP\Glass2k.exe (Chime Softwares) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) PRC - C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe (Logitech Inc.) PRC - C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) PRC - C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe (RaduKing) PRC - C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) PRC - C:\Programme\MacSearch_v.1.4.3\MacSearch.exe () PRC - C:\Programme\UberIcon\UberIcon Manager.exe () PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.) PRC - C:\Programme\tclock2_120\tclock2.exe (Two_toNe) PRC - C:\Programme\YzShadow\YzShadow.exe (Y'z@Home) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\TrueTransparency\TrueTransparencyHook.dll () MOD - C:\WINDOWS\system32\msvcp60.dll (Microsoft Corporation) MOD - C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.dll (RaduKing) MOD - C:\WINDOWS\system32\CTAGENT.DLL (Creative Technology Ltd) MOD - C:\Programme\UberIcon\UberIcon.dll () MOD - C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL (Logitech Inc.) MOD - C:\Programme\Logitech\MouseWare\system\LgWndHk.dll (Logitech Inc.) MOD - C:\Programme\YzShadow\YzShadow.dll () ========== Win32 Services (SafeList) ========== SRV - (SSHNAS) -- C:\WINDOWS\system32\sshnas21.dll (Opera Software) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (MacDrive8Service) -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe (Mediafour Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (sfrem01) SF FrontLine Drivers Auto Removal (v1) -- C:\WINDOWS\System32\sfrem01.exe (Protection Technology (StarForce)) SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation) DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI) DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (MDFSYSNT) -- C:\WINDOWS\System32\drivers\MDFSYSNT.SYS (Mediafour Corporation) DRV - (MDPMGRNT) -- C:\WINDOWS\System32\drivers\MDPMGRNT.SYS (Mediafour Corporation) DRV - (CBDisk) -- C:\WINDOWS\system32\drivers\CBDisk.sys (EldoS Corporation) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation ) DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\WINDOWS\system32\drivers\sfsync04.sys (Protection Technology (StarForce)) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\system32\drivers\sfdrv01a.sys (Protection Technology (StarForce)) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHidUsb.sys (Logitech, Inc.) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys (Logitech, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1788223648-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local O1 HOSTS File: ([2001.08.23 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Loader Class) - {F880A4A8-C436-4AC4-AFD1-AA0BDC9552DD} - C:\WINDOWS\BricoPacks\LeopardXP\FindeXer.dll (A Part of the LessCliX Suite by Alianyn) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-329068152-1788223648-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Programme\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Programme\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation) O4 - HKLM..\Run: [Launch LGDCore] C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4 - HKLM..\Run: [Launch LgDevAgt] C:\Programme\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [MacDrive 8 application] C:\Programme\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation) O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Programme\CyberLink\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [RemoteControl8] C:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe (Cyberlink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] File not found O4 - HKU\S-1-5-21-329068152-1788223648-725345543-1003..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( ) O4 - HKU\S-1-5-21-329068152-1788223648-725345543-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-329068152-1788223648-725345543-1003..\Run: [U36VRSFLG6] C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Ach.exe (Opera Software) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AntiVir starten.lnk = C:\Programme\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\Glass2k.lnk = C:\WINDOWS\BricoPacks\LeopardXP\Glass2k.exe (Chime Softwares) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\MacSearch.lnk = C:\Programme\MacSearch_v.1.4.3\MacSearch.exe () O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\panther.CurXPTheme.lnk = C:\Programme\CursorXP\Themes\panther.Cur File not found O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\RK Launcher.lnk = C:\Programme\RK Launcher\RK Launcher 0.41 Beta Nightly\RKLauncher.exe (RaduKing) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\tclock2.lnk = C:\Programme\tclock2_120\tclock2.exe (Two_toNe) O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\TrueTransparency.lnk = C:\Programme\TrueTransparency\TrueTransparency.exe () O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\UberIcon.lnk = C:\Programme\UberIcon\UberIcon Manager.exe () O4 - Startup: C:\Dokumente und Einstellungen\Marcel\Startmenü\Programme\Autostart\YzShadow.lnk = C:\Programme\YzShadow\YzShadow.exe (Y'z@Home) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1788223648-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\PartyPoker\RunApp.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - D:\Spiele\PartyPoker\RunApp.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\WINDOWS\System32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.24 22:56:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.03.14 17:47:20 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{763022ad-a0a9-11df-b2bf-0007e964d29c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{763022ad-a0a9-11df-b2bf-0007e964d29c}\Shell\default\command - "" = strongkey.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (Opera Software) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902053519425536) ========== Files/Folders - Created Within 30 Days ========== [2010.11.10 14:24:18 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe [2010.11.09 22:49:29 | 000,000,000 | ---D | C] -- C:\!KillBox [2010.11.09 22:45:26 | 000,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\Marcel\Desktop\KillBox.exe [2010.11.09 22:35:07 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Marcel\Desktop\HiJackThis.exe [2010.11.09 19:06:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag [2010.11.09 19:00:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\O&O [2010.11.09 18:59:43 | 000,000,000 | ---D | C] -- C:\Programme\OO Software [2010.11.09 18:53:33 | 000,057,800 | ---- | C] (EldoS Corporation) -- C:\WINDOWS\System32\drivers\CBDisk.sys [2010.11.09 18:53:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Mediafour [2010.11.09 18:53:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mediafour [2010.11.09 18:50:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2010.11.09 18:30:56 | 000,208,896 | ---- | C] (Opera Software) -- C:\WINDOWS\Adajua.exe [2010.11.09 18:30:32 | 000,274,432 | ---- | C] (Opera Software) -- C:\WINDOWS\System32\sshnas21.dll [2010.11.09 18:20:54 | 000,000,000 | ---D | C] -- C:\Programme\Mediafour [2010.11.09 18:18:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Avira [2010.11.09 18:07:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.11.09 18:07:00 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.11.09 18:07:00 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.11.09 18:07:00 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.11.09 18:06:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.11.03 22:14:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt [2010.11.03 19:58:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010.10.23 14:04:54 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.10.23 14:03:41 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.10.23 14:03:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.10.23 14:03:41 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.10.23 12:31:58 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll [2010.10.23 12:31:58 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll [2010.10.23 12:31:47 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll [2010.10.11 18:41:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.10.11 18:16:40 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.10.11 18:16:15 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.10.11 18:11:24 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.10.11 18:08:55 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2006.08.11 14:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.11.10 14:34:34 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.11.10 14:33:53 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.11.10 14:26:50 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{E7F8A674-88A2-40C4-8291-ADF9F7A23DCB}.job [2010.11.10 14:23:22 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.10 14:22:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.11.10 14:21:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.11.10 14:21:05 | 000,000,582 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2010.11.10 00:30:54 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,031,056 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,030,528 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000003-00001102-00000004-20021102}.rfx [2010.11.10 00:30:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.11.10 00:30:54 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.11.10 00:29:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20021102}.CDF [2010.11.10 00:29:51 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000003-00000000-00000003-00001102-00000004-20021102}.BAK [2010.11.09 23:23:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.11.09 22:45:28 | 000,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Dokumente und Einstellungen\Marcel\Desktop\KillBox.exe [2010.11.09 22:35:17 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\Marcel\Desktop\HiJackThis.exe [2010.11.09 18:50:11 | 001,975,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Yan_Tiersen_-Amelie_-_Comptine.mp3 [2010.11.09 18:30:34 | 000,208,896 | ---- | M] (Opera Software) -- C:\WINDOWS\Adajua.exe [2010.11.09 18:30:32 | 000,274,432 | ---- | M] (Opera Software) -- C:\WINDOWS\System32\sshnas21.dll [2010.11.09 18:07:21 | 000,001,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AntiVir starten.lnk [2010.11.05 22:31:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Marcel\Desktop\OTL.exe [2010.11.02 20:46:23 | 000,055,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pdf [2010.11.02 20:45:31 | 000,063,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pptx [2010.11.02 17:37:59 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.11.02 17:37:58 | 000,476,730 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.11.02 17:37:58 | 000,090,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.11.02 17:37:58 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.10.23 14:06:34 | 000,273,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.10.23 13:08:18 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.10.23 13:07:05 | 005,665,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Peter Sarstedt - Where Do You Go To My Lovely.mp3 [2010.10.23 13:01:28 | 003,362,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Weezer - Island in the sun.mp3 [2010.10.11 18:40:05 | 000,035,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.11 18:40:05 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.11.23 13:00:18 | 005,665,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Peter Sarstedt - Where Do You Go To My Lovely.mp3 [2010.11.09 19:03:01 | 000,000,582 | ---- | C] () -- C:\WINDOWS\System32\OODBS.lor [2010.11.09 18:31:07 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job [2010.11.09 18:30:42 | 000,000,286 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.11.09 18:30:40 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.09 18:07:21 | 000,001,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AntiVir starten.lnk [2010.11.02 20:46:24 | 000,055,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pdf [2010.11.02 20:45:31 | 000,063,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Eigene Dateien\BSC - Unternehmen Planspiel.pptx [2010.10.23 22:25:58 | 001,975,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Desktop\Yan_Tiersen_-Amelie_-_Comptine.mp3 [2010.08.24 07:01:50 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.08.24 07:01:50 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.08.24 07:01:42 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\$_hpcst$.hpc [2010.03.06 21:18:19 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.03.06 21:18:19 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.02.28 16:56:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.02.28 16:56:08 | 000,035,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.27 20:03:00 | 000,000,836 | ---- | C] () -- C:\WINDOWS\QIII.INI [2010.02.26 16:10:03 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2010.02.26 15:50:39 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2010.02.26 15:50:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2010.02.26 15:50:39 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2010.02.24 21:18:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.04.23 11:54:00 | 000,000,348 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2007.07.23 11:40:54 | 000,000,051 | ---- | C] () -- C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Anwendungsdaten\setup.txt [2006.08.11 14:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006.05.23 12:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005.06.16 18:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2002.10.03 14:42:27 | 000,000,034 | ---- | C] () -- C:\WINDOWS\Q3version.ini ========== LOP Check ========== [2010.11.09 18:53:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mediafour [2010.08.24 07:02:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2010.04.03 17:18:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.03 16:52:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2010.08.24 14:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Audacity [2010.02.26 22:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\FindeXer [2010.08.24 07:01:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Samsung [2010.02.28 20:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Desktop Search [2010.03.07 18:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Search [2010.11.10 14:26:50 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{E7F8A674-88A2-40C4-8291-ADF9F7A23DCB}.job [2010.11.10 14:34:34 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job [2010.11.10 14:23:22 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job [2010.11.10 14:33:53 | 000,000,286 | -H-- | M] () -- C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.27 18:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Adobe [2010.08.30 16:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Apple Computer [2010.08.24 14:47:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Audacity [2010.11.09 18:18:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Avira [2010.02.26 15:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Creative [2010.02.26 23:52:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\CyberLink [2010.06.15 16:27:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\DivX [2010.02.26 22:18:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\FindeXer [2010.02.24 23:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Identities [2010.02.27 18:06:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Macromedia [2010.11.02 20:46:49 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft [2010.02.26 23:08:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Nero [2010.08.24 07:01:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Samsung [2010.09.29 19:56:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Skype [2010.02.26 22:55:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Sun [2010.08.06 18:35:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\vlc [2010.02.28 20:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Desktop Search [2010.03.07 18:06:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Windows Search < %APPDATA%\*.exe /s > [2010.02.27 17:48:29 | 000,011,502 | R--- | M] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\ARPPRODUCTICON.exe [2010.02.27 17:48:29 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe1_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.02.27 17:48:29 | 000,053,248 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\FlatOut2.exe_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.02.27 17:48:29 | 000,015,086 | R--- | M] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe [2010.02.27 17:48:29 | 000,008,854 | R--- | M] () -- C:\Dokumente und Einstellungen\Marcel\Anwendungsdaten\Microsoft\Installer\{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\AGP440.SYS < MD5 for: ATAPI.SYS > [2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2008.04.14 07:52:46 | 003,192,320 | ---- | M] (Microsoft Corporation) MD5=3A7F047D24D0A3768D91702D66B72C6A -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 003,192,320 | ---- | M] (Microsoft Corporation) MD5=3A7F047D24D0A3768D91702D66B72C6A -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008.04.14 07:52:32 | 000,573,952 | ---- | M] (Microsoft Corporation) MD5=E871913340498750BEB5F97E6D8BDC01 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,573,952 | ---- | M] (Microsoft Corporation) MD5=E871913340498750BEB5F97E6D8BDC01 -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.26 16:10:03 | 000,685,816 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2010.02.24 22:17:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.02.24 22:17:03 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.02.24 22:17:02 | 000,434,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Extras.TxtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.11.2010 14:27:34 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Dokumente und Einstellungen\Marcel\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.022,00 Mb Total Physical Memory | 298,00 Mb Available Physical Memory | 29,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,69 Gb Total Space | 32,72 Gb Free Space | 42,66% Space Free | Partition Type: NTFS
Drive D: | 153,38 Gb Total Space | 28,60 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
Drive E: | 153,38 Gb Total Space | 1,11 Gb Free Space | 0,72% Space Free | Partition Type: NTFS
Computer Name: MARCEL-PC | User Name: Marcel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-329068152-1788223648-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- C:\Programme\Safari\Safari.exe (Apple Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"D:\Spiele\Steam\steamapps\sf-nikita@web.de\counter-strike source\hl2.exe" = D:\Spiele\Steam\steamapps\sf-nikita@web.de\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"D:\Spiele\FlatOut2\FlatOut2.exe" = D:\Spiele\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- ()
"D:\Spiele\Quake III Arena\quake3.exe" = D:\Spiele\Quake III Arena\quake3.exe:*:Enabled:quake3 -- ()
"D:\Spiele\Steam\steamapps\sf-nikita@web.de\half-life\hl.exe" = D:\Spiele\Steam\steamapps\sf-nikita@web.de\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Spiele\Unreal Tournement\System\UnrealTournament.exe" = D:\Spiele\Unreal Tournement\System\UnrealTournament.exe:*:Enabled:UnrealTournament -- ()
"D:\Spiele\Steam\steamapps\sf-nikita@web.de\team fortress 2\hl2.exe" = D:\Spiele\Steam\steamapps\sf-nikita@web.de\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"D:\Spiele\Fun Games\Blobby Volley 2\blobby.exe" = D:\Spiele\Fun Games\Blobby Volley 2\blobby.exe:*:Enabled:blobby -- ()
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"D:\Spiele\Steam\steamapps\sf-luigi@web.de\half-life\hl.exe" = D:\Spiele\Steam\steamapps\sf-luigi@web.de\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"D:\Spiele\Steam\steamapps\sf-luigi@web.de\day of defeat\hl.exe" = D:\Spiele\Steam\steamapps\sf-luigi@web.de\day of defeat\hl.exe:*:Enabled:Day of Defeat -- (Valve)
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)
"D:\Spiele\Steam\steamapps\sf-luigi@web.de\counter-strike\hl.exe" = D:\Spiele\Steam\steamapps\sf-luigi@web.de\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0523EAF4-402C-4435-A0DA-13C40193D811}" = Logitech GamePanel Software 2.02
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6D2462-AB33-40BB-AA9F-3FA3E0DD0290}" = FlatOut2
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.80
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{888D0F50-FF0A-4808-966E-23D63277BF2A}" = Intel(R) Network Connections 12.4.38.0
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{FAECE08E-4DEE-4164-A92A-3521C84C3B5A}" = MacDrive 8
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AudioConSole" = Creative-Audiokonsole
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CursorXP" = CursorXP
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"HijackThis" = HijackThis 2.0.2
"iColorFolder" = iColorFolder
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pack LeopardXP" = Pack LeopardXP 1.0
"Quake III Arena" = Quake III Arena
"Quake III Arena Point Release 1.32" = Quake III Arena Point Release 1.32
"Trillian" = Trillian
"VLC media player" = VLC media player 1.1.2
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.2 final uninstall
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\CYBERLINK POWERDVD 8.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8 DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 05.11.2010 14:52:52 | Computer Name = MARCEL-PC | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\MARCEL\STARTMENÜ\PROGRAMME\CYBERLINK
POWERDVD 8\POWERDVD 8 DEINSTALLIEREN.LNK> in der Hash-Zuordnung kann nicht aktualisiert
werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes
Gerät funktioniert nicht. (0x8007001f)
Error - 09.11.2010 13:13:08 | Computer Name = MARCEL-PC | Source = Bonjour Service | ID = 100
Description = 324: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 09.11.2010 13:39:11 | Computer Name = MARCEL-PC | Source = Bonjour Service | ID = 100
Description = 324: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 09.11.2010 13:47:03 | Computer Name = MARCEL-PC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avscan.exe, Version 10.0.3.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 03.11.2010 17:09:00 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 03.11.2010 17:17:02 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 05.11.2010 14:51:08 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 12:44:50 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 13:07:33 | Computer Name = MARCEL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 09.11.2010 13:07:35 | Computer Name = MARCEL-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "avipbb" wurde aufgrund folgenden Fehlers nicht gestartet:
%%31
Error - 09.11.2010 13:14:36 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 13:40:42 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 09.11.2010 14:03:26 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
Error - 10.11.2010 09:21:30 | Computer Name = MARCEL-PC | Source = ati2mtag | ID = 45062
Description = CRT invalid display type
< End of report >
|
|
10.11.2010, 21:40
| #5 |
| /// Malware-holic | Swizzor kann nicht entfernt werden! download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.11.2010, 11:06
| #6 |
| | Swizzor kann nicht entfernt werden! Hallo, hier die Log: Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 5091 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11.11.2010 09:00:18 mbam-log-2010-11-11 (09-00-18).txt Art des Suchlaufs: Vollst‰ndiger Suchlauf (C:\|D:\|E:\|) Durchsuchte Objekte: 271930 Laufzeit: 1 Stunde(n), 43 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 3 Infizierte Speichermodule: 1 Infizierte Registrierungsschl¸ssel: 5 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 19 Infizierte Speicherprozesse: C:\WINDOWS\Adajua.exe (Trojan.FraudPack) -> Unloaded process successfully. C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Aci.exe (Trojan.FraudPack) -> Unloaded process successfully. C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Ach.exe (Trojan.FraudPack) -> Unloaded process successfully. Infizierte Speichermodule: c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot. Infizierte Registrierungsschl¸ssel: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sshnas (Trojan.FraudPack) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\U36VRSFLG6 (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\u36vrsflg6 (Trojan.FraudPack) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bˆsartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bˆsartigen Objekte gefunden) Infizierte Dateien: c:\WINDOWS\system32\sshnas21.dll (Trojan.FraudPack) -> Delete on reboot. C:\WINDOWS\Adajua.exe (Trojan.FraudPack) -> Delete on reboot. C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Aci.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Ach.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Acf.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Dokumente und Einstellungen\Marcel\Lokale Einstellungen\Temp\Acg.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\Programme\iColorFolder\iColorFolder.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{87667841-3531-42A9-873C-D5766A1B64BD}\RP100\A0033951.exe (Trojan.FraudPack) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{87667841-3531-42A9-873C-D5766A1B64BD}\RP101\A0034041.exe (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\system32\utilman.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\ServicePackFiles\i386\utilman.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. C:\WINDOWS\BricoPacks\LeopardXP\PackFiles\184_utilman.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. D:\Fun & Action\Stressreducer.exe (Joke.Stressreducer) -> Quarantined and deleted successfully. D:\Programme\PowerDVD Deluxe 8.0.1531\PowerDVD Deluxe 8.0.1531\Keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{D18B2799-BEEF-484E-882F-DE74522C9F45}\RP117\A0016988.exe (Trojan.Dropper) -> Quarantined and deleted successfully. D:\System Volume Information\_restore{F2C47B94-76A0-41C7-BD2D-089526101D5D}\RP148\A0023546.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job (Trojan.Downloader) -> Quarantined and deleted successfully. |
|
11.11.2010, 11:20
| #7 |
| /// Malware-holic | Swizzor kann nicht entfernt werden! es ist immer schade das ihr jungs euch immer selbst für hilfe disqualifiziert... D:\Programme\PowerDVD Deluxe 8.0.1531\PowerDVD Deluxe 8.0.1531\Keygen\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully. hier helfen wir nur beim neu aufsetzen/absichern.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.11.2010, 13:39
| #8 |
| | Swizzor kann nicht entfernt werden! Die Festplatte D dient als File-Backup und enthält uninstallierte Programme (also Setups). Der Keygenerator (D:\Programme\PowerDVD Deluxe 8.0.1531\PowerDVD Deluxe 8.0.1531\Keygen\keygen.exe) kann nicht der Ausschlag sein, da dieser nie ausgeführt wurde... Die vermeintliche Software, die ausgeführt wurde und danach plötzlich IE-Fenster geöffnet wurden, war eine Setup-Datei des Programms MacDrive. Diese Datei habe ich bereits gelöscht. |
|
11.11.2010, 13:41
| #9 |
| /// Malware-holic | Swizzor kann nicht entfernt werden! das ist für mich aber nicht nachprüfbar ob du keygens benutzt, und außerdem hat komischerweise jeder nur rein zufällig solche programme auf dem pc, bei dem wir sie finden.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.11.2010, 17:16
| #10 |
| | Swizzor kann nicht entfernt werden! Ich kann gut nachvollziehen, dass es sich bei den Meisten um Raubkopien und ähnlichen Dingen handelt, die zu solchen Problemen führen. Dennoch hat dies nichts mit meiner Situation zu tun; Vermutungen treffen nicht auf Jeden zu. Vielen Dank für deine Hilfe, der Swizzor scheint gelöscht zu sein. |
|
11.11.2010, 17:19
| #11 |
| /// Malware-holic | Swizzor kann nicht entfernt werden! ich kann nur mit dem arbeiten was ich sehe. keygens bearbeiten wir nicht. und der schein trügt oft, darauf würde ich mich nicht verlassen sondern mit der partition d aufräumen, keygens etc los werden, neu aufsetzen, dazu bekommst du hilfe, zu was anderem nicht :-(
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Swizzor kann nicht entfernt werden! |
| adobe, antivir, antivir guard, avg, avira, bho, bonjour, browser, desktop, dsl, einstellungen, exe-datei, explorer, hijack, hijackthis, hkus\s-1-5-18, hängen, internet, internet explorer, kann nicht entfernt werden, pdf, plug-in, senden, software, swizzor, system, temp, verweise, windows, windows xp |
Linear-Darstellung
