|
Plagegeister aller Art und deren Bekämpfung: Heuristics.Shuriken & PUM.Hijack.StartMenuWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.04.2011, 09:55 | #1 | |
| Heuristics.Shuriken & PUM.Hijack.StartMenu Hallo ich hatte in den letzten paar Tagen mehrere Vierenfunde. Da mein Avira nicht in der Lage war diese zu löschen hab ich eingesehen, dass ich wohl nicht mehr Herr der Lage bin und Hilfe benötige. Hier die Log's: Zitat:
Code:
ATTFilter OTL Extras logfile created on: 05.04.2011 10:45:51 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop\Setup Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 512 1024D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 26,30 Gb Total Space | 7,54 Gb Free Space | 28,67% Space Free | Partition Type: NTFS Drive D: | 439,46 Gb Total Space | 77,25 Gb Free Space | 17,58% Space Free | Partition Type: NTFS Drive E: | 149,05 Gb Total Space | 70,10 Gb Free Space | 47,03% Space Free | Partition Type: NTFS Drive F: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HÖLLENMASCHIENE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "D:\Programme\TerraTec Home Cinema\CinergyDvrHelper.exe" = D:\Programme\TerraTec Home Cinema\CinergyDvrHelper.exe:*:Enabled:TerraTec Home Cinema (Setup) "D:\Programme\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe" = D:\Programme\TerraTec Home Cinema\tvtvSetup\tvtv_Wizard.exe:*:Enabled:TerraTec tvtv Setup -- (TerraTec Electronic GmbH) "D:\Programme\TerraTec Home Cinema\CinergyDvr.exe" = D:\Programme\TerraTec Home Cinema\CinergyDvr.exe:*:Enabled:TerraTec Home Cinema -- (TerraTec Electronic GmbH) "D:\Programme\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDVRUp_Date.exe" = D:\Programme\TerraTec Home Cinema\CinergyDvrUpdate\CinergyDVRUp_Date.exe:*:Enabled:TerraTec Auto Update "D:\Programme\TerraTec Home Cinema\InstTool.exe" = D:\Programme\TerraTec Home Cinema\InstTool.exe:*:Enabled:TerraTec Home Cinema (Setup) -- (TerraTec Electronic GmbH) "D:\Games\Far Cry 2\bin\FarCry2.exe" = D:\Games\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment) "D:\Games\Far Cry 2\bin\FC2Launcher.exe" = D:\Games\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft) "D:\Games\Far Cry 2\bin\FC2Editor.exe" = D:\Games\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment) "D:\Games\Faces of War\facesofwar.exe" = D:\Games\Faces of War\facesofwar.exe:*:Enabled:FOW Application -- ("Bestway" Corp) "D:\Games\BrotherInArms\Hell's Highway\Binaries\biahh.exe" = D:\Games\BrotherInArms\Hell's Highway\Binaries\biahh.exe:*:Enabled:biahh "D:\Games\Act of War\ACTOFWAR.exe" = D:\Games\Act of War\ACTOFWAR.exe:*:Enabled:ACTOFWAR "D:\Games\Dead Space\Dead Space.exe" = D:\Games\Dead Space\Dead Space.exe:*:Enabled:Dead Space ™ "D:\Programme\RouterControl\RouterControl.exe" = D:\Programme\RouterControl\RouterControl.exe:*:Enabled:RouterControl -- (Mirko Böer) "C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.) "D:\Programme\BitTorrent\bittorrent.exe" = D:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent "D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = D:\Games\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "D:\Games\Anno 1701\Anno1701.exe" = D:\Games\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 "D:\Games\Soldat\Soldat.exe" = D:\Games\Soldat\Soldat.exe:*:Enabled:Soldat "G:\Games\sSpielbar\Soldat\Soldat.exe" = G:\Games\sSpielbar\Soldat\Soldat.exe:*:Enabled:Soldat "D:\Games\ArmA\arma.exe" = D:\Games\ArmA\arma.exe:*:Enabled:ArmA "C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe" = C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "D:\Games\MassEffect\Binaries\MassEffect.exe" = D:\Games\MassEffect\Binaries\MassEffect.exe:*:Enabled:Mass Effect Game -- (BioWare) "D:\Games\MassEffect\MassEffectLauncher.exe" = D:\Games\MassEffect\MassEffectLauncher.exe:*:Enabled:Mass Effect Launcher -- (BioWare) "D:\Games\Counter-Strike Source\hl2.exe" = D:\Games\Counter-Strike Source\hl2.exe:*:Enabled:hl2 "D:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe" = D:\Games\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft) "D:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe" = D:\Games\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft) "D:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe" = D:\Games\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft) "D:\Games\Rome - Total War\Deutsch\RomeTW.exe" = D:\Games\Rome - Total War\Deutsch\RomeTW.exe:*:Disabled:Rome: Total War -- (The Creative Assembly Ltd) "C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) "D:\Programme\Steam\Steam.exe" = D:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated) "D:\Programme\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe" = D:\Programme\Steam\steamapps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta "D:\Games\Halo2\halo2.exe" = D:\Games\Halo2\halo2.exe:*:Enabled:Halo 2 "D:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe" = D:\Games\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- () "D:\Games\Assassin's Creed II\AssassinsCreedII.exe" = D:\Games\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft) "D:\Games\Assassin's Creed II\UPlayBrowser.exe" = D:\Games\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment) "D:\Programme\Tunngle\tnglctrl.exe" = D:\Programme\Tunngle\tnglctrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH) "D:\Programme\Tunngle\tunngle.exe" = D:\Programme\Tunngle\tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH) "D:\Games\Medal of Honor MP Beta\MoHMPUpdater.exe" = D:\Games\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta "D:\Programme\Miranda IM\miranda32.exe" = D:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( ) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "D:\Games\ArmA 2\Expansion\beta\arma2oa.exe" = D:\Games\ArmA 2\Expansion\beta\arma2oa.exe:*:Enabled:ArmA 2 OA "D:\Programme\Steam\steamapps\common\alien swarm\srcds.exe" = D:\Programme\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server "D:\Games\StarCraft II\StarCraft II.exe" = D:\Games\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "D:\Games\StarCraft II\Versions\Base15405\SC2.exe" = D:\Games\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google) "D:\Games\MedalOfHonor2010\Binaries\moh.exe" = D:\Games\MedalOfHonor2010\Binaries\moh.exe:*:Enabled:Medal of Honor™ "C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "D:\Games\Lock On\LockOn.exe" = D:\Games\Lock On\LockOn.exe:*:Enabled:LOCK ON -- (Eagle Dynamics) "D:\Games\Call of Duty - Black Ops\BlackOps.exe" = D:\Games\Call of Duty - Black Ops\BlackOps.exe:*:Enabled:BlackOps -- () "D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe" = D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\conviction_game.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction -- () "D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe" = D:\Games\Tom Clancy's Splinter Cell Conviction\src\system\gu.exe:*:Enabled:Tom Clancy's Splinter Cell Conviction aktualisieren -- (Ubisoft) "D:\Games\FlatOut2\flatout2.exe" = D:\Games\FlatOut2\flatout2.exe:*:Enabled:flatout2 "D:\Games\ArmA 2\arma2.exe" = D:\Games\ArmA 2\arma2.exe:*:Enabled:ArmA 2 -- (Bohemia Interactive) "D:\Games\Wings of Prey\aces.exe" = D:\Games\Wings of Prey\aces.exe:*:Enabled:Wings of Prey "D:\Games\Wings of Prey\launcher.exe" = D:\Games\Wings of Prey\launcher.exe:*:Enabled:Wings of Prey Launcher -- (Gaijin Entertainment) "D:\Games\Wings of Prey\yuPlay\yuPlay.exe" = D:\Games\Wings of Prey\yuPlay\yuPlay.exe:*:Enabled:Wings of Prey - yuPlay client "D:\Games\Wings of Prey\acess.exe" = D:\Games\Wings of Prey\acess.exe:*:Disabled:acess "C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Programme\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "D:\Games\Silent Hunter 5\sh5.exe" = D:\Games\Silent Hunter 5\sh5.exe:*:Enabled:Silent Hunter 5 -- (Ubisoft) "D:\Programme\Orbitdownloader\orbitdm.exe" = D:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "D:\Programme\Orbitdownloader\orbitnet.exe" = D:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "D:\Games\ArmA 2\arma2OA.exe" = D:\Games\ArmA 2\arma2OA.exe:*:Enabled:ArmA 2 Operation Arrowhead -- (Bohemia Interactive) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4 "{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4 "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4 "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler "{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista "{0D005F09-A5F4-473B-A901-5735C6AF5628}" = Silent Hunter 4 Wolves of the Pacific "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4 "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup "{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4 "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4 "{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Nur entfernen) "{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.1" = Update &1 für Spiel Men of War "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4 "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4 "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1A48AB8A-DA88-545F-9D3D-C481DC6C31A3}" = Catalyst Control Center Graphics Full Existing "{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect "{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{257DEF70-A302-CF80-79FE-D8C72EB5E4D0}" = ccc-utility "{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 15 "{2ACF3993-A0E7-4374-B926-68EA1FAE8A88}" = MapInfo Professional 10.0 "{2C2F85C4-62C3-4F59-A5E1-AB60E5F76ADF}_is1" = "Faces of War" (Nur entfernen) "{2CF6349E-8A3F-B726-F59A-8703FC8885E8}" = Catalyst Control Center Graphics Light "{2FB2169F-04D8-FFC0-6A66-80EE652B93A5}" = Catalyst Control Center InstallProxy "{302126A2-BB96-5931-6249-CAACA2C89AA1}" = ccc-core-static "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver "{322699FF-9732-4146-AA83-17FADE68CE98}" = Battlestations: Midway Patch V1.1.1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4 "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4 "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5B9EFDF8-AC4F-CA21-9A8C-7534D49E7EE9}" = Catalyst Control Center HydraVision Full "{5CA1C102-CFB3-9C8E-2DEF-E98A4B57C8CF}" = Catalyst Control Center InstallProxy "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{6316A0D9-403D-46F8-A7CD-BBCFA076676B}_is1" = Rückkehr der Asse 1.04 Beta - Upgrade v2 "{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4 "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4 "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK "{68714F44-295D-7F81-233A-A81701695635}" = Catalyst Control Center InstallProxy "{6997644B-5E1C-453A-82E8-7DBAA4DD41F9}" = ArmA Edit "{6AB57823-3580-4CE0-9CF0-072E2A39460C}" = Catalyst Control Center - Branding "{6C35CF58-C36C-8B43-C6A1-02073BCA8FF1}" = Catalyst Control Center InstallProxy "{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61 "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R) "{790F6156-B231-F7D6-BAE4-741E7CB0ACB1}" = ccc-utility "{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{810AD6B3-C830-A74C-300E-D14820CE1850}" = Catalyst Control Center InstallProxy "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4 "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4 "{855AA20A-CA81-7EF1-1936-AE4AA3DC4BEA}" = ccc-core-preinstall "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4 "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9F7FC1EC-5C07-44A4-8338-22AF90644273}_is1" = German Soldiers Mod Fields of Honor 2 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A36579B4-313E-DC6B-D817-41824D46EF5D}" = CCC Help English "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9867BC9-0EAD-BAC6-C320-4FBC2E127643}" = Catalyst Control Center Core Implementation "{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch "{B194ECC4-0DFC-EA56-0052-2960B3E9C51B}" = Catalyst Control Center InstallProxy "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4 "{B9060398-FB64-2A4C-C4E6-D1236447E026}" = ATI Catalyst Install Manager "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module "{bd8defa4-19fa-4964-9692-f1112d8a62d9}}_is1" = Wings of Prey 1.0.3.2 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4 "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF49A5C4-E09A-4A22-BE7B-E42C687952BC}" = O&O Defrag Professional "{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III "{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "{D0E6B5D9-6737-AF3E-7BE5-7327DD6B6002}" = Catalyst Control Center Graphics Previews Common "{D3BA6488-5C3E-A4EF-BA64-74C54ABCEE03}" = ccc-core-static "{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1 "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4 "{E4C82E4B-CD9E-27ED-BC6A-E099DE3EC3ED}" = CCC Help English "{E7231089-60AD-CD67-8CC0-B0F415E2A32A}" = Catalyst Control Center Graphics Full New "{E90DCEE9-DC27-401B-A7AC-B0AFF5B34E4D}" = Lock On: Modern Air Combat "{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0 "{EDD654B3-6FE9-67AC-CE7D-5FE3698439DB}" = Catalyst Control Center Graphics Previews Common "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2 "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4 "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4 "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All "7-Zip" = 7-Zip 9.20 "A2UPGRADE 1.4" = A2UPGRADE 1.4 "Ad-Aware" = Ad-Aware "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4 "Arma 2 British Armed Forces" = Arma 2 British Armed Forces Uninstall "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "Arma 2 Private Military Company" = Arma 2 Private Military Company Uninstall "ArmA2" = ArmA2 Uninstall "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "BattlEye" = BattlEye Uninstall "BattlEye for OA" = BattlEye for OA Uninstall "Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2 "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "CCleaner" = CCleaner "Crysis WARHEAD(R)" = Crysis WARHEAD(R) "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup.divx.com" = DivX-Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "Fallout 3 - The Pitt" = Fallout 3 - The Pitt "Fallout 3: Operation Anchorage™" = Fallout 3: Operation Anchorage™ "Fallout New Vegas_is1" = Fallout New Vegas "Fallout Tactics" = Fallout Tactics "Fraps" = Fraps "Generic USB 106 Sound" = SL-8795 Headset "Goodnight Timer_is1" = Goodnight Timer 1.1 "HijackThis" = HijackThis 2.0.2 "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2 "JDownloader" = JDownloader "KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.1 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Mass Effect 2 German_is1" = Mass Effect 2 German "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Miranda IM" = Miranda IM 0.9.17 "Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16) "mv61xxMRU" = marvell 61xx MRU "OpenAL" = OpenAL "Orbit_is1" = Orbit Downloader "Patch for "Men of War"_is1" = Patch 1.16.4 for "Men of War" "RADVideo" = RAD Video Tools "RouterControl" = RouterControl 1.92 "S2TNG" = Die Siedler II - Die nächste Generation "Sandboxie" = Sandboxie 3.48 "Semper Fi_is1" = Semper Fi 1.0 "Star Trek Armada II" = Star Trek Armada II "StarCraft II" = StarCraft II "TexView 2" = TexView 2 Uninstall "Tunngle beta_is1" = Tunngle beta "VLC media player" = VLC media player 1.0.1 "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WinRAR archiver" = WinRAR "WUV30" = Windows Update Agent 3.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent DNA" = DNA "FileZilla Client" = FileZilla Client 3.3.2.1 "TeamSpeak 3 Client" = TeamSpeak 3 Client ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 03.04.2011 16:08:27 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung arma2patch_1_00_to_1_09.exe, Version 1.0.0.2, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x1a8d7614. Error - 03.04.2011 16:16:54 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung arma2patch_1_00_to_1_09.exe, Version 1.0.0.2, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x1a8d7614. Error - 03.04.2011 16:28:28 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung arma2patch_1_00_to_1_09.exe, Version 1.0.0.2, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x1a8d7614. Error - 03.04.2011 16:37:59 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung arma2patch_1_00_to_1_09.exe, Version 1.0.0.2, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Error - 03.04.2011 16:38:04 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung arma2patch_1_00_to_1_09.exe, Version 1.0.0.2, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x1a8d7614. Error - 03.04.2011 16:38:06 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung arma2patch_1_00_to_1_09.exe, Version 1.0.0.2, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x1a8d7614. Error - 03.04.2011 16:38:11 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung arma2patch_1_00_to_1_09.exe, Version 1.0.0.2, fehlgeschlagenes Modul , Version 0.0.0.0, Fehleradresse 0x00000000. Error - 03.04.2011 17:08:18 | Computer Name = HÖLLENMASCHIENE | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung ts3client_win32.exe, Version 1.0.0.0, fehlgeschlagenes Modul ts3client_win32.exe, Version 1.0.0.0, Fehleradresse 0x000273de. Error - 05.04.2011 02:50:37 | Computer Name = HÖLLENMASCHIENE | Source = COM+ | ID = 135761 Description = In der Laufzeitumgebung wurde ein inkonsistenter interner Status erkannt. Dies deutet auf eine potenzielle Instabilität des Prozesses hin. Diese Instabilität wird durch die in der COM+-Anwendung ausgeführten benutzerdefinierten Komponenten, die von ihnen verwendeten Komponenten oder durch andere Faktoren verursacht. Fehler in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8007041d: InitEventCollector fail Error - 05.04.2011 02:50:37 | Computer Name = HÖLLENMASCHIENE | Source = VSS | ID = 12292 Description = Volumeschattenkopie-Dienstfehler: Beim Erstellen der Schattenkopieanbieter-COM-Klasse mit CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80080005] ist ein Fehler aufgetreten. [ System Events ] Error - 05.04.2011 02:50:37 | Computer Name = HÖLLENMASCHIENE | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "COMSysApp" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ECABAFBC-7F19-11D2-978E-0000F8757E2A} Error - 05.04.2011 02:50:37 | Computer Name = HÖLLENMASCHIENE | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst COM+-Systemanwendung. Error - 05.04.2011 02:50:37 | Computer Name = HÖLLENMASCHIENE | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COM+-Systemanwendung" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 05.04.2011 02:50:37 | Computer Name = HÖLLENMASCHIENE | Source = Service Control Manager | ID = 7034 Description = Dienst "MS Software Shadow Copy Provider" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 05.04.2011 04:40:58 | Computer Name = HÖLLENMASCHIENE | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. < End of report > OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.04.2011 10:45:51 - Run 3 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\***\Desktop\Setup Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free 7,00 Gb Paging File | 6,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 512 1024D:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 26,30 Gb Total Space | 7,54 Gb Free Space | 28,67% Space Free | Partition Type: NTFS Drive D: | 439,46 Gb Total Space | 77,25 Gb Free Space | 17,58% Space Free | Partition Type: NTFS Drive E: | 149,05 Gb Total Space | 70,10 Gb Free Space | 47,03% Space Free | Partition Type: NTFS Drive F: | 7,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: HÖLLENMASCHIENE | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Desktop\Setup\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - D:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) PRC - D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Marvell\61xx\svc\mvraidsvc.exe () PRC - C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Desktop\Setup\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (SbieSvc) -- D:\Programme\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (TunngleService) -- D:\Programme\Tunngle\TnglCtrl.exe (Tunngle.net GmbH) SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (Marvell RAID) -- C:\Programme\Marvell\61xx\svc\mvraidsvc.exe () SRV - (sfrem01) SF FrontLine Drivers Auto Removal (v1) -- C:\WINDOWS\System32\sfrem01.exe (Protection Technology (StarForce)) SRV - (MRUWebService) -- C:\Programme\Marvell\61xx\Apache2\bin\Apache.exe (Apache Software Foundation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys () DRV - (SbieDrv) -- D:\Programme\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.) DRV - (tap0901t) TAP-Win32 Adapter V9 (Tunngle) -- C:\WINDOWS\system32\drivers\tap0901t.sys (Tunngle.net) DRV - (SaiNtBus) -- C:\WINDOWS\system32\drivers\SaiBus.sys (Saitek) DRV - (SaiMini) -- C:\WINDOWS\system32\drivers\SaiMini.sys (Saitek) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- D:\Programme\PowerDVD9\PowerDVD9\000.fcl (CyberLink Corp.) DRV - (USBMULCD) -- C:\WINDOWS\system32\drivers\CM106.sys (C-Media Electronics Inc) DRV - (SaiK0836) -- C:\WINDOWS\system32\drivers\SaiK0836.sys (Saitek) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (USB28xxOEM) -- C:\WINDOWS\system32\drivers\emOEM.sys (eMPIA Technology, Inc.) DRV - (USB28xxBGA) -- C:\WINDOWS\system32\drivers\emBDA.sys (eMPIA Technology, Inc.) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (mv61xx) -- C:\WINDOWS\system32\DRIVERS\mv61xx.sys (Marvell Semiconductor, Inc.) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce)) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.03.24 13:56:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.24 10:05:17 | 000,000,000 | ---D | M] [2008.11.25 18:04:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2011.04.04 18:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\extensions [2011.03.24 19:25:01 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2011.03.24 10:05:22 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.11.10 02:28:44 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2011.03.24 10:05:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.23 20:39:24 | 000,000,000 | ---D | M] (Anti-Aliasing Tuner) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\extensions\aatuner@hotmint.com [2010.11.10 02:28:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions [2010.07.12 05:11:21 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\tddszfgp.default\searchplugins\conduit.xml [2011.04.04 18:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.05.27 21:01:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.07.30 03:25:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.03.28 14:35:00 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- D:\PROGRAMME\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER O1 HOSTS File: ([2010.03.25 15:54:58 | 000,302,863 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com:443 O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 192.150.18.108 O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 10461 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - D:\Programme\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - D:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Cm106Sound] File not found O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O8 - Extra context menu item: &Download by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227628987031 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.168.112.60 81.173.194.77 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.11.26 00:11:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.05.18 22:32:49 | 001,075,256 | R--- | M] () - F:\AutoRun.bmp -- [ UDF ] O32 - AutoRun File - [2010.05.20 08:29:23 | 000,002,388 | R--- | M] () - F:\Autorun.csv -- [ UDF ] O32 - AutoRun File - [2010.06.01 22:20:51 | 000,000,594 | R--- | M] () - F:\AutoRun.dat -- [ UDF ] O32 - AutoRun File - [2010.05.18 22:32:52 | 000,707,720 | R--- | M] () - F:\AutoRun.exe -- [ UDF ] O32 - AutoRun File - [2010.05.18 22:32:49 | 000,000,052 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2010.05.18 22:32:49 | 000,921,390 | R--- | M] () - F:\autorun.wav -- [ UDF ] O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.05 08:51:47 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2011.04.04 10:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\ArmA 2 OA [2011.04.04 10:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ArmA 2 [2011.04.02 12:20:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2011.04.02 12:20:21 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2011.03.28 14:35:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Orbit [2011.03.23 17:13:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\SH5 [2009.04.09 12:38:00 | 000,126,976 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.SHDocVw.dll [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.05 10:42:17 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011.04.05 10:40:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.05 10:40:42 | 001,898,899 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2011.04.05 10:39:35 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Access.dat [2011.04.05 02:28:53 | 000,000,059 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoodnightTimer.ini [2011.04.05 00:40:16 | 000,239,616 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.03 23:08:10 | 000,191,677 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ts3_clientui-win32-12815-2011-04-03 23_08_07.750000.dmp [2011.03.29 02:09:26 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2011.03.28 20:01:26 | 000,001,062 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\ArmA II OA.lnk [2011.03.27 15:27:38 | 000,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash [2011.03.23 21:51:40 | 000,000,880 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Silent Hunter 5 spielen.lnk [2011.03.22 01:11:12 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.03.20 18:07:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.03.17 20:14:11 | 000,000,744 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Arma II.lnk [2011.03.17 14:40:22 | 000,000,088 | ---- | M] () -- C:\Dokumente und Einstellungen\***\default.pls [2011.03.17 00:31:37 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.03.06 20:10:25 | 000,001,258 | ---- | M] () -- C:\WINDOWS\System\Cm106.ini [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.03 23:08:07 | 000,191,677 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\ts3_clientui-win32-12815-2011-04-03 23_08_07.750000.dmp [2011.04.01 18:07:34 | 000,001,062 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\ArmA II OA.lnk [2011.04.01 18:07:34 | 000,000,744 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Arma II.lnk [2011.03.23 17:12:00 | 000,000,880 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Silent Hunter 5 spielen.lnk [2011.01.10 22:06:24 | 000,000,932 | ---- | C] () -- C:\WINDOWS\STA2.ini [2011.01.03 15:58:27 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2011.01.03 15:58:27 | 000,224,001 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2011.01.03 15:58:27 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.08.12 16:26:08 | 000,001,360 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini [2010.04.15 20:51:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\mf.dll [2010.04.14 23:16:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010.04.07 02:52:30 | 000,706,566 | ---- | C] () -- C:\Programme\unins000.exe [2010.04.07 02:52:30 | 000,026,169 | ---- | C] () -- C:\Programme\unins000.dat [2010.03.20 19:03:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.02.18 21:33:48 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\Cmeau106.exe [2010.02.18 21:33:48 | 000,143,360 | ---- | C] () -- C:\WINDOWS\Vmix106.dll [2010.02.18 21:33:39 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\CmiInstallResAll.dll [2010.02.18 21:33:39 | 000,000,187 | ---- | C] () -- C:\WINDOWS\Cm106.ini.imi [2010.02.18 21:14:42 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2010.02.17 15:23:41 | 000,000,574 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl [2010.02.17 15:23:07 | 000,001,304 | R--- | C] () -- C:\WINDOWS\Cm106.ini.cfg [2010.02.17 15:22:59 | 000,000,362 | R--- | C] () -- C:\WINDOWS\cm106.ini [2009.12.08 03:40:31 | 000,000,059 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GoodnightTimer.ini [2009.11.26 15:30:35 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll [2009.11.26 15:30:35 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll [2009.11.26 15:30:35 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll [2009.11.25 01:55:46 | 000,112,640 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe [2009.11.13 13:07:26 | 002,097,152 | ---- | C] () -- C:\WINDOWS\sample5x.dat [2009.08.16 19:55:19 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PnkBstrK.sys [2009.06.03 21:24:29 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.05.26 18:33:15 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.04.28 00:55:54 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2009.04.12 01:21:10 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009.04.12 01:21:03 | 000,107,832 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2009.04.12 01:20:57 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2009.04.09 12:38:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SearchRequire.dll [2009.03.22 11:08:27 | 000,000,114 | ---- | C] () -- C:\WINDOWS\System32\61xx.ini [2008.11.26 21:22:17 | 000,000,261 | ---- | C] () -- C:\WINDOWS\game.ini [2008.11.26 19:33:44 | 000,000,060 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.11.26 18:48:15 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2008.11.26 18:19:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.26 18:19:48 | 000,239,616 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.11.26 00:30:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2008.11.26 00:26:40 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2008.11.26 00:26:34 | 000,038,004 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008.11.26 00:26:34 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008.11.26 00:23:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.11.26 00:12:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.11.26 00:08:31 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.11.26 00:07:57 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll [2008.11.26 00:01:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.11.26 00:00:10 | 002,180,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.11.25 18:06:35 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2008.11.25 18:04:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2008.11.25 17:50:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008.10.29 03:40:41 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2008.10.28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008.09.12 09:32:42 | 001,273,856 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836.Dll [2008.09.12 09:32:42 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836_0C.dll [2008.09.12 09:32:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836_10.dll [2008.09.12 09:32:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836_0A.dll [2008.09.12 09:32:42 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836_07.dll [2008.09.12 09:32:42 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836_09.dll [2008.09.12 09:32:42 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836_0402.dll [2008.09.12 09:32:42 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0836_11.dll [2008.06.20 11:55:48 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll [2008.04.14 10:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.12.31 09:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.06.26 23:16:14 | 000,047,430 | ---- | C] () -- C:\WINDOWS\php.ini [2004.08.04 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 16:00:00 | 000,519,770 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 16:00:00 | 000,495,958 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 16:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 16:00:00 | 000,101,494 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 16:00:00 | 000,084,442 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 16:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2000.10.25 18:15:00 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\Implode.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 481 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp:05EE1EEF < End of report > |
05.04.2011, 15:06 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Heuristics.Shuriken & PUM.Hijack.StartMenuZitat:
Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!
__________________ |
05.04.2011, 22:54 | #3 |
| Heuristics.Shuriken & PUM.Hijack.StartMenu :P das Ding war recht alt und er ist gelöscht. Steht sogar dabei.
__________________e:\Proggies\guitar pro 4.1.0 + keygen\keygen.exe (Trojan.Backdoor) -> Quarantined and deleted successfully. Aber nagut steht ja in euren Forenregeln/Richtlienen mit drinn... Schade. Trotzdem danke. Geändert von OneTwo (05.04.2011 um 23:53 Uhr) |
Themen zu Heuristics.Shuriken & PUM.Hijack.StartMenu |
0x00000001, 0xc0000001, 7-zip, adblock, alternate, assembly, avgntflt.sys, avira, bho, black, call of duty, counter-strike source, desktop, downloader, entfernen, error, excel, flash player, format, google, google earth, heuristics.shuriken, hijackthis, home, internet browser, jdownloader, keygen, location, log's, logfile, microsoft office word, mozilla, office 2007, oldtimer, otl.exe, pum.hijack.startmenu, realtek, registry, rundll, saver, scan, sched.exe, searchplugins, security, server, shell32.dll, shortcut, software, sptd.sys, teamspeak, torrent.exe, trojan.backdoor, usb, youtube downloader |