Trojaner-Board - Bundespolizei-Ukash (anderer Rechner mit Windows XP)

Guten Tag zusammen.
Habe wieder einmal den super Polizeivirus-Ukash
OTL scan ausgeführt :OTL Logfile:

Code:

OTL logfile created on: 04.10.2011 12:11:42 - Run 3

OTL by OldTimer - Version 3.2.29.1     Folder = G:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

989,17 Mb Total Physical Memory | 826,48 Mb Available Physical Memory | 83,55% Memory free

2,33 Gb Paging File | 2,29 Gb Available in Paging File | 98,21% Paging File free

Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 10,81 Gb Total Space | 4,70 Gb Free Space | 43,50% Space Free | Partition Type: NTFS

Drive D: | 26,78 Gb Total Space | 24,50 Gb Free Space | 91,48% Space Free | Partition Type: NTFS

Drive E: | 36,90 Gb Total Space | 24,61 Gb Free Space | 66,69% Space Free | Partition Type: NTFS

Drive G: | 999,70 Mb Total Space | 999,13 Mb Free Space | 99,94% Space Free | Partition Type: FAT

 

Computer Name: WILLI | User Name: Teproma | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.10.04 12:04:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- G:\OTL.exe

PRC - [2008.04.14 08:52:40 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (TUWinStylerThemeSvc)

SRV - [2011.06.29 09:02:39 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)

SRV - [2011.06.29 09:02:39 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011.06.29 09:02:39 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2011.06.29 09:02:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.27 09:01:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.02.06 15:09:16 | 001,263,872 | ---- | M] (Matrox Graphics Inc.) [Auto | Stopped] -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)

SRV - [2009.02.06 15:08:28 | 000,344,832 | ---- | M] (Matrox Graphics Inc) [Auto | Stopped] -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)

SRV - [2007.04.04 09:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mgabg.exe -- (MGABGEXE)

SRV - [2007.02.09 20:39:08 | 000,407,072 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007.01.12 23:47:22 | 000,707,344 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)

SRV - [2006.11.23 16:45:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2002.03.19 12:15:46 | 000,036,864 | ---- | M] (D-Link) [On_Demand | Stopped] -- C:\Programme\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.29 09:02:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.29 09:02:40 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)

DRV - [2011.06.29 09:02:40 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)

DRV - [2011.06.29 09:02:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.12.25 12:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009.12.11 12:39:58 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.12.11 12:38:22 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009.10.30 13:49:56 | 000,176,768 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009.02.06 14:19:52 | 000,350,592 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g400dhm.sys -- (G400DH)

DRV - [2008.04.13 23:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2007.04.16 14:58:38 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2007.04.16 14:58:38 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2007.04.16 14:58:32 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2005.11.24 01:00:00 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)

DRV - [2005.04.12 10:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV - [2004.05.24 14:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\avmport.sys -- (AVMPORT)

DRV - [2003.09.09 13:12:04 | 000,323,008 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)

DRV - [2002.05.22 16:27:54 | 000,028,200 | ---- | M] (D-Link Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NIOC.sys -- (NIOC)

DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g400m.sys -- (G400)

DRV - [2001.08.17 12:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)

DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)

DRV - [2000.07.14 14:00:48 | 000,005,500 | R--- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mgabg.sys -- (mgabg)

DRV - [2000.07.11 17:31:26 | 000,200,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETFRITZ.SYS -- (NETFRITZ)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

 

 

O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (IE7pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll (IE7pro.com)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [PDFPrint] E:\Nils\pdf24\pdf24.exe (Geek Software GmbH)

O4 - HKCU..\Run: [{7D3FC8EE-CA13-5E47-56CB-EFAB5CC2C6F4}] C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Yweqig\atkut.exe ()

O4 - HKCU..\Run: [4Y3Y0C3AVV3VWC6ZDPIAAKRDRBL] C:\Recycle.Bi\A96C465E4BD.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll (IE7pro.com)

O9 - Extra 'Tools' menuitem : IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll (IE7pro.com)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190103069552 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BEF5F9E-A6A2-44B2-ACA8-4BAC119CC134}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E296A27-748D-4936-9AC6-95D938236782}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82A17C66-7117-4B34-9286-98FA62F118F3}: NameServer = 192.168.0.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe) -C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe ()

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)

O31 - SafeBoot: UseAlternatShell - 1

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.10.18 14:18:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{3a7d2856-c012-11dc-8c4e-404e57434431}\Shell - "" = AutoRun

O33 - MountPoints2\{3a7d2856-c012-11dc-8c4e-404e57434431}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3a7d2856-c012-11dc-8c4e-404e57434431}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.30 08:17:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Yweqig

[2011.09.30 08:17:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Udtu

[2011.09.30 08:17:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Omim

[2011.09.30 08:17:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Icet

[2011.09.20 13:27:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.04 12:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.10.04 12:08:11 | 006,460,390 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.10.04 11:28:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.10.04 07:35:17 | 000,169,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe

[2011.10.04 07:32:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7249D272-ED12-459F-8885-DEF9E6451EF3}.job

[2011.10.03 09:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.09.20 13:14:51 | 000,476,900 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.09.20 13:14:51 | 000,435,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.09.20 13:14:51 | 000,091,614 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.09.20 13:14:51 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.09.19 10:52:00 | 000,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\egp7chgo83meztag.dat

[2011.09.18 10:30:22 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.10.04 07:35:17 | 000,169,472 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe

[2011.09.19 10:52:00 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\egp7chgo83meztag.dat

[2011.01.14 12:58:26 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011.01.14 12:38:18 | 002,026,604 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin

[2011.01.14 12:38:18 | 000,442,964 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin

[2011.01.14 12:38:10 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll

[2010.05.31 22:27:12 | 000,073,728 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2010.02.23 16:23:26 | 000,000,089 | ---- | C] () -- C:\WINDOWS\SPL7019.DAT

[2009.04.02 15:42:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009.04.02 08:36:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.10.27 18:03:47 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL

[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008.04.10 10:52:25 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2007.10.02 10:57:21 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.03.05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2007.01.30 12:46:32 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat

[2007.01.30 12:46:31 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\d3d8caps.dat

[2006.12.31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.11.27 10:25:29 | 000,003,411 | ---- | C] () -- C:\WINDOWS\tm.ini

[2006.10.25 08:05:45 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\BGData.bin

[2006.10.18 16:28:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2J.DLL

[2006.10.18 16:27:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP2J.EXE

[2006.10.18 16:05:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETFRITZ.SYS

[2006.10.18 15:56:03 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006.10.18 14:22:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006.10.18 14:14:00 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004.04.23 22:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe

[2003.08.11 05:46:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003.08.11 05:45:29 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003.04.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003.04.02 14:00:00 | 000,476,900 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2003.04.02 14:00:00 | 000,435,310 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003.04.02 14:00:00 | 000,091,614 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2003.04.02 14:00:00 | 000,068,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003.04.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003.04.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[2002.06.09 13:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll

 
 ========== LOP Check ==========

 

[2007.04.17 13:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2008.10.27 18:03:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2010.06.10 12:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular

[2006.10.24 09:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch

[2009.12.11 12:24:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox

[2009.12.11 12:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox Graphics Inc

[2010.04.25 10:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sPlan70

[2009.12.11 11:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2009.02.13 14:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\EDrawings

[2011.03.18 11:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\elsterformular

[2006.10.24 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\FRITZ!

[2011.09.30 08:17:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Icet

[2007.04.16 15:49:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\IE7pro

[2011.09.30 08:17:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Omim

[2007.04.19 09:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\TuneUp Software

[2011.09.30 08:17:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Udtu

[2009.12.11 11:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Windows Desktop Search

[2011.07.19 13:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Windows Search

[2011.09.30 08:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Yweqig

[2011.10.03 09:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[2011.10.04 07:32:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7249D272-ED12-459F-8885-DEF9E6451EF3}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < :reg >

 
 < [HKEY_Current_User\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >

 
 < "Shell"="explorer.exe" >

 
 <  >

 
 < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >

 
 < "Shell"="explorer.exe" >

 
 <  >

 
 < :commands >

 
 < [emptytemp] >
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 04.10.2011 12:11:42 - Run 3

OTL by OldTimer - Version 3.2.29.1     Folder = G:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

989,17 Mb Total Physical Memory | 826,48 Mb Available Physical Memory | 83,55% Memory free

2,33 Gb Paging File | 2,29 Gb Available in Paging File | 98,21% Paging File free

Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 10,81 Gb Total Space | 4,70 Gb Free Space | 43,50% Space Free | Partition Type: NTFS

Drive D: | 26,78 Gb Total Space | 24,50 Gb Free Space | 91,48% Space Free | Partition Type: NTFS

Drive E: | 36,90 Gb Total Space | 24,61 Gb Free Space | 66,69% Space Free | Partition Type: NTFS

Drive G: | 999,70 Mb Total Space | 999,13 Mb Free Space | 99,94% Space Free | Partition Type: FAT

 

Computer Name: WILLI | User Name: Teproma | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000000-5736-4205-1000-75FF97AC5007}" = Steganos Internet Trace Destructor 7.1.1

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{1C27C64B-D5CF-4881-A310-0BD2A0D21927}" = ElsterFormular 2005/2006

"{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AA7D28F-7C66-45BD-95C0-BEC00CEFD34A}" = Matrox PowerDesk-SE

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch

"{B0FEAA5C-88C8-4E1C-9C6E-B1F5AEA035BF}" = AirPro Utility

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira Premium Security Suite

"AVM ISDN CAPI Port" = AVM ISDN CAPI Port

"CANONBJ_Deinstall_CNMCP2J.DLL" = BJC-6200

"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200

"CCleaner" = CCleaner (remove only)

"C-Media Audio Driver" = C-Media WDM Audio Driver

"ElsterFormular 11.4.1.4323" = ElsterFormular Upgrade

"FRITZ! 2.0" = AVM FRITZ!

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IE7pro_is1" = IE7pro

"ie8" = Windows Internet Explorer 8

"InstallShield_{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service

"InstallShield_{B0FEAA5C-88C8-4E1C-9C6E-B1F5AEA035BF}" = AirPro Utility

"InstallShield_{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service

"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"PowerShell" = Windows PowerShell(TM) 1.0

"RegHealer_is2" = Registry Healer 4.5.0 uninstall

"sPlan_70_is1" = sPlan 7.0

"VirtualCloneDrive" = VirtualCloneDrive

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinZip" = WinZip

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.09.2011 09:43:00 | Computer Name = WILLI | Source = ESENT | ID = 485

Description = wuauclt (2784) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"

 zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.

 Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.

 

[ System Events ]

Error - 04.10.2011 06:06:48 | Computer Name = WILLI | Source = SRService | ID = 104

Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

 

Error - 04.10.2011 06:06:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler

 beendet:   %%5

 

Error - 04.10.2011 06:08:40 | Computer Name = WILLI | Source = SRService | ID = 104

Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

 

Error - 04.10.2011 06:09:36 | Computer Name = WILLI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung

 für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht

 gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "QoS-RSVP" ist vom Dienst "Umgebung für die AFD-Netzwerkunterstützung"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   AFD  avfwot  avgio  avipbb  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  ssmdrv  Tcpip  WS2IFSL

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler

 beendet:   %%5

 

 

< End of report >

--- --- ---
freue mich auf eure Hilfe mfg CSS :rolleyes:

warum verlinkt ihr nun mein andern threat nach hier ? wenns 2 ganz andere pcs sind ? bringt mir ja null trotzdem poste ich noch ein letztes mal hier mein otl scan hoffe könnt mir helfen finde nirgends was wie ich nen neuen threat aufmache :crazy:OTL Logfile:

Code:

OTL logfile created on: 04.10.2011 12:11:42 - Run 3

OTL by OldTimer - Version 3.2.29.1     Folder = G:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

989,17 Mb Total Physical Memory | 826,48 Mb Available Physical Memory | 83,55% Memory free

2,33 Gb Paging File | 2,29 Gb Available in Paging File | 98,21% Paging File free

Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 10,81 Gb Total Space | 4,70 Gb Free Space | 43,50% Space Free | Partition Type: NTFS

Drive D: | 26,78 Gb Total Space | 24,50 Gb Free Space | 91,48% Space Free | Partition Type: NTFS

Drive E: | 36,90 Gb Total Space | 24,61 Gb Free Space | 66,69% Space Free | Partition Type: NTFS

Drive G: | 999,70 Mb Total Space | 999,13 Mb Free Space | 99,94% Space Free | Partition Type: FAT

 

Computer Name: WILLI | User Name: Teproma | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.10.04 12:04:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- G:\OTL.exe

PRC - [2008.04.14 08:52:40 | 000,401,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cmd.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (TUWinStylerThemeSvc)

SRV - [2011.06.29 09:02:39 | 000,567,464 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)

SRV - [2011.06.29 09:02:39 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011.06.29 09:02:39 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2011.06.29 09:02:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.04.27 09:01:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009.02.06 15:09:16 | 001,263,872 | ---- | M] (Matrox Graphics Inc.) [Auto | Stopped] -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service)

SRV - [2009.02.06 15:08:28 | 000,344,832 | ---- | M] (Matrox Graphics Inc) [Auto | Stopped] -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)

SRV - [2007.04.04 09:48:42 | 000,087,560 | ---- | M] (Matrox Graphics Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\mgabg.exe -- (MGABGEXE)

SRV - [2007.02.09 20:39:08 | 000,407,072 | ---- | M] (Acronis) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007.01.12 23:47:22 | 000,707,344 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)

SRV - [2006.11.23 16:45:46 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)

SRV - [2002.03.19 12:15:46 | 000,036,864 | ---- | M] (D-Link) [On_Demand | Stopped] -- C:\Programme\WZCBDL Service\WZCBDLS.exe -- (WZCBDLService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.06.29 09:02:40 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.06.29 09:02:40 | 000,106,904 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avfwot.sys -- (avfwot)

DRV - [2011.06.29 09:02:40 | 000,082,952 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avfwim.sys -- (avfwim)

DRV - [2011.06.29 09:02:40 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2009.12.25 12:26:30 | 006,039,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)

DRV - [2009.12.11 12:39:58 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009.12.11 12:38:22 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)

DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)

DRV - [2009.10.30 13:49:56 | 000,176,768 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)

DRV - [2009.02.06 14:19:52 | 000,350,592 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g400dhm.sys -- (G400DH)

DRV - [2008.04.13 23:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)

DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)

DRV - [2007.04.16 14:58:38 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2007.04.16 14:58:38 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2007.04.16 14:58:32 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2005.11.24 01:00:00 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)

DRV - [2005.04.12 10:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)

DRV - [2004.05.24 14:35:06 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\avmport.sys -- (AVMPORT)

DRV - [2003.09.09 13:12:04 | 000,323,008 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A3AB.sys -- (A3AB) D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB)

DRV - [2002.05.22 16:27:54 | 000,028,200 | ---- | M] (D-Link Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\NIOC.sys -- (NIOC)

DRV - [2001.08.18 05:33:12 | 000,322,432 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\g400m.sys -- (G400)

DRV - [2001.08.17 12:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)

DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN)

DRV - [2000.07.14 14:00:48 | 000,005,500 | R--- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mgabg.sys -- (mgabg)

DRV - [2000.07.11 17:31:26 | 000,200,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETFRITZ.SYS -- (NETFRITZ)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

 

 

 

O1 HOSTS File: ([2003.04.02 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (IE7pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll (IE7pro.com)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [PDFPrint] E:\Nils\pdf24\pdf24.exe (Geek Software GmbH)

O4 - HKCU..\Run: [{7D3FC8EE-CA13-5E47-56CB-EFAB5CC2C6F4}] C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Yweqig\atkut.exe ()

O4 - HKCU..\Run: [4Y3Y0C3AVV3VWC6ZDPIAAKRDRBL] C:\Recycle.Bi\A96C465E4BD.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!fax.lnk = C:\Programme\FRITZ!\FriFax32.exe (AVM Berlin)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll (IE7pro.com)

O9 - Extra 'Tools' menuitem : IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programme\Internet Explorer\PLUGINS\IE7pro\IE7pro.dll (IE7pro.com)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190103069552 (WUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BEF5F9E-A6A2-44B2-ACA8-4BAC119CC134}: NameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E296A27-748D-4936-9AC6-95D938236782}: DhcpNameServer = 192.168.0.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82A17C66-7117-4B34-9286-98FA62F118F3}: NameServer = 192.168.0.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe) -C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe ()

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)

O31 - SafeBoot: UseAlternatShell - 1

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.10.18 14:18:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{3a7d2856-c012-11dc-8c4e-404e57434431}\Shell - "" = AutoRun

O33 - MountPoints2\{3a7d2856-c012-11dc-8c4e-404e57434431}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{3a7d2856-c012-11dc-8c4e-404e57434431}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn

O34 - HKLM BootExecute: (autocheck autochk *)

O34 - HKLM BootExecute: (OODBS)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.30 08:17:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Yweqig

[2011.09.30 08:17:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Udtu

[2011.09.30 08:17:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Omim

[2011.09.30 08:17:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Icet

[2011.09.20 13:27:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.10.04 12:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.10.04 12:08:11 | 006,460,390 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor

[2011.10.04 11:28:02 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.10.04 07:35:17 | 000,169,472 | ---- | M] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe

[2011.10.04 07:32:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{7249D272-ED12-459F-8885-DEF9E6451EF3}.job

[2011.10.03 09:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2011.09.20 13:14:51 | 000,476,900 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.09.20 13:14:51 | 000,435,310 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.09.20 13:14:51 | 000,091,614 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.09.20 13:14:51 | 000,068,834 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.09.19 10:52:00 | 000,000,008 | ---- | M] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\egp7chgo83meztag.dat

[2011.09.18 10:30:22 | 000,010,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.10.04 07:35:17 | 000,169,472 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\mahmud.exe

[2011.09.19 10:52:00 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\egp7chgo83meztag.dat

[2011.01.14 12:58:26 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll

[2011.01.14 12:38:18 | 002,026,604 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin

[2011.01.14 12:38:18 | 000,442,964 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin

[2011.01.14 12:38:10 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v5002.dll

[2010.05.31 22:27:12 | 000,073,728 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat

[2010.02.23 16:23:26 | 000,000,089 | ---- | C] () -- C:\WINDOWS\SPL7019.DAT

[2009.04.02 15:42:14 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2009.04.02 08:36:41 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.10.27 18:03:47 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL

[2008.05.26 23:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini

[2008.05.26 23:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini

[2008.05.26 23:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini

[2008.05.26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin

[2008.05.26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin

[2008.04.10 10:52:25 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

[2007.10.02 10:57:21 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007.03.05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2007.01.30 12:46:32 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat

[2007.01.30 12:46:31 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Teproma\Lokale Einstellungen\Anwendungsdaten\d3d8caps.dat

[2006.12.31 08:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.11.27 10:25:29 | 000,003,411 | ---- | C] () -- C:\WINDOWS\tm.ini

[2006.10.25 08:05:45 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\BGData.bin

[2006.10.18 16:28:03 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS2J.DLL

[2006.10.18 16:27:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP2J.EXE

[2006.10.18 16:05:04 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETFRITZ.SYS

[2006.10.18 15:56:03 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2006.10.18 14:22:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2006.10.18 14:14:00 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004.04.23 22:02:10 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe

[2003.08.11 05:46:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003.08.11 05:45:29 | 000,114,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003.04.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003.04.02 14:00:00 | 000,476,900 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2003.04.02 14:00:00 | 000,435,310 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003.04.02 14:00:00 | 000,091,614 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2003.04.02 14:00:00 | 000,068,834 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003.04.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003.04.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003.02.19 01:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

[2002.06.09 13:07:30 | 000,053,315 | ---- | C] () -- C:\WINDOWS\System32\DevCtrl.dll

 
 ========== LOP Check ==========

 

[2007.04.17 13:00:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2008.10.27 18:03:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ

[2010.06.10 12:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular

[2006.10.24 09:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch

[2009.12.11 12:24:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox

[2009.12.11 12:24:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox Graphics Inc

[2010.04.25 10:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sPlan70

[2009.12.11 11:02:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2009.02.13 14:51:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\EDrawings

[2011.03.18 11:07:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\elsterformular

[2006.10.24 11:50:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\FRITZ!

[2011.09.30 08:17:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Icet

[2007.04.16 15:49:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\IE7pro

[2011.09.30 08:17:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Omim

[2007.04.19 09:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\TuneUp Software

[2011.09.30 08:17:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Udtu

[2009.12.11 11:35:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Windows Desktop Search

[2011.07.19 13:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Windows Search

[2011.09.30 08:17:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Teproma\Anwendungsdaten\Yweqig

[2011.10.03 09:00:00 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[2011.10.04 07:32:28 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{7249D272-ED12-459F-8885-DEF9E6451EF3}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < :reg >

 
 < [HKEY_Current_User\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >

 
 < "Shell"="explorer.exe" >

 
 <  >

 
 < [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] >

 
 < "Shell"="explorer.exe" >

 
 <  >

 
 < :commands >

 
 < [emptytemp] >
 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL Extras logfile created on: 04.10.2011 12:11:42 - Run 3

OTL by OldTimer - Version 3.2.29.1     Folder = G:\

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

989,17 Mb Total Physical Memory | 826,48 Mb Available Physical Memory | 83,55% Memory free

2,33 Gb Paging File | 2,29 Gb Available in Paging File | 98,21% Paging File free

Paging file location(s): C:\pagefile.sys 1488 2976 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 10,81 Gb Total Space | 4,70 Gb Free Space | 43,50% Space Free | Partition Type: NTFS

Drive D: | 26,78 Gb Total Space | 24,50 Gb Free Space | 91,48% Space Free | Partition Type: NTFS

Drive E: | 36,90 Gb Total Space | 24,61 Gb Free Space | 66,69% Space Free | Partition Type: NTFS

Drive G: | 999,70 Mb Total Space | 999,13 Mb Free Space | 99,94% Space Free | Partition Type: FAT

 

Computer Name: WILLI | User Name: Teproma | Logged in as Administrator.

Boot Mode: SafeMode | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "D:\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "D:\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000000-5736-4205-1000-75FF97AC5007}" = Steganos Internet Trace Destructor 7.1.1

"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{1C27C64B-D5CF-4881-A310-0BD2A0D21927}" = ElsterFormular 2005/2006

"{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home

"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition

"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9AA7D28F-7C66-45BD-95C0-BEC00CEFD34A}" = Matrox PowerDesk-SE

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch

"{B0FEAA5C-88C8-4E1C-9C6E-B1F5AEA035BF}" = AirPro Utility

"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008

"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation

"{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007

"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver

"{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Avira AntiVir Desktop" = Avira Premium Security Suite

"AVM ISDN CAPI Port" = AVM ISDN CAPI Port

"CANONBJ_Deinstall_CNMCP2J.DLL" = BJC-6200

"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200

"CCleaner" = CCleaner (remove only)

"C-Media Audio Driver" = C-Media WDM Audio Driver

"ElsterFormular 11.4.1.4323" = ElsterFormular Upgrade

"FRITZ! 2.0" = AVM FRITZ!

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"IE7pro_is1" = IE7pro

"ie8" = Windows Internet Explorer 8

"InstallShield_{26595B84-25F5-43E2-9696-B1720E813850}" = WZCBDL Service

"InstallShield_{B0FEAA5C-88C8-4E1C-9C6E-B1F5AEA035BF}" = AirPro Utility

"InstallShield_{BCF4E5BE-C249-4ED3-BA3B-C4257C743995}" = NIOC Service

"Matrox Graphics Uninstaller" = Matrox Graphics Software (remove only)

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"PowerShell" = Windows PowerShell(TM) 1.0

"RegHealer_is2" = Registry Healer 4.5.0 uninstall

"sPlan_70_is1" = sPlan 7.0

"VirtualCloneDrive" = VirtualCloneDrive

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinZip" = WinZip

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.09.2011 09:43:00 | Computer Name = WILLI | Source = ESENT | ID = 485

Description = wuauclt (2784) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb"

 zu löschen, ist mit Systemfehler 5 (0x00000005): "Zugriff verweigert " fehlgeschlagen.

 Fehler -1032 (0xfffffbf8) beim Löschen von Dateien.

 

[ System Events ]

Error - 04.10.2011 06:06:48 | Computer Name = WILLI | Source = SRService | ID = 104

Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

 

Error - 04.10.2011 06:06:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler

 beendet:   %%5

 

Error - 04.10.2011 06:08:40 | Computer Name = WILLI | Source = SRService | ID = 104

Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.

 

Error - 04.10.2011 06:09:36 | Computer Name = WILLI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "Umgebung

 für die AFD-Netzwerkunterstützung" abhängig, der aufgrund folgenden Fehlers nicht

 gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7001

Description = Der Dienst "QoS-RSVP" ist vom Dienst "Umgebung für die AFD-Netzwerkunterstützung"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   AFD  avfwot  avgio  avipbb  Fips  intelppm  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  ssmdrv  Tcpip  WS2IFSL

 

Error - 04.10.2011 06:09:53 | Computer Name = WILLI | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler

 beendet:   %%5

 

 

< End of report >

--- --- ---