Trojaner-Board - Security Tool geht nicht zu löschen ! Alles bekannte probiert.

OTL.log:

OTL Logfile:
OTL EXTRAS Logfile:

Code:

OTL logfile created on: 16.08.2010 13:52:51 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\stock\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 14,65 Gb Total Space | 2,61 Gb Free Space | 17,84% Space Free | Partition Type: NTFS

Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 10,04 Gb Total Space | 0,67 Gb Free Space | 6,67% Space Free | Partition Type: NTFS

Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STOCK-52C3433DF

Current User Name: stock

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

PRC - D:\Programme\TortoiseSVN\bin\TSVNCache.exe (hxxp://tortoisesvn.net)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)

PRC - C:\WINDOWS\system32\bcd2kcpan.exe (Behringer Spezielle Studiotechnik GmbH)

PRC - D:\Programme\Winamp\winampa.exe (Nullsoft)

PRC - C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)

PRC - C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()

PRC - C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()

PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)

PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)

PRC - C:\Programme\cherry-sms.com\cherry-sms_client.exe (cherry-sms.de)

PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

PRC - D:\Programme\TeXnicCenter\TEXCNTR.EXE (TeXnicCenter.org (www.TeXnicCenter.org))

PRC - C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

PRC - C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

PRC - C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe (Lenovo Group Limited)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()

PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

PRC - C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

PRC - C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Power Manager DBC Service) -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe ()

SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)

SRV - (Tomcat5) -- C:\Tomcat 5.5\bin\tomcat5.exe (Apache Software Foundation)

SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)

SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)

SRV - (TVT Scheduler) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe (Lenovo Group Limited)

SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)

SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)

SRV - (S24EventMonitor) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )

SRV - (EvtEng) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)

SRV - (RegSrvc) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)

SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()

SRV - (SoundMAX Agent Service (default)) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (LVRS) -- C:\WINDOWS\System32\DRIVERS\lvrs.sys File not found

DRV - (catchme) -- C:\Combo-Fix\catchme.sys File not found

DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (BCD2000) -- C:\WINDOWS\system32\drivers\BCD2000.SYS (Behringer Spezielle Studiotechnik GmbH)

DRV - (BCD2000WDM) -- C:\WINDOWS\system32\drivers\BCD2000WDM.SYS (Behringer Spezielle Studiotechnik GmbH)

DRV - (TPPWRIF) -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS ()

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)

DRV - (azvusb) -- C:\WINDOWS\system32\drivers\azvusb.sys (AzureWave Technologies, Inc.)

DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)

DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)

DRV - (Ltn_stk7070P) -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys (LITEON)

DRV - (Ltn_stkrc) -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys (LITEON)

DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)

DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.)

DRV - (echondgo) -- C:\WINDOWS\system32\drivers\echondgo.sys (Echo Digital Audio Corp.)

DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()

DRV - (psadd) -- C:\WINDOWS\system32\drivers\psadd.sys (Lenovo (United States) Inc.)

DRV - (TPDiskPM) -- C:\WINDOWS\System32\drivers\TPDiskPM.sys (Lenovo, Ltd. and IBM Corporation)

DRV - (TPInput) -- C:\WINDOWS\system32\drivers\TPInput.sys (Lenovo, Ltd. and IBM Corporation.)

DRV - (TPM) -- C:\WINDOWS\system32\drivers\tpm.sys (Winbond Electronics Corp.)

DRV - (TPHKDRV) -- C:\WINDOWS\System32\drivers\TPHKDRV.sys (IBM Corporation)

DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)

DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)

DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.07.01 12:43:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.08.16 11:17:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.07.16 15:17:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins

 

[2010.07.16 15:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions

[2010.07.16 15:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.08.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions

[2010.01.20 15:05:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.02 01:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.04.10 19:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\DeviceDetection@logitech.com

[2010.08.14 15:44:31 | 000,000,958 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\searchplugins\icqplugin.xml

 

O1 HOSTS File: ([2010.08.16 10:06:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BCD2000] C:\WINDOWS\system32\bcd2kcpan.exe (Behringer Spezielle Studiotechnik GmbH)

O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [{228EFE0D-4C82-56F5-24E4-D2A85FCAA466}] C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite\unqa.exe File not found

O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Gemeinsame Dateien\PCTV Systems\RemoTerm\RemoTerm.exe File not found

O4 - HKCU..\Run: [Slevejabiv] C:\WINDOWS\utetbd32.DLL File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.12.19 16:18:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.04.23 15:01:48 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ]

O32 - AutoRun File - [2006.08.08 09:59:46 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]

O32 - AutoRun File - [2009.12.19 14:25:02 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{89a5acba-7975-11df-901b-0012f0eb6c5f}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.08.16 13:52:23 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe

[2010.08.16 12:22:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2010.08.16 12:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage

[2010.08.16 12:16:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010.08.16 12:16:27 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll

[2010.08.16 12:16:26 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll

[2010.08.16 12:16:23 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010.08.16 12:16:23 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2010.08.16 12:16:08 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll

[2010.08.16 12:16:05 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll

[2010.08.16 12:16:05 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll

[2010.08.16 12:16:05 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll

[2010.08.16 12:16:05 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll

[2010.08.16 12:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs

[2010.08.16 12:16:02 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[2010.08.16 12:15:16 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll

[2010.08.16 12:15:16 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll

[2010.08.16 12:15:16 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll

[2010.08.16 11:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.08.16 11:17:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

[2010.08.16 11:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2010.08.16 11:17:10 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.08.16 11:17:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.08.16 11:17:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.08.16 11:16:41 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs

[2010.08.16 11:16:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2010.08.16 10:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010.08.16 09:41:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.08.16 09:39:31 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.08.16 09:32:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.08.16 09:32:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.08.16 09:32:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.08.15 19:11:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.08.14 14:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.08.14 14:27:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2010.08.14 14:02:01 | 000,000,000 | ---D | C] -- C:\Programme\trend micro

[2010.08.14 14:01:59 | 000,000,000 | ---D | C] -- C:\rsit

[2010.08.14 12:05:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010.08.14 12:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia

[2010.08.14 12:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2010.08.14 11:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\security tool

[2010.08.13 14:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com

[2010.08.13 14:33:19 | 000,000,000 | ---D | C] -- C:\Programme\cherry-sms.com

[2010.08.12 22:49:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\Bachelor

[2010.08.12 22:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\xxx

[2010.08.10 02:45:24 | 000,000,000 | ---D | C] -- C:\Programme\VodBurner

[2010.08.10 02:45:17 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\stock\Eigene Dateien\VodBurner

[2010.08.10 01:37:04 | 000,490,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll

[2010.08.10 01:37:03 | 001,279,000 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LV302V32.SYS

[2010.08.10 01:37:03 | 000,465,432 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll

[2010.08.10 01:37:03 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll

[2010.08.10 01:36:07 | 000,195,096 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1150.dll

[2010.08.10 01:36:07 | 000,041,752 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys

[2010.08.10 01:36:07 | 000,013,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lv302af.sys

[2010.08.10 01:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\LogiShrd

[2010.08.05 13:35:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\stock\Recent

[2010.08.05 13:31:52 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.08.04 20:46:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Malwarebytes

[2010.08.04 20:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.08.04 20:46:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.08.04 20:46:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.08.04 20:46:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.08.04 18:01:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Personal

[2010.07.21 12:19:26 | 000,000,000 | ---D | C] -- C:\lucene

[2010.07.20 12:57:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.08.16 13:52:26 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe

[2010.08.16 12:18:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010.08.16 12:17:01 | 000,426,779 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.16 12:16:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010.08.16 12:14:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.08.16 12:14:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.08.16 12:14:40 | 1609,027,584 | -HS- | M] () -- C:\hiberfil.sys

[2010.08.16 12:13:33 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\stock\NTUSER.DAT

[2010.08.16 12:13:33 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\stock\ntuser.ini

[2010.08.16 11:16:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.08.16 11:16:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.08.16 11:16:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.08.16 10:06:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.08.16 10:06:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.08.16 09:39:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.08.16 08:51:27 | 000,363,520 | ---- | M] () -- C:\deinemudder.com

[2010.08.15 19:00:45 | 003,817,550 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Combo--Fix.exe

[2010.08.15 11:49:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.08.13 14:33:20 | 000,001,633 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Cherry SMS.lnk

[2010.08.12 17:19:59 | 004,825,438 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3

[2010.08.11 14:50:09 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND

[2010.08.10 13:13:19 | 000,011,776 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.08.08 11:22:27 | 001,042,312 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.08.08 11:22:27 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.08.08 11:22:27 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.08.08 11:22:27 | 000,080,500 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.08.08 11:22:27 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.08.05 17:01:35 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u

[2010.08.05 16:26:24 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u

[2010.08.05 15:00:52 | 016,137,511 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.08.16 12:16:31 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2010.08.16 12:16:02 | 000,426,779 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.16 11:13:14 | 1609,027,584 | -HS- | C] () -- C:\hiberfil.sys

[2010.08.16 09:39:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.08.16 09:39:34 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.08.16 09:32:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.08.16 09:32:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.08.16 09:32:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.08.16 09:32:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.08.16 09:32:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.08.16 08:51:25 | 000,363,520 | ---- | C] () -- C:\deinemudder.com

[2010.08.15 19:00:00 | 003,817,550 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Combo--Fix.exe

[2010.08.13 14:33:20 | 000,001,633 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Cherry SMS.lnk

[2010.08.12 17:18:25 | 004,825,438 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3

[2010.08.10 01:36:07 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010.08.10 01:36:07 | 000,021,138 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg

[2010.08.05 17:01:34 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u

[2010.08.05 16:26:22 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u

[2010.08.03 20:48:06 | 016,137,511 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3

[2010.07.03 11:57:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009.12.19 18:52:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2009.12.19 17:37:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2009.12.19 17:36:40 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009.12.19 16:29:55 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2009.12.19 16:29:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007.09.06 02:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2006.02.28 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2005.11.30 21:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2005.07.06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

 
 ========== LOP Check ==========

 

[2010.04.02 01:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2009.12.24 12:40:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm

[2010.07.20 13:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCTV Systems

[2010.03.07 23:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions

[2010.04.23 14:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.03.05 00:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010.03.29 01:33:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\.purple

[2010.06.03 13:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ASCOMP Software

[2010.08.13 14:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com

[2010.08.16 13:47:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\DNA

[2010.06.17 23:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\foobar2000

[2010.02.09 21:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\gtk-2.0

[2010.07.01 13:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ICQ

[2010.04.10 20:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Leadertech

[2010.08.14 11:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Lesiw

[2010.03.14 20:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Notepad++

[2010.01.11 21:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\OpenOffice.org

[2010.03.16 13:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Software4u

[2010.03.16 00:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Subversion

[2010.07.01 22:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\TeamViewer

[2010.07.16 15:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Thunderbird

[2010.08.14 13:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite

[2010.03.07 23:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\WindSolutions

[2010.02.15 19:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\xm1

[2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

--- --- ---

[/CODE]

EXTRAS.log
OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 16.08.2010 13:52:51 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\stock\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 14,65 Gb Total Space | 2,61 Gb Free Space | 17,84% Space Free | Partition Type: NTFS

Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 10,04 Gb Total Space | 0,67 Gb Free Space | 6,67% Space Free | Partition Type: NTFS

Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STOCK-52C3433DF

Current User Name: stock

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- File not found

"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- File not found

"C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- File not found

"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)

"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Tomcat 5.5\bin\tomcat5.exe" = C:\Tomcat 5.5\bin\tomcat5.exe:*:Enabled:Service Runner -- (Apache Software Foundation)

"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{024D73F0-1C49-2340-8AC3-5234AAA560C0}" = ccc-core-static

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = ThinkPad SATA Power Management Driver

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{24F9E04D-4CD5-3979-76F9-C1C6E78471AB}" = CCC Help Italian

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver

"{3305E24F-1192-0424-8A25-39713FD92728}" = Skins

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3DA7A736-0B03-565C-1139-83FE890F0AF3}" = CCC Help French

"{43A1FE83-D39F-3779-8D48-D6D19EE7AC48}" = CCC Help Chinese Traditional

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B6A3B5E-D26E-4690-A061-F3E2FB10F0E5}" = TortoiseSVN 1.6.9.19725 (32 bit)

"{4CC04CB8-422A-4940-A5C9-90F233690509}_is1" = SRWare Iron 3.0.197.0

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision

"{66CA5E58-0D03-A75D-16EF-68258DE0DFC3}" = CCC Help English

"{6BC292E6-5C85-4620-C1D0-A2FEAFD5D135}" = CCC Help Japanese

"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{7579A17B-0E6C-9EF3-D022-30729A24B399}" = CCC Help Chinese Standard

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7BAA2000-5B8D-66DD-DBE7-089671AC118B}" = ccc-utility

"{7C2BD022-2B09-1F6D-D6C1-AD2A591E7537}" = Catalyst Control Center Core Implementation

"{806DB796-7082-C63F-284E-62245284A417}" = CCC Help Dutch

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) 

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3E23D97-145F-29BF-81DE-DAEC1E5AB237}" = Catalyst Control Center Graphics Full New

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A8FA2AC0-3875-B59F-917F-719982FB1BE8}" = CCC Help Portuguese

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch

"{AE1A0B0E-2EC7-656A-711A-0E7E8D4AB5CF}" = CCC Help Spanish

"{B016DE7B-CA2D-5EFD-9591-A109E67119BD}" = CCC Help Swedish

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4A92EF9-D14C-937F-742E-D272938DC590}" = CCC Help Korean

"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 5.0.381

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D702172D-8D17-D9EC-B661-42FA268575AF}" = Catalyst Control Center Localization All

"{DAA3F236-CEEC-C6CC-12C2-AB1B75C8BC09}" = CCC Help German

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{E09CEE8B-1DCD-C628-A8EA-2B56D61DDEFA}" = ccc-core-preinstall

"{E25E4542-4ACB-4062-9F34-9DFE136BCBF3}" = Now Playing Plugin for Windows Live Writer

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F3439243-1BAC-7250-D346-2642655F95ED}" = Catalyst Control Center Graphics Full Existing

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF2AFF73-099E-0BB5-AE87-B044D3D7DE78}" = Catalyst Control Center Graphics Light

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)

"Aspell" = Aspell Data

"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)

"ATI Display Driver" = ATI Display Driver

"CCleaner" = CCleaner

"cherry-sms" = Cherry SMS Client

"Echo Indigo" = Echo Indigo

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"foobar2000" = foobar2000 v1.0

"GNU Aspell_is1" = GNU Aspell 0.50-3

"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.24567

"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"MiKTeX 2.8" = MiKTeX 2.8

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)

"Notepad++" = Notepad++

"PokerStars" = PokerStars

"Power Management Driver" = ThinkPad Power Management Driver

"Presentation Director" = ThinkPad-Präsentationsdirektor

"ProInst" = Intel(R) PROSet/Wireless Software

"Secure Eraser_is1" = Secure Eraser v3.1

"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver

"TeamViewer 5" = TeamViewer 5

"Texmaker" = Texmaker

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"VLC media player" = VLC media player 1.0.5

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR

"winscp3_is1" = WinSCP 4.2.5

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"ZoneAlarm" = ZoneAlarm

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent DNA" = DNA

"Winamp Detect" = Winamp Anwendungserkennung

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 24609

 

Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 24609

 

Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 26578

 

Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 26578

 

Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 28734

 

Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 28734

 

Error - 14.08.2010 13:52:12 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung 86l99wpf.exe, Version 1.0.15.15281, fehlgeschlagenes

 Modul 86l99wpf.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.

 

Error - 15.08.2010 05:32:19 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes

 Modul iron.dll, Version 5.0.381.0, Fehleradresse 0x00482030.

 

[ System Events ]

Error - 16.08.2010 04:06:41 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 16.08.2010 04:07:55 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   Fips  intelppm  TPHKDRV  TPPWRIF  TSMAPIP

 

Error - 16.08.2010 04:21:37 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.08.2010 04:21:42 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.08.2010 04:21:49 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.08.2010 05:12:09 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   IntelIde

 

Error - 16.08.2010 06:15:07 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 16.08.2010 06:15:10 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   IntelIde

 

 

< End of report >

--- --- ---

guuut. dann bier der ESET.log
Kann ich nach dem ESET scan die gefundenen Dateien löschen lassen ? Also "delete quarantined files" ??

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=92f2867786644145832142370f95aff3

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-08-16 01:28:24

# local_time=2010-08-16 03:28:24 (+0100, Westeuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 166545 166545 0 0

# compatibility_mode=8192 67108863 100 0 206 206 0 0

# compatibility_mode=9217 16777214 75 66 507 4231591 0 0

# scanned=297436

# found=9

# cleaned=9

# scan_time=10946

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\rasacd.sys.vir        Win32/Olmarik.ZC trojan (cleaned - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{46A85308-0170-4DE1-A674-F327EDBED481}\RP179\A0037341.exe        Win32/Spy.Zbot.YW trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

C:\System Volume Information\_restore{46A85308-0170-4DE1-A674-F327EDBED481}\RP182\A0042571.sys        Win32/Olmarik.ZC trojan (cleaned - quarantined)        00000000000000000000000000000000        C

G:\System Volume Information\_restore{5965F3FA-E43B-4ADC-8200-1C14F5627618}\RP3\A0000178.inf        INF/Conficker worm (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

G:\System Volume Information\_restore{B8C4B9F8-8B72-4CDF-9374-6FD4EC9AFC4F}\RP98\A0032258.EXE        probably a variant of Win32/Spy.Goldun.DMRGYIC trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

G:\mukke\older than 2009\Mix\reaktor_5_keygen.exe        probably a variant of Win32/Agent.JKXAYGP trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

G:\mukke\older than 2009\Mukke NEU download\Neuer Ordner\Traktor DJ Studio 3\Traktor DJ Studio 3\dlm-nitv3kgn.rar        probably a variant of Win32/Spy.Goldun.DMRGYIC trojan (deleted - quarantined)        00000000000000000000000000000000        C

G:\mukke\older than 2009\Mukke NEU download\Neuer Ordner\Traktor DJ Studio 3\Traktor DJ Studio 3\TRAKTOR_DJ_STUDIO_3_KEYGEN.EXE        probably a variant of Win32/Spy.Goldun.DMRGYIC trojan (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

G:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx        Win32/Conficker.AA worm (cleaned by deleting - quarantined)        00000000000000000000000000000000        C

Code:

OTL logfile created on: 16.08.2010 15:37:26 - Run 4

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\stock\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 14,65 Gb Total Space | 2,57 Gb Free Space | 17,53% Space Free | Partition Type: NTFS

Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 10,04 Gb Total Space | 0,34 Gb Free Space | 3,39% Space Free | Partition Type: NTFS

Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STOCK-52C3433DF

Current User Name: stock

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Processes (SafeList) ==========

 

PRC - [2010.08.16 15:34:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe

PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe

PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe

PRC - [2010.06.24 17:28:04 | 001,069,056 | ---- | M] (SRWare) -- D:\Programme\SRWare Iron\iron.exe

PRC - [2010.06.18 19:38:22 | 000,619,800 | ---- | M] (hxxp://tortoisesvn.net) -- D:\Programme\TortoiseSVN\bin\TSVNCache.exe

PRC - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010.06.09 10:06:33 | 000,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2010.02.27 18:28:08 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\DNA\btdna.exe

PRC - [2009.12.19 18:40:04 | 000,532,480 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) -- C:\WINDOWS\system32\bcd2kcpan.exe

PRC - [2009.12.18 02:31:52 | 001,551,712 | ---- | M] (Nullsoft) -- D:\Programme\Winamp\winamp.exe

PRC - [2009.12.18 02:30:48 | 000,039,424 | ---- | M] (Nullsoft) -- D:\Programme\Winamp\winampa.exe

PRC - [2009.10.26 15:45:46 | 000,542,272 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe

PRC - [2009.10.26 15:45:38 | 000,843,032 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

PRC - [2009.10.23 02:04:00 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe

PRC - [2009.08.24 14:43:54 | 000,038,176 | ---- | M] (Lenovo) -- C:\WINDOWS\system32\ibmpmsvc.exe

PRC - [2009.07.08 21:12:06 | 000,337,184 | ---- | M] (Lenovo.) -- C:\WINDOWS\system32\TpShocks.exe

PRC - [2009.07.03 15:49:12 | 000,581,632 | ---- | M] (cherry-sms.de) -- C:\Programme\cherry-sms.com\cherry-sms_client.exe

PRC - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe

PRC - [2009.03.19 18:11:24 | 001,138,688 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\LastFM.exe

PRC - [2008.10.08 03:38:00 | 000,256,576 | ---- | M] (Lenovo Group Ltd.) -- C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE

PRC - [2008.03.04 11:34:20 | 000,487,424 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe

PRC - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe

PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe

PRC - [2006.10.02 11:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

PRC - [2006.05.30 16:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

PRC - [2006.02.28 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2005.07.05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

PRC - [2005.02.18 08:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe

PRC - [2005.02.18 08:03:38 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe

PRC - [2005.02.18 08:02:24 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2004.11.08 12:17:56 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2004.10.14 10:11:10 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe

PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2010.08.16 15:34:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe

MOD - [2006.02.28 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2006.02.28 14:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

MOD - [2004.11.08 12:17:50 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)

SRV - [2010.06.10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2009.10.23 02:04:00 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)

SRV - [2009.08.24 14:43:54 | 000,038,176 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)

SRV - [2009.07.24 21:35:48 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5)

SRV - [2009.06.29 14:51:00 | 000,039,976 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\WINDOWS\system32\TPHDEXLG.exe -- (TPHDEXLGSVC)

SRV - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService)

SRV - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler)

SRV - [2007.10.19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)

SRV - [2005.02.18 08:05:30 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)

SRV - [2005.02.18 08:03:38 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)

SRV - [2005.02.18 08:02:24 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)

SRV - [2005.01.25 14:35:34 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)

SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\lvrs.sys -- (LVRS)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)

DRV - [2010.05.13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)

DRV - [2009.12.19 18:40:04 | 000,042,400 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCD2000.SYS -- (BCD2000)

DRV - [2009.12.19 18:40:04 | 000,021,632 | ---- | M] (Behringer Spezielle Studiotechnik GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCD2000WDM.SYS -- (BCD2000WDM)

DRV - [2009.10.23 02:04:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)

DRV - [2009.09.29 17:06:14 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)

DRV - [2009.08.24 14:43:54 | 000,024,872 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys -- (IBMPMDRV)

DRV - [2009.08.24 09:14:30 | 000,044,544 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\azvusb.sys -- (azvusb)

DRV - [2009.06.29 14:51:04 | 000,117,800 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)

DRV - [2009.06.29 14:51:02 | 000,020,520 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)

DRV - [2007.10.19 09:37:56 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P)

DRV - [2007.10.19 09:37:56 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc)

DRV - [2007.10.12 04:00:42 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007.10.12 03:55:58 | 001,279,000 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2007.10.12 03:55:58 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter)

DRV - [2007.10.11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007.10.06 01:07:20 | 000,133,760 | ---- | M] (Echo Digital Audio Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\echondgo.sys -- (echondgo)

DRV - [2007.03.09 03:57:02 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)

DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)

DRV - [2006.09.26 15:13:00 | 000,014,848 | ---- | M] (Lenovo, Ltd. and IBM Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPDiskPM.sys -- (TPDiskPM)

DRV - [2006.09.26 15:13:00 | 000,006,528 | ---- | M] (Lenovo, Ltd. and IBM Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TPInput.sys -- (TPInput)

DRV - [2005.10.09 22:35:28 | 000,017,792 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tpm.sys -- (TPM)

DRV - [2005.07.05 15:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)

DRV - [2005.02.14 09:00:10 | 003,255,168 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)

DRV - [2004.11.08 12:12:48 | 000,177,504 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)

DRV - [2004.10.15 11:20:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2004.08.04 00:00:52 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA)

DRV - [2004.08.03 23:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)

DRV - [2004.08.03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2

FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: D:\Programme\Mozilla Firefox\components [2010.07.01 12:43:54 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2010.08.16 11:17:10 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2010.07.16 15:17:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: D:\Programme\Mozilla Thunderbird\plugins

 

[2010.07.16 15:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions

[2010.07.16 15:13:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.08.14 15:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions

[2010.01.20 15:05:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.04.02 01:04:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.04.10 19:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\extensions\DeviceDetection@logitech.com

[2010.08.14 15:44:31 | 000,000,958 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Mozilla\Firefox\Profiles\qu8s5iza.default\searchplugins\icqplugin.xml

 

O1 HOSTS File: ([2010.08.16 10:06:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BCD2000] C:\WINDOWS\system32\bcd2kcpan.exe (Behringer Spezielle Studiotechnik GmbH)

O4 - HKLM..\Run: [EZEJMNAP] C:\Programme\ThinkPad\Utilities\EZEJMNAP.EXE (Lenovo Group Ltd.)

O4 - HKLM..\Run: [PWRMGRTR] C:\Programme\ThinkPad\Utilities\PWRMGRTR.DLL (Lenovo Group Limited)

O4 - HKLM..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)

O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()

O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)

O4 - HKLM..\Run: [TVT Scheduler Proxy] C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\scheduler_proxy.exe (Lenovo Group Limited)

O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\winampa.exe (Nullsoft)

O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [{228EFE0D-4C82-56F5-24E4-D2A85FCAA466}] C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite\unqa.exe File not found

O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKCU..\Run: [ICQ] D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [RemoTerm.exe] C:\Programme\Gemeinsame Dateien\PCTV Systems\RemoTerm\RemoTerm.exe File not found

O4 - HKCU..\Run: [Slevejabiv] C:\WINDOWS\utetbd32.DLL File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()

O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.12.19 16:18:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2010.04.23 15:01:48 | 000,000,000 | ---D | M] - F:\Automatisch zu iTunes hinzufügen -- [ NTFS ]

O32 - AutoRun File - [2006.08.08 09:59:46 | 000,000,000 | ---D | M] - G:\autorun -- [ FAT32 ]

O32 - AutoRun File - [2009.12.19 14:25:02 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ FAT32 ]

O33 - MountPoints2\{89a5acba-7975-11df-901b-0012f0eb6c5f}\Shell\AutoRun\command - "" = G:\Menu.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.08.16 15:34:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe

[2010.08.16 12:22:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2010.08.16 12:17:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage

[2010.08.16 12:16:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010.08.16 12:16:27 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll

[2010.08.16 12:16:26 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll

[2010.08.16 12:16:23 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll

[2010.08.16 12:16:23 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll

[2010.08.16 12:16:08 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll

[2010.08.16 12:16:05 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll

[2010.08.16 12:16:05 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll

[2010.08.16 12:16:05 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll

[2010.08.16 12:16:05 | 000,107,520 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll

[2010.08.16 12:16:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs

[2010.08.16 12:16:02 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[2010.08.16 12:15:16 | 000,713,728 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll

[2010.08.16 12:15:16 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll

[2010.08.16 12:15:16 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll

[2010.08.16 11:40:48 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010.08.16 11:17:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun

[2010.08.16 11:17:33 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java

[2010.08.16 11:17:10 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.08.16 11:17:10 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.08.16 11:17:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.08.16 11:17:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.08.16 11:16:41 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs

[2010.08.16 11:16:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs

[2010.08.16 10:09:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp

[2010.08.16 09:41:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.08.16 09:39:31 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.08.16 09:32:39 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.08.16 09:32:39 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.08.16 09:32:39 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.08.15 19:11:48 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.08.14 14:28:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.08.14 14:27:50 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2010.08.14 14:02:01 | 000,000,000 | ---D | C] -- C:\Programme\trend micro

[2010.08.14 14:01:59 | 000,000,000 | ---D | C] -- C:\rsit

[2010.08.14 12:05:13 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010.08.14 12:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia

[2010.08.14 12:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe

[2010.08.14 11:56:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\security tool

[2010.08.13 14:33:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com

[2010.08.13 14:33:19 | 000,000,000 | ---D | C] -- C:\Programme\cherry-sms.com

[2010.08.12 22:49:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\Bachelor

[2010.08.12 22:29:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Desktop\xxx

[2010.08.10 02:45:24 | 000,000,000 | ---D | C] -- C:\Programme\VodBurner

[2010.08.10 02:45:17 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\stock\Eigene Dateien\VodBurner

[2010.08.10 01:37:04 | 000,490,008 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2.dll

[2010.08.10 01:37:03 | 001,279,000 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LV302V32.SYS

[2010.08.10 01:37:03 | 000,465,432 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\LVUI2RC.dll

[2010.08.10 01:37:03 | 000,416,280 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvcodec2.dll

[2010.08.10 01:36:07 | 000,195,096 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\lvci1150.dll

[2010.08.10 01:36:07 | 000,041,752 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVUSBSta.sys

[2010.08.10 01:36:07 | 000,013,848 | ---- | C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\lv302af.sys

[2010.08.10 01:35:21 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\LogiShrd

[2010.08.05 13:35:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\stock\Recent

[2010.08.05 13:31:52 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner

[2010.08.04 20:46:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Malwarebytes

[2010.08.04 20:46:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.08.04 20:46:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2010.08.04 20:46:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.08.04 20:46:29 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.08.04 18:01:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\Personal

[2010.07.21 12:19:26 | 000,000,000 | ---D | C] -- C:\lucene

[2010.07.20 12:57:48 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.08.16 15:34:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\stock\Desktop\OTL.exe

[2010.08.16 12:18:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job

[2010.08.16 12:17:01 | 000,426,779 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.16 12:16:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat

[2010.08.16 12:14:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.08.16 12:14:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.08.16 12:14:40 | 1609,027,584 | -HS- | M] () -- C:\hiberfil.sys

[2010.08.16 12:13:33 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\stock\NTUSER.DAT

[2010.08.16 12:13:33 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\stock\ntuser.ini

[2010.08.16 11:16:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2010.08.16 11:16:44 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2010.08.16 11:16:44 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2010.08.16 11:16:44 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2010.08.16 10:06:33 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.08.16 10:06:26 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.08.16 09:39:36 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.08.16 08:51:27 | 000,363,520 | ---- | M] () -- C:\deinemudder.com

[2010.08.15 11:49:53 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.08.12 17:19:59 | 004,825,438 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3

[2010.08.11 14:50:09 | 000,000,600 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND

[2010.08.10 13:13:19 | 000,011,776 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.08.08 11:22:27 | 001,042,312 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.08.08 11:22:27 | 000,449,044 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.08.08 11:22:27 | 000,432,690 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.08.08 11:22:27 | 000,080,500 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.08.08 11:22:27 | 000,067,646 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.08.05 17:01:35 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u

[2010.08.05 16:26:24 | 000,000,031 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u

[2010.08.05 15:00:52 | 016,137,511 | ---- | M] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.08.16 12:16:31 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2010.08.16 12:16:02 | 000,426,779 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2010.08.16 11:13:14 | 1609,027,584 | -HS- | C] () -- C:\hiberfil.sys

[2010.08.16 09:39:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.08.16 09:39:34 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.08.16 09:32:39 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.08.16 09:32:39 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.08.16 09:32:39 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.08.16 09:32:39 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.08.16 09:32:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.08.16 08:51:25 | 000,363,520 | ---- | C] () -- C:\deinemudder.com

[2010.08.12 17:18:25 | 004,825,438 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Solala.mp3

[2010.08.10 01:36:07 | 000,059,500 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010.08.10 01:36:07 | 000,021,138 | ---- | C] () -- C:\WINDOWS\System32\Repository.reg

[2010.08.05 17:01:34 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\neon.m3u

[2010.08.05 16:26:22 | 000,000,031 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\eins.m3u

[2010.08.03 20:48:06 | 016,137,511 | ---- | C] () -- C:\Dokumente und Einstellungen\stock\Desktop\Bibio_Lovers_Carvings_-_Catz_n.mp3

[2010.07.03 11:57:05 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll

[2009.12.19 18:52:14 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2009.12.19 17:37:28 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS

[2009.12.19 17:36:40 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS

[2009.12.19 16:29:55 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2009.12.19 16:29:55 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2007.09.06 02:01:22 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll

[2007.08.23 18:55:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll

[2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest

[2007.08.23 18:50:04 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest

[2006.02.28 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys

[2005.11.30 21:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll

[2005.07.06 00:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll

 
 ========== LOP Check ==========

 

[2010.04.02 01:04:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ

[2009.12.24 12:40:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm

[2010.07.20 13:02:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCTV Systems

[2010.03.07 23:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions

[2010.04.23 14:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.03.05 00:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010.03.29 01:33:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\.purple

[2010.06.03 13:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ASCOMP Software

[2010.08.13 14:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\cherry-sms.com

[2010.08.16 15:38:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\DNA

[2010.06.17 23:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\foobar2000

[2010.02.09 21:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\gtk-2.0

[2010.07.01 13:40:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\ICQ

[2010.04.10 20:00:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Leadertech

[2010.08.14 11:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Lesiw

[2010.03.14 20:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Notepad++

[2010.01.11 21:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\OpenOffice.org

[2010.03.16 13:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Software4u

[2010.03.16 00:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Subversion

[2010.07.01 22:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\TeamViewer

[2010.07.16 15:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Thunderbird

[2010.08.14 13:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\Uvpite

[2010.03.07 23:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\WindSolutions

[2010.02.15 19:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\stock\Anwendungsdaten\xm1

[2010.08.16 12:17:36 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job

 
 ========== Purity Check ==========

 

 

< End of report >

Code:

OTL Extras logfile created on: 16.08.2010 15:37:26 - Run 4

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\stock\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free

3,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 14,65 Gb Total Space | 2,57 Gb Free Space | 17,53% Space Free | Partition Type: NTFS

Drive D: | 49,84 Gb Total Space | 2,03 Gb Free Space | 4,07% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

Drive F: | 10,04 Gb Total Space | 0,34 Gb Free Space | 3,39% Space Free | Partition Type: NTFS

Drive G: | 232,83 Gb Total Space | 13,17 Gb Free Space | 5,66% Space Free | Partition Type: FAT32

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: STOCK-52C3433DF

Current User Name: stock

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = ChromiumHTML] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\IBM\Updater\jre\bin\java.exe" = C:\Programme\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- File not found

"C:\Programme\IBM\Updater\jre\bin\javaw.exe" = C:\Programme\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- File not found

"C:\Programme\IBM\Updater\ucsmb.exe" = C:\Programme\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- File not found

"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\xampp\mysql\bin\mysqld.exe" = C:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server -- (MySQL AB)

"C:\xampp\apache\bin\httpd.exe" = C:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)

"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)

"D:\Programme\iTunes\iTunes.exe" = D:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)

"C:\Tomcat 5.5\bin\tomcat5.exe" = C:\Tomcat 5.5\bin\tomcat5.exe:*:Enabled:Service Runner -- (Apache Software Foundation)

"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)

"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{024D73F0-1C49-2340-8AC3-5234AAA560C0}" = ccc-core-static

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{0873B1A3-00A9-40D6-BACE-3DB4BC5DA840}" = ThinkPad SATA Power Management Driver

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad-Dienstprogramm 'EasyEject'

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe

"{24F9E04D-4CD5-3979-76F9-C1C6E78471AB}" = CCC Help Italian

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver

"{3305E24F-1192-0424-8A25-39713FD92728}" = Skins

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3DA7A736-0B03-565C-1139-83FE890F0AF3}" = CCC Help French

"{43A1FE83-D39F-3779-8D48-D6D19EE7AC48}" = CCC Help Chinese Traditional

"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage System für aktiven Festplattenschutz

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4B6A3B5E-D26E-4690-A061-F3E2FB10F0E5}" = TortoiseSVN 1.6.9.19725 (32 bit)

"{4CC04CB8-422A-4940-A5C9-90F233690509}_is1" = SRWare Iron 3.0.197.0

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{57FA0525-01F9-4051-8DE9-CBF43CAC68D9}" = Catalyst Control Center - Branding

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision

"{66CA5E58-0D03-A75D-16EF-68258DE0DFC3}" = CCC Help English

"{6BC292E6-5C85-4620-C1D0-A2FEAFD5D135}" = CCC Help Japanese

"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore

"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2

"{7579A17B-0E6C-9EF3-D022-30729A24B399}" = CCC Help Chinese Standard

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7BAA2000-5B8D-66DD-DBE7-089671AC118B}" = ccc-utility

"{7C2BD022-2B09-1F6D-D6C1-AD2A591E7537}" = Catalyst Control Center Core Implementation

"{806DB796-7082-C63F-284E-62245284A417}" = CCC Help Dutch

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML

"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g) 

"{A0E64EBA-8BF0-49FB-90C0-BB3D781A2016}" = ThinkPad Energie-Manager

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3E23D97-145F-29BF-81DE-DAEC1E5AB237}" = Catalyst Control Center Graphics Full New

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A8FA2AC0-3875-B59F-917F-719982FB1BE8}" = CCC Help Portuguese

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch

"{AE1A0B0E-2EC7-656A-711A-0E7E8D4AB5CF}" = CCC Help Spanish

"{B016DE7B-CA2D-5EFD-9591-A109E67119BD}" = CCC Help Swedish

"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4A92EF9-D14C-937F-742E-D272938DC590}" = CCC Help Korean

"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 5.0.381

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB3F587-BAD0-4F32-99FC-301E6F9ABAB4}" = MIDI Yoke

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D702172D-8D17-D9EC-B661-42FA268575AF}" = Catalyst Control Center Localization All

"{DAA3F236-CEEC-C6CC-12C2-AB1B75C8BC09}" = CCC Help German

"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE

"{E09CEE8B-1DCD-C628-A8EA-2B56D61DDEFA}" = ccc-core-preinstall

"{E25E4542-4ACB-4062-9F34-9DFE136BCBF3}" = Now Playing Plugin for Windows Live Writer

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F3439243-1BAC-7250-D346-2642655F95ED}" = Catalyst Control Center Graphics Full Existing

"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe

"{FF2AFF73-099E-0BB5-AE87-B044D3D7DE78}" = Catalyst Control Center Graphics Light

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software

"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)

"Aspell" = Aspell Data

"Aspell6-Dictionary-de" = Aspell 0.6 Dictionary (Language: de)

"ATI Display Driver" = ATI Display Driver

"CCleaner" = CCleaner

"cherry-sms" = Cherry SMS Client

"Echo Indigo" = Echo Indigo

"ERUNT_is1" = ERUNT 1.1j

"ESET Online Scanner" = ESET Online Scanner v3

"foobar2000" = foobar2000 v1.0

"GNU Aspell_is1" = GNU Aspell 0.50-3

"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)

"JDownloader" = JDownloader

"LastFM_is1" = Last.fm 1.5.4.24567

"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE

"MiKTeX 2.8" = MiKTeX 2.8

"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)

"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)

"Notepad++" = Notepad++

"PokerStars" = PokerStars

"Power Management Driver" = ThinkPad Power Management Driver

"Presentation Director" = ThinkPad-Präsentationsdirektor

"ProInst" = Intel(R) PROSet/Wireless Software

"Secure Eraser_is1" = Secure Eraser v3.1

"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver

"TeamViewer 5" = TeamViewer 5

"Texmaker" = Texmaker

"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1

"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier

"VLC media player" = VLC media player 1.0.5

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Windows Media Format Runtime" = Windows Media Format Runtime

"WinRAR archiver" = WinRAR

"winscp3_is1" = WinSCP 4.2.5

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"ZoneAlarm" = ZoneAlarm

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"BitTorrent DNA" = DNA

"Winamp Detect" = Winamp Anwendungserkennung

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 24609

 

Error - 13.08.2010 13:42:28 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 24609

 

Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 26578

 

Error - 13.08.2010 13:42:30 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 26578

 

Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 28734

 

Error - 13.08.2010 13:42:32 | Computer Name = STOCK-52C3433DF | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 28734

 

Error - 14.08.2010 13:52:12 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung 86l99wpf.exe, Version 1.0.15.15281, fehlgeschlagenes

 Modul 86l99wpf.exe, Version 1.0.15.15281, Fehleradresse 0x0005c887.

 

Error - 15.08.2010 05:32:19 | Computer Name = STOCK-52C3433DF | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung iron.exe, Version 0.0.0.0, fehlgeschlagenes

 Modul iron.dll, Version 5.0.381.0, Fehleradresse 0x00482030.

 

[ System Events ]

Error - 16.08.2010 04:06:41 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 16.08.2010 04:07:55 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   Fips  intelppm  TPHKDRV  TPPWRIF  TSMAPIP

 

Error - 16.08.2010 04:21:37 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.08.2010 04:21:42 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.08.2010 04:21:49 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}

 

Error - 16.08.2010 05:12:09 | Computer Name = STOCK-52C3433DF | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}

 

Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 16.08.2010 05:14:04 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   IntelIde

 

Error - 16.08.2010 06:15:07 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7023

Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 16.08.2010 06:15:10 | Computer Name = STOCK-52C3433DF | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   IntelIde

 

 

< End of report >