Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Xp startet nicht mehr - cleansweep.exe (https://www.trojaner-board.de/91051-xp-startet-mehr-cleansweep-exe.html)

nickel 23.09.2010 15:05
Xp startet nicht mehr - cleansweep.exe
 
Hallo zusammen,

erstmal hoffe ich, das richtige Forum gewäklt zu haben.
Ich habe folgendes Problem:
Gestern wollte ich meinen Pc wie üblich hochfahren und musste feststellen, dass meine internen Laptopmaus nicht mehr funktioniert. Ich habe dann die Synapticstreiber deinstalliert und dann neu aufgespielt, worauf dieses Problem behoben war.
Nun habe ich aber das Problem, dass immer wenn ich den Pc runterfahre kurz bevor er sich ausschaltet (habe Windows XP und es geschieht immer beim Punkt "Einstellungen speichern") die Numlock Taste aktiviert und ich beim nächsten Bootvorgang jedes Mal beim Windows XP Startbildschirm (mit den blauen Balken) hängen bleibe. Ich habe dann mal einen Virenscan durchgeführt und dabei neben einem Haufen anderer Viren und Würmer (ich war die letzte Woche gezwungenermaßen in vielen unsichern, weil nicht kennwortgeschützten W Lan Netzen unterwegs) auch "cleansweep.exe" gefunden. Ich habe dann bei google gesucht und bin auf dieses Forum gestoßen. Habe mir Malwarebytes runtergeladen und einen vollständigen Suchlauf gemacht und dasselbe mit meinem Antiviren Programm Antivir. Geändert hat sich dadurch leider nichts, der cleansweep Ordner ist zwar weg, allerdings hat es sich nun glaube ich in der Registry eingenistet (siehe Hijack Logfile). Komischerweise kann ich so jedes dritte Mal, wenn ich davor komplett die Stromzufuhr unterbreche (auch Akku aus dem Laptop) und im Batteriebetrieb starte, eigentlich ganz normal booten.
Ich hoffe auf eure Hilfe und dass ich das Problem ausreichend genau geschildert habe!
Merci schonmal im Voraus
der nickel

cosinus 23.09.2010 16:14
Hallo und :hallo:

Poste bitte alle Logfiles von malwarebytes und AntiVir!

nickel 23.09.2010 19:49
Bitte sehr:
Das erste ist das Antivir Protokoll, weil ich das als erstes erstellt habe.
Das zweite ist das von Malwarebyte...
Hoffe es hilft weiter!

cosinus 23.09.2010 20:11
Im Log steht, dass nichts gemacht wurde. hast Du alle Funde mit malwarebytes entfernt?

nickel 23.09.2010 20:18
Ja ich bin auf alle entfernen gegangen...

cosinus 23.09.2010 20:20
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

nickel 23.09.2010 20:32
Bitte sehr...OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 23.09.2010 21:27:51 - Run 2
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Dokumente und Einstellungen\Hammann\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 459,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 30,21 Gb Total Space | 4,50 Gb Free Space | 14,89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 108,83 Gb Total Space | 2,25 Gb Free Space | 2,07% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: NOTEBOOK_CH
Current User Name: Hammann
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9420:TCP" = 9420:TCP:*:Enabled:RSP
"38679:TCP" = 38679:TCP:*:Enabled:TCP
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- File not found
"C:\Programme\CyberLink\PowerCinema\PowerCinema.exe" = C:\Programme\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- (CyberLink Corp.)
"E:\Programme\Age of Empire II\age2_x1 k.exe" = E:\Programme\Age of Empire II\age2_x1 k.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Emule\emule.exe" = C:\Programme\Emule\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\LimeWire 4.2.6 Pro\LimeWire.exe" = C:\Programme\LimeWire 4.2.6 Pro\LimeWire.exe:*:Enabled:LimeWire -- (LimeWire, LLC)
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Programme\CuteSoft\NetSkat\Netskat.exe" = C:\Programme\CuteSoft\NetSkat\Netskat.exe:*:Enabled:NetSkat. Exe-Datei -- (CuteSoft, Gerlinde und Michael Fischer)
"C:\Programme\RSSoft\RSEDNClient.exe" = C:\Programme\RSSoft\RSEDNClient.exe:*:Enabled:RSEDNClient -- File not found
"E:\Programme\Commandos 3 - Destination Berlin\Commandos3.exe" = E:\Programme\Commandos 3 - Destination Berlin\Commandos3.exe:*:Enabled:Commandos3 -- ()
"C:\Programme\Mozilla Firefox\plugins\alhlp.exe" = C:\Programme\Mozilla Firefox\plugins\alhlp.exe:*:Enabled:Anti-Leech plugin helper program -- File not found
"C:\Programme\NetPumper\NetPumper.exe" = C:\Programme\NetPumper\NetPumper.exe:*:Enabled:NetPumper download manager -- File not found
"C:\Programme\SFT Loader\leecher.exe" = C:\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- File not found
"C:\Downloads\3D Luder\3D Luder\iWeb\iws.exe" = C:\Downloads\3D Luder\3D Luder\iWeb\iws.exe:*:Enabled:.Web -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\FIFA 2005\fifa2005.exe" = C:\Programme\FIFA 2005\fifa2005.exe:*:Enabled:fifa2005 -- File not found
"E:\Programme\Nights of the old Republic 2\swupdate.exe" = E:\Programme\Nights of the old Republic 2\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program -- File not found
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"E:\Programme\Command and Conquer Generäle\game.dat" = E:\Programme\Command and Conquer Generäle\game.dat:*:Enabled:game -- ()
"E:\Programme\Jedi Night- Jedi Academy\GameData\jamp.exe" = E:\Programme\Jedi Night- Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"C:\Programme\PPLive\PPLive.exe" = C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive -- ()
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found
"E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"C:\Programme\PPStream\PPStream.exe" = C:\Programme\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\PPMate\ppmate.exe" = C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate -- ()
"C:\Programme\PPMate\ppmnet.exe" = C:\Programme\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found
"C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\Abischnitt_2007\PPStream.exe" = C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\Abischnitt_2007\PPStream.exe:*:Enabled:PPStream media stream player -- (PPStream.com)
"C:\Programme\LeechFTP\Leechftp.exe" = C:\Programme\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- (jan debis)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process  -- (Nokia Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\Programme\FIFA 2001\FIFA2001.ICD" = E:\Programme\FIFA 2001\FIFA2001.ICD:*:Enabled:FIFA2001 -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast\adv\SopAdver.exe" = C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found
"C:\server.exe" = C:\server.exe:*:Disabled:server -- File not found
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\PPStream\PPSAP.exe" = C:\Programme\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:enable -- (Microsoft Corporation)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Java\jre1.5.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre1.5.0_06\bin\java.exe" = C:\Programme\Java\jre1.5.0_06\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Programme\iTunes\iTunes.exe" = E:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- ()
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Programme\SparVoip.de\SparVoip\SparVoip.exe" = C:\Programme\SparVoip.de\SparVoip\SparVoip.exe:*:Enabled:SparVoip -- (SparVoip)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}" = Nokia Software Updater
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{449801F1-65B0-46F5-B4C5-1EF464EF7214}" = Mobile Mouse Server
"{4727EB39-BB6F-4571-A0B6-AB6331D57665}" = LimeWire
"{4F928B83-3D8E-402B-8480-5C5C3BCE8040}" = OKI B410 Druckermenü-Einrichtungstool
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5E4EF02B-4C5F-4B35-AB77-41284456165A}" = Skispringen 2002
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}" = DaViDeo 3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3EC8F2C-B71B-4030-BB37-1A04BE8516FC}" = OpenOffice.org 2.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF4778F9-09D0-416C-8B8F-EF65BF169D52}" = NetSkat
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C640CAE0-8024-11D4-0090-B700902724B3}" = FIFA 2001
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0FCEDB-11AE-4D88-8633-537292C3E705}" = Commandos 3 - Destination Berlin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem  (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem  (02/15/2007 3.1)
"24h-Bildexpress" = 24h-Bildexpress
"³¬¼¶²¥°Ô" = ³¬¼¶²¥°Ô
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All Patches inkl" = All Patches inkl
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bink and Smacker" = Bink and Smacker
"bwin Poker_is1" = bwin Poker
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Catan" = Catan - Die erste Insel
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CSCLIB" = Canon Camera Support Core Library
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Exifer_is1" = Exifer
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD  (03/19/2007 6.83.31.1)
"FLVPlayer" = FLV Player 1.3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{4727EB39-BB6F-4571-A0B6-AB6331D57665}" = LimeWire
"IrfanView" = IrfanView (remove only)
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"JDownloader" = JDownloader
"LeechFTP" = LeechFTP
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP3 Butcher 1.1.99_is1" = MP3 Butcher 1.1.99
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NetSkat" = NetSkat
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Notebook Hardware Control" = Notebook Hardware Control 1.10 Beta 03
"NVEContent!UninstallKey" = NeroVision Express Content
"Pacific Poker" = Pacific Poker
"PDF Image Extraction Wizard 3.1_is1" = PDF Image Extraction Wizard 3.1
"PerformanceTest_is1" = PerformanceTest v6.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PPLive" = PPLive 1.3.20
"ppmate" = PPMate Network TV 2.0.0.39
"PPStream" = PPStream
"QuicktimeAlt_is1" = QuickTime Alternative 1.75
"ratDVD" = ratDVD 0.78.1444
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SimpleScreenshot" = SimpleScreenshot 1.40
"Skispringen 2007_0001" = Skispringen 2007
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"SopCast" = SopCast 1.1.2
"SparVoip_is1" = SparVoip
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"The KMPlayer" = The KMPlayer (remove only)
"TV Player" = Veetle TV Player 0.9.11
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Tweak UI 2.10" = Tweak UI
"TweakUI" = Tweak UI 1.33 deutsch
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV Player" = Veetle TV Player 0.9.11
"Verbindungsassistent" = Verbindungsassistent
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zwei-Stein_is1" = Zwei-Stein Video Compositor 3.01 (Beta 2).
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"InstallShield_{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}" = DaViDeo 3
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.09.2010 15:05:58 | Computer Name = NOTEBOOK_CH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msimn.exe, Version 6.0.2900.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 21.09.2010 15:06:21 | Computer Name = NOTEBOOK_CH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msimn.exe, Version 6.0.2900.5512, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 22.09.2010 21:03:06 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =
 
Error - 22.09.2010 22:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =
 
Error - 22.09.2010 23:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 00:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 01:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 02:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 03:03:06 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =
 
Error - 23.09.2010 07:25:49 | Computer Name = NOTEBOOK_CH | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
[ System Events ]
Error - 19.09.2010 07:19:21 | Computer Name = NOTEBOOK_CH | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 19.09.2010 07:19:21 | Computer Name = NOTEBOOK_CH | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 19.09.2010 08:13:31 | Computer Name = NOTEBOOK_CH | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.26 für die Netzwerkkarte mit der Netzwerkadresse
 0014A50CF3D1 wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
 
Error - 19.09.2010 08:19:20 | Computer Name = NOTEBOOK_CH | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 0014A50CF3D1 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:  %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 20.09.2010 08:14:28 | Computer Name = NOTEBOOK_CH | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
 für die  Netzwerkkarte mit der Netzwerkadresse 0014A50CF3D1 zugeteilt werden. Der
 folgende Fehler  ist aufgetreten:  %%1223.  Es wird weiterhin im Hintergrund versucht,
 eine Adresse vom  Netzwerkadressserver (DHCP) zugeteilt zu bekommen.
 
Error - 23.09.2010 07:25:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst WZCSVC.
 
Error - 23.09.2010 07:25:34 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 23.09.2010 07:26:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection.
 
Error - 23.09.2010 07:26:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NLA (Network Location Awareness)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%231
 
Error - 23.09.2010 07:26:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NLA (Network Location Awareness)" wurde aufgrund folgenden
 Fehlers nicht gestartet:  %%231
 
 
< End of report >
--- --- ---

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9420:TCP" = 9420:TCP:*:Enabled:RSP
"38679:TCP" = 38679:TCP:*:Enabled:TCP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe" = C:\Program Files\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- File not found
"C:\Programme\CyberLink\PowerCinema\PowerCinema.exe" = C:\Programme\CyberLink\PowerCinema\PowerCinema.exe:*:Enabled:PowerCinema -- (CyberLink Corp.)
"E:\Programme\Age of Empire II\age2_x1 k.exe" = E:\Programme\Age of Empire II\age2_x1 k.exe:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Emule\emule.exe" = C:\Programme\Emule\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\LimeWire 4.2.6 Pro\LimeWire.exe" = C:\Programme\LimeWire 4.2.6 Pro\LimeWire.exe:*:Enabled:LimeWire -- (LimeWire, LLC)
"C:\Programme\Azureus\Azureus.exe" = C:\Programme\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Programme\CuteSoft\NetSkat\Netskat.exe" = C:\Programme\CuteSoft\NetSkat\Netskat.exe:*:Enabled:NetSkat. Exe-Datei -- (CuteSoft, Gerlinde und Michael Fischer)
"C:\Programme\RSSoft\RSEDNClient.exe" = C:\Programme\RSSoft\RSEDNClient.exe:*:Enabled:RSEDNClient -- File not found
"E:\Programme\Commandos 3 - Destination Berlin\Commandos3.exe" = E:\Programme\Commandos 3 - Destination Berlin\Commandos3.exe:*:Enabled:Commandos3 -- ()
"C:\Programme\Mozilla Firefox\plugins\alhlp.exe" = C:\Programme\Mozilla Firefox\plugins\alhlp.exe:*:Enabled:Anti-Leech plugin helper program -- File not found
"C:\Programme\NetPumper\NetPumper.exe" = C:\Programme\NetPumper\NetPumper.exe:*:Enabled:NetPumper download manager -- File not found
"C:\Programme\SFT Loader\leecher.exe" = C:\Programme\SFT Loader\leecher.exe:*:Enabled:SFT Loader -- File not found
"C:\Downloads\3D Luder\3D Luder\iWeb\iws.exe" = C:\Downloads\3D Luder\3D Luder\iWeb\iws.exe:*:Enabled:.Web -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\FIFA 2005\fifa2005.exe" = C:\Programme\FIFA 2005\fifa2005.exe:*:Enabled:fifa2005 -- File not found
"E:\Programme\Nights of the old Republic 2\swupdate.exe" = E:\Programme\Nights of the old Republic 2\swupdate.exe:*:Enabled:Star Wars: Knights of the Old Republic II: The Sith Lords Update Program -- File not found
"C:\Programme\concept design\onlineTV 3\onlineTV.exe" = C:\Programme\concept design\onlineTV 3\onlineTV.exe:*:Enabled:onlineTV -- File not found
"E:\Programme\Command and Conquer Generäle\game.dat" = E:\Programme\Command and Conquer Generäle\game.dat:*:Enabled:game -- ()
"E:\Programme\Jedi Night- Jedi Academy\GameData\jamp.exe" = E:\Programme\Jedi Night- Jedi Academy\GameData\jamp.exe:*:Enabled:Jedi Academy MultiPlayer -- (Activision Inc)
"C:\Programme\PPLive\PPLive.exe" = C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive -- ()
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe" = E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) -- File not found
"E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe" = E:\Programme\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:*:Enabled:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) -- ()
"C:\Programme\PPStream\PPStream.exe" = C:\Programme\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ -- (PPStream Inc.)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\PPMate\ppmate.exe" = C:\Programme\PPMate\ppmate.exe:*:Enabled:PPMate -- ()
"C:\Programme\PPMate\ppmnet.exe" = C:\Programme\PPMate\ppmnet.exe:*:Enabled:PPMate -- File not found
"C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\Abischnitt_2007\PPStream.exe" = C:\Dokumente und Einstellungen\Hammann\Eigene Dateien\Abischnitt_2007\PPStream.exe:*:Enabled:PPStream media stream player -- (PPStream.com)
"C:\Programme\LeechFTP\Leechftp.exe" = C:\Programme\LeechFTP\Leechftp.exe:*:Enabled:LeechFTP -- (jan debis)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"E:\Programme\FIFA 2001\FIFA2001.ICD" = E:\Programme\FIFA 2001\FIFA2001.ICD:*:Enabled:FIFA2001 -- ()
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast\adv\SopAdver.exe" = C:\Dokumente und Einstellungen\Hammann\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- File not found
"C:\server.exe" = C:\server.exe:*:Disabled:server -- File not found
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\PPStream\PPSAP.exe" = C:\Programme\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷ -- (PPStream Inc)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:enable -- (Microsoft Corporation)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Java\jre1.5.0_06\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_06\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre1.5.0_06\bin\java.exe" = C:\Programme\Java\jre1.5.0_06\bin\java.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"E:\Programme\iTunes\iTunes.exe" = E:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe" = C:\Programme\Air Mouse\Air Mouse\Air Mouse.exe:*:Enabled:AirMouse -- ()
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Programme\SparVoip.de\SparVoip\SparVoip.exe" = C:\Programme\SparVoip.de\SparVoip\SparVoip.exe:*:Enabled:SparVoip -- (SparVoip)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}" = Nokia Software Updater
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2A0A6470-FD0F-4F45-9B11-85F3167DB943}" = Nokia Flashing Cable Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DB5FD00-BB93-4AF3-B925-77DAA0E4E2F4}" = eBay Toolbar
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{449801F1-65B0-46F5-B4C5-1EF464EF7214}" = Mobile Mouse Server
"{4727EB39-BB6F-4571-A0B6-AB6331D57665}" = LimeWire
"{4F928B83-3D8E-402B-8480-5C5C3BCE8040}" = OKI B410 Druckermenü-Einrichtungstool
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5E4EF02B-4C5F-4B35-AB77-41284456165A}" = Skispringen 2002
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E5BC38E-F22B-4197-00A2-CD8E58EF139C}" = Fussball Manager 2004
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}" = DaViDeo 3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A71000000002}" = Adobe Reader 7.1.0 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3EC8F2C-B71B-4030-BB37-1A04BE8516FC}" = OpenOffice.org 2.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BF4778F9-09D0-416C-8B8F-EF65BF169D52}" = NetSkat
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C640CAE0-8024-11D4-0090-B700902724B3}" = FIFA 2001
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0FCEDB-11AE-4D88-8633-537292C3E705}" = Commandos 3 - Destination Berlin
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows-Treiberpaket - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"24h-Bildexpress" = 24h-Bildexpress
"³¬¼¶²¥°Ô" = ³¬¼¶²¥°Ô
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All Patches inkl" = All Patches inkl
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bink and Smacker" = Bink and Smacker
"bwin Poker_is1" = bwin Poker
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Catan" = Catan - Die erste Insel
"CCleaner" = CCleaner (remove only)
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CSCLIB" = Canon Camera Support Core Library
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Exifer_is1" = Exifer
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"FLVPlayer" = FLV Player 1.3.3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{4727EB39-BB6F-4571-A0B6-AB6331D57665}" = LimeWire
"IrfanView" = IrfanView (remove only)
"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e
"JDownloader" = JDownloader
"LeechFTP" = LeechFTP
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP3 Butcher 1.1.99_is1" = MP3 Butcher 1.1.99
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NetSkat" = NetSkat
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"Notebook Hardware Control" = Notebook Hardware Control 1.10 Beta 03
"NVEContent!UninstallKey" = NeroVision Express Content
"Pacific Poker" = Pacific Poker
"PDF Image Extraction Wizard 3.1_is1" = PDF Image Extraction Wizard 3.1
"PerformanceTest_is1" = PerformanceTest v6.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PPLive" = PPLive 1.3.20
"ppmate" = PPMate Network TV 2.0.0.39
"PPStream" = PPStream
"QuicktimeAlt_is1" = QuickTime Alternative 1.75
"ratDVD" = ratDVD 0.78.1444
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl
"SimpleScreenshot" = SimpleScreenshot 1.40
"Skispringen 2007_0001" = Skispringen 2007
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"SopCast" = SopCast 1.1.2
"SparVoip_is1" = SparVoip
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 4" = TeamViewer 4
"The KMPlayer" = The KMPlayer (remove only)
"TV Player" = Veetle TV Player 0.9.11
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Tweak UI 2.10" = Tweak UI
"TweakUI" = Tweak UI 1.33 deutsch
"UltraStar Deluxe" = UltraStar Deluxe
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV Player" = Veetle TV Player 0.9.11
"Verbindungsassistent" = Verbindungsassistent
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"Yahoo! Messenger" = Yahoo! Messenger
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"Zwei-Stein_is1" = Zwei-Stein Video Compositor 3.01 (Beta 2).

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"InstallShield_{89B287F1-3E3B-4E13-BB9B-DE7AD9D635E5}" = DaViDeo 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21.09.2010 15:05:58 | Computer Name = NOTEBOOK_CH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msimn.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 21.09.2010 15:06:21 | Computer Name = NOTEBOOK_CH | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung msimn.exe, Version 6.0.2900.5512, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 22.09.2010 21:03:06 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =

Error - 22.09.2010 22:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =

Error - 22.09.2010 23:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =

Error - 23.09.2010 00:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =

Error - 23.09.2010 01:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =

Error - 23.09.2010 02:03:05 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =

Error - 23.09.2010 03:03:06 | Computer Name = NOTEBOOK_CH | Source = Google Update | ID = 20
Description =

Error - 23.09.2010 07:25:49 | Computer Name = NOTEBOOK_CH | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.

[ System Events ]
Error - 19.09.2010 07:19:21 | Computer Name = NOTEBOOK_CH | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 19.09.2010 07:19:21 | Computer Name = NOTEBOOK_CH | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort1 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 19.09.2010 08:13:31 | Computer Name = NOTEBOOK_CH | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.26 für die Netzwerkkarte mit der Netzwerkadresse
0014A50CF3D1 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).

Error - 19.09.2010 08:19:20 | Computer Name = NOTEBOOK_CH | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0014A50CF3D1 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 20.09.2010 08:14:28 | Computer Name = NOTEBOOK_CH | Source = Dhcp | ID = 1001
Description = Diesem Computer konnte keine Netzwerkadresse durch den DHCP-Server
für die Netzwerkkarte mit der Netzwerkadresse 0014A50CF3D1 zugeteilt werden. Der
folgende Fehler ist aufgetreten: %%1223. Es wird weiterhin im Hintergrund versucht,
eine Adresse vom Netzwerkadressserver (DHCP) zugeteilt zu bekommen.

Error - 23.09.2010 07:25:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst WZCSVC.

Error - 23.09.2010 07:25:34 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection.

Error - 23.09.2010 07:26:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection.

Error - 23.09.2010 07:26:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NLA (Network Location Awareness)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%231

Error - 23.09.2010 07:26:04 | Computer Name = NOTEBOOK_CH | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NLA (Network Location Awareness)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%231


< End of report >

cosinus 23.09.2010 20:46
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O33 - MountPoints2\{00200d28-8da5-11df-8660-0014a50cf3d1}\Shell\AutoRun\command - "" = I:\Menu.exe -- File not found
O33 - MountPoints2\{23db83f6-0d85-11de-8353-0014a50cf3d1}\Shell - "" = AutoRun
O33 - MountPoints2\{23db83f6-0d85-11de-8353-0014a50cf3d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6f6daca4-a7cb-11df-868c-0014a50cf3d1}\Shell\AutoRun\command - "" = dhrhyje.bat
O33 - MountPoints2\{6f6daca4-a7cb-11df-868c-0014a50cf3d1}\Shell\open\Command - "" = dhrhyje.bat
O33 - MountPoints2\{87b12e7c-f889-11de-853a-0014a50cf3d1}\Shell - "" = AutoRun
O33 - MountPoints2\{87b12e7c-f889-11de-853a-0014a50cf3d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87b12e7c-f889-11de-853a-0014a50cf3d1}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{87b12e7f-f889-11de-853a-0014a50cf3d1}\Shell - "" = AutoRun
O33 - MountPoints2\{87b12e7f-f889-11de-853a-0014a50cf3d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87b12e7f-f889-11de-853a-0014a50cf3d1}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{87b12e82-f889-11de-853a-0014a50cf3d1}\Shell - "" = AutoRun
O33 - MountPoints2\{87b12e82-f889-11de-853a-0014a50cf3d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{87b12e82-f889-11de-853a-0014a50cf3d1}\Shell\AutoRun\command - "" = I:\AutoRun.exe -- File not found
O33 - MountPoints2\{c68093a2-a697-11de-8476-0014a50cf3d1}\Shell\AutoRun\command - "" = I:\menu.exe -- File not found
O33 - MountPoints2\{f78a7e98-927b-11de-844b-0014a50cf3d1}\Shell - "" = AutoRun
O33 - MountPoints2\{f78a7e98-927b-11de-844b-0014a50cf3d1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f78a7e98-927b-11de-844b-0014a50cf3d1}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found
[2010.09.23 21:25:07 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ehqap.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

nickel 23.09.2010 20:54
Wenn ich auf Fix gehe kommt:

Es wurde kein Fix vorgesehen... was soll ich machen?

cosinus 23.09.2010 21:08
Hast Du den kompletten Text unten in die Texbox bei OTL eingetragen?

nickel 23.09.2010 21:37
Was muss ich denn da eintragen? Einfach das Otl. txt File einfügen oder das Extras.txt File?

cosinus 23.09.2010 21:53
Liest Du meine Postings nicht?? :wtf:
Ich hab doch in einer Codebox gepostet was Du da eintragen sollst!

nickel 23.09.2010 22:47
Ohhh sry hatte ich überlesen...
Hier bitte:

========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{00200d28-8da5-11df-8660-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00200d28-8da5-11df-8660-0014a50cf3d1}\ not found.
File I:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23db83f6-0d85-11de-8353-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23db83f6-0d85-11de-8353-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{23db83f6-0d85-11de-8353-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23db83f6-0d85-11de-8353-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6daca4-a7cb-11df-868c-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6daca4-a7cb-11df-868c-0014a50cf3d1}\ not found.
File dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6f6daca4-a7cb-11df-868c-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6f6daca4-a7cb-11df-868c-0014a50cf3d1}\ not found.
File dhrhyje.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e7c-f889-11de-853a-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e7c-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e7c-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e7c-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e7c-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e7c-f889-11de-853a-0014a50cf3d1}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e7f-f889-11de-853a-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e7f-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e7f-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e7f-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e7f-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e7f-f889-11de-853a-0014a50cf3d1}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e82-f889-11de-853a-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e82-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e82-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e82-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{87b12e82-f889-11de-853a-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87b12e82-f889-11de-853a-0014a50cf3d1}\ not found.
File I:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c68093a2-a697-11de-8476-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c68093a2-a697-11de-8476-0014a50cf3d1}\ not found.
File I:\menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f78a7e98-927b-11de-844b-0014a50cf3d1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f78a7e98-927b-11de-844b-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f78a7e98-927b-11de-844b-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f78a7e98-927b-11de-844b-0014a50cf3d1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f78a7e98-927b-11de-844b-0014a50cf3d1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f78a7e98-927b-11de-844b-0014a50cf3d1}\ not found.
File I:\pushinst.exe not found.
C:\WINDOWS\system32\drivers\ehqap.sys moved successfully.

OTL by OldTimer - Version 3.2.14.1 log created on 09232010_234628

cosinus 24.09.2010 08:28
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

nickel 28.09.2010 22:57
Hey Arne,

sry ich war die letzten Tage unterwegs und konnte somit leider nicht antworten...
Hab den Ordner gezippt und hochgeladen und es kam, dass der Vorgang erfolgreich war.
Ich hoffe es war alles ok, Virenscanner war ausgeschaltet.
Vielen Dank für deine bisherige Hilfe, die Probleme sind bisher allerdings noch unverändert.
MFG
der nickel

cosinus 29.09.2010 10:02
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

nickel 30.09.2010 09:51
Ok, hab alles so ausgeführt wie beschrieben!
Hier das Logfile von Combofix:
Combofix Logfile:
Code:
ComboFix 10-09-29.01 - Hammann 30.09.2010  10:39:10.1.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.607 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Hammann\Desktop\cofi.exe.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD100-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD408-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD408-FFA4-00FC-0D24-347CA8A3377C}
.
ADS - WINDOWS: deleted 48 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programme\pdfforge Toolbar\SeARchsettings.dll
c:\programme\webserver
c:\programme\webserver\add_server.gif
c:\programme\webserver\arrow_down.gif
c:\programme\webserver\arrow_up.gif
c:\programme\webserver\arrow_up_q.gif
c:\programme\webserver\black.gif
c:\programme\webserver\blue1.gif
c:\programme\webserver\blue2.gif
c:\programme\webserver\blue3.gif
c:\programme\webserver\blue4.gif
c:\programme\webserver\blue5.gif
c:\programme\webserver\blue6.gif
c:\programme\webserver\checked.gif
c:\programme\webserver\checked_no.gif
c:\programme\webserver\complete.gif
c:\programme\webserver\completing.gif
c:\programme\webserver\connecting.gif
c:\programme\webserver\ct_0.gif
c:\programme\webserver\ct_1.gif
c:\programme\webserver\ct_a.gif
c:\programme\webserver\ct_h.gif
c:\programme\webserver\ct_l.gif
c:\programme\webserver\ct_m.gif
c:\programme\webserver\ct_s.gif
c:\programme\webserver\ct_u.gif
c:\programme\webserver\disconnected.gif
c:\programme\webserver\downloading.gif
c:\programme\webserver\error.gif
c:\programme\webserver\failed.gif
c:\programme\webserver\favicon.ico
c:\programme\webserver\file.gif
c:\programme\webserver\filedown.gif
c:\programme\webserver\filetype_archive.gif
c:\programme\webserver\filetype_audio.gif
c:\programme\webserver\filetype_cdimage.gif
c:\programme\webserver\filetype_document.gif
c:\programme\webserver\filetype_emulecollection.gif
c:\programme\webserver\filetype_other.gif
c:\programme\webserver\filetype_picture.gif
c:\programme\webserver\filetype_program.gif
c:\programme\webserver\filetype_video.gif
c:\programme\webserver\green.gif
c:\programme\webserver\greenpercent.gif
c:\programme\webserver\h_emule.gif
c:\programme\webserver\h_graph.gif
c:\programme\webserver\h_graphs.gif
c:\programme\webserver\h_kad.gif
c:\programme\webserver\h_log.gif
c:\programme\webserver\h_preferences.gif
c:\programme\webserver\h_search.gif
c:\programme\webserver\h_server.gif
c:\programme\webserver\h_shared.gif
c:\programme\webserver\h_statistic.gif
c:\programme\webserver\h_transfer.gif
c:\programme\webserver\hashing.gif
c:\programme\webserver\high.gif
c:\programme\webserver\is_a4af.gif
c:\programme\webserver\is_banned.gif
c:\programme\webserver\is_credit.gif
c:\programme\webserver\is_friend.gif
c:\programme\webserver\is_getflc.gif
c:\programme\webserver\is_halfcmtbad.gif
c:\programme\webserver\is_halfcmtgood.gif
c:\programme\webserver\is_halfnone.gif
c:\programme\webserver\is_none.gif
c:\programme\webserver\is_release.gif
c:\programme\webserver\is_static.gif
c:\programme\webserver\l_add.gif
c:\programme\webserver\l_calendar.gif
c:\programme\webserver\l_cancel.gif
c:\programme\webserver\l_catarrow.gif
c:\programme\webserver\l_category.gif
c:\programme\webserver\l_catprio.gif
c:\programme\webserver\l_clear.gif
c:\programme\webserver\l_clock.gif
c:\programme\webserver\l_close.gif
c:\programme\webserver\l_comments.gif
c:\programme\webserver\l_con.gif
c:\programme\webserver\l_connect.gif
c:\programme\webserver\l_dndoublearrow.gif
c:\programme\webserver\l_downarrow.gif
c:\programme\webserver\l_ed2klink.gif
c:\programme\webserver\l_filedonkey.gif
c:\programme\webserver\l_filesearch.gif
c:\programme\webserver\l_forum.gif
c:\programme\webserver\l_friend.gif
c:\programme\webserver\l_getflc.gif
c:\programme\webserver\l_hasherror.gif
c:\programme\webserver\l_homepage.gif
c:\programme\webserver\l_info.gif
c:\programme\webserver\l_logout.gif
c:\programme\webserver\l_none.gif
c:\programme\webserver\l_options.gif
c:\programme\webserver\l_pause.gif
c:\programme\webserver\l_reboot.gif
c:\programme\webserver\l_remove.gif
c:\programme\webserver\l_rename.gif
c:\programme\webserver\l_resume.gif
c:\programme\webserver\l_search.gif
c:\programme\webserver\l_server.gif
c:\programme\webserver\l_shared.gif
c:\programme\webserver\l_showcat.gif
c:\programme\webserver\l_shutdown.gif
c:\programme\webserver\l_sources_0.gif
c:\programme\webserver\l_sources_10.gif
c:\programme\webserver\l_sources_25.gif
c:\programme\webserver\l_sources_5.gif
c:\programme\webserver\l_sources_50.gif
c:\programme\webserver\l_static.gif
c:\programme\webserver\l_stop.gif
c:\programme\webserver\l_timer.gif
c:\programme\webserver\l_timer_off.gif
c:\programme\webserver\l_uparrow.gif
c:\programme\webserver\l_updoublearrow.gif
c:\programme\webserver\l_users.gif
c:\programme\webserver\l_version.gif
c:\programme\webserver\login_bottom.gif
c:\programme\webserver\login_downmain.gif
c:\programme\webserver\login_lefttop.gif
c:\programme\webserver\login_righttop.gif
c:\programme\webserver\login_top.gif
c:\programme\webserver\login_topdown.gif
c:\programme\webserver\login_topseperator.gif
c:\programme\webserver\logo.jpg
c:\programme\webserver\low.gif
c:\programme\webserver\m_category.gif
c:\programme\webserver\m_catprio.gif
c:\programme\webserver\m_clearcompleted.gif
c:\programme\webserver\main_bg.gif
c:\programme\webserver\main_menubg.gif
c:\programme\webserver\main_topbar.gif
c:\programme\webserver\main_topbardarker.gif
c:\programme\webserver\main_topbarseperator.gif
c:\programme\webserver\p_black.gif
c:\programme\webserver\p_blue1.gif
c:\programme\webserver\p_blue2.gif
c:\programme\webserver\p_blue3.gif
c:\programme\webserver\p_blue4.gif
c:\programme\webserver\p_blue5.gif
c:\programme\webserver\p_blue6.gif
c:\programme\webserver\p_green.gif
c:\programme\webserver\p_greenpercent.gif
c:\programme\webserver\p_red.gif
c:\programme\webserver\p_yellow.gif
c:\programme\webserver\paused.gif
c:\programme\webserver\qs_con.jpg
c:\programme\webserver\qs_down.jpg
c:\programme\webserver\qs_up.jpg
c:\programme\webserver\qs_user.jpg
c:\programme\webserver\red.gif
c:\programme\webserver\stalled.gif
c:\programme\webserver\stats_0.gif
c:\programme\webserver\stats_1.gif
c:\programme\webserver\stats_10.gif
c:\programme\webserver\stats_11.gif
c:\programme\webserver\stats_12.gif
c:\programme\webserver\stats_13.gif
c:\programme\webserver\stats_14.gif
c:\programme\webserver\stats_15.gif
c:\programme\webserver\stats_16.gif
c:\programme\webserver\stats_17.gif
c:\programme\webserver\stats_2.gif
c:\programme\webserver\stats_3.gif
c:\programme\webserver\stats_4.gif
c:\programme\webserver\stats_5.gif
c:\programme\webserver\stats_6.gif
c:\programme\webserver\stats_7.gif
c:\programme\webserver\stats_8.gif
c:\programme\webserver\stats_9.gif
c:\programme\webserver\stats_back.gif
c:\programme\webserver\stats_con.gif
c:\programme\webserver\stats_down.gif
c:\programme\webserver\stats_hidden.gif
c:\programme\webserver\stats_space.gif
c:\programme\webserver\stats_up.gif
c:\programme\webserver\stats_visible.gif
c:\programme\webserver\stopped.gif
c:\programme\webserver\t_complete.gif
c:\programme\webserver\t_completing.gif
c:\programme\webserver\t_connecting.gif
c:\programme\webserver\t_downloading.gif
c:\programme\webserver\t_error.gif
c:\programme\webserver\t_hashing.gif
c:\programme\webserver\t_next.gif
c:\programme\webserver\t_paused.gif
c:\programme\webserver\t_stalled.gif
c:\programme\webserver\t_stopped.gif
c:\programme\webserver\t_uploading.gif
c:\programme\webserver\t_waiting.gif
c:\programme\webserver\t_waitinghash.gif
c:\programme\webserver\Thumbs.db
c:\programme\webserver\transparent.gif
c:\programme\webserver\waiting.gif
c:\programme\webserver\waitinghash.gif
c:\programme\webserver\yellow.gif
C:\test.txt

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-28 bis 2010-09-30  ))))))))))))))))))))))))))))))
.

2010-09-23 20:34 . 2010-09-23 20:34        --------        d-----w-        C:\_OTL
2010-09-22 21:01 . 2010-09-22 21:01        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Malwarebytes
2010-09-22 21:01 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 21:01 . 2010-09-23 07:08        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-09-22 21:01 . 2010-09-22 21:01        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-22 21:01 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-22 19:41 . 2008-11-07 16:55        16928        ------w-        c:\windows\system32\spmsgXP_2k3.dll
2010-09-22 19:41 . 2010-09-22 19:41        --------        d-----w-        c:\programme\Synaptics
2010-09-21 19:11 . 2010-09-21 19:11        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2010-09-21 19:03 . 2009-08-28 08:33        228784        ----a-w-        c:\windows\system32\drivers\SynTP.sys
2010-09-21 19:03 . 2009-08-28 08:32        120104        ----a-w-        c:\windows\system32\SynTPCo4.dll
2010-09-21 19:03 . 2009-08-28 08:32        206120        ----a-w-        c:\windows\system32\SynCtrl.dll
2010-09-21 19:03 . 2009-08-28 08:32        161064        ----a-w-        c:\windows\system32\SynTPAPI.dll
2010-09-21 19:03 . 2009-08-28 08:32        169256        ----a-w-        c:\windows\system32\SynCOM.dll
2010-09-21 19:03 . 2009-08-07 07:49        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2010-09-20 18:03 . 2010-09-20 18:03        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\IETldCache
2010-09-12 13:56 . 2010-09-14 15:18        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\SparVoip
2010-09-12 13:53 . 2010-09-12 13:53        --------        d-----w-        c:\programme\SparVoip.de

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 08:42 . 2010-01-15 14:25        --------        d-----w-        c:\programme\pdfforge Toolbar
2010-09-29 23:47 . 2009-10-15 16:02        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Winamp
2010-09-29 23:38 . 2008-10-17 10:33        --------        d-----w-        c:\programme\CCleaner
2010-09-23 13:33 . 2005-10-06 18:10        87566        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-23 13:33 . 2005-10-06 18:10        465786        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-23 11:36 . 2005-11-28 00:43        --------        d-----w-        c:\programme\Google
2010-09-22 19:41 . 2010-09-22 19:41        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-22 19:41 . 2010-09-22 19:41        0        ---ha-w-        c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-17 09:49 . 2008-02-19 21:07        188152        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\FlashGot.exe
2010-09-16 07:37 . 2009-03-10 15:13        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-09-12 13:51 . 2009-09-29 09:26        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\vlc
2010-09-08 17:58 . 2005-12-09 18:09        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\OpenOffice.org2
2010-09-08 01:42 . 2010-06-16 06:54        --------        d-----w-        c:\programme\JDownloader
2010-09-08 01:34 . 2005-11-30 22:23        --------        d-----w-        c:\programme\Emule
2010-09-06 19:56 . 2006-01-07 14:19        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Azureus
2010-08-20 09:11 . 2010-08-20 09:10        27198960        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\rp\RealPlayerSPGold_de.exe
2010-08-20 09:10 . 2010-08-20 09:10        220272        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-20 09:10 . 2010-08-20 09:10        149000        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-20 09:10 . 2010-08-20 09:10        13407072        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-20 09:10 . 2010-08-20 09:10        79368        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\vista.exe
2010-08-20 09:10 . 2010-08-20 09:10        73344        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-20 09:10 . 2010-08-20 09:10        64000        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-20 09:10 . 2010-08-20 09:10        52288        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-20 09:10 . 2010-08-20 09:10        122880        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-19 23:42 . 2010-08-19 23:42        456200        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\setup.exe
2010-08-17 13:17 . 2005-10-06 18:10        58880        ----a-w-        c:\windows\system32\spoolsv.exe
2010-08-16 17:24 . 2007-12-30 10:57        --------        d-----w-        c:\programme\UltraStar
2010-08-09 12:04 . 2010-08-09 12:04        --------        d-----w-        c:\programme\Air Mouse
2010-07-22 15:48 . 2005-10-06 18:10        590848        ----a-w-        c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll
2010-07-20 08:37 . 2010-07-20 08:37        72804        ---ha-w-        c:\windows\system32\mlfcache.dat
2009-12-09 10:00 . 2008-05-09 17:02        30        ----a-w-        c:\programme\Exiferupdate.ini
2006-05-03 09:06 . 2010-07-14 09:43        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-07-14 09:43        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-07-14 09:43        216064        --sh--r-        c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2009-11-03 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2009-11-03 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-26 . EF7834C1D9DDF4C7DA697D8C24A03791 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2007-10-02 . 1DD47B236399BD231E0F0D1017FEBE8A . 360576 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-13 . 4092C56967175F009DC8458DC434358E . 359040 . . [5.1.2600.2505] . . c:\windows\$NtUninstallKB889527$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB884020$\tcpip.sys
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"e:\\Programme\\Age of Empire II\\age2_x1 k.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programme\\LimeWire 4.2.6 Pro\\LimeWire.exe"=
"c:\\Programme\\CuteSoft\\NetSkat\\Netskat.exe"=
"e:\\Programme\\Commandos 3 - Destination Berlin\\Commandos3.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Programme\\Command and Conquer Generäle\\game.dat"=
"e:\\Programme\\Jedi Night- Jedi Academy\\GameData\\jamp.exe"=
"c:\\Programme\\PPLive\\PPLive.exe"=
"c:\\Programme\\TVAnts\\Tvants.exe"=
"e:\\Programme\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Programme\\PPStream\\PPStream.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\PPMate\\ppmate.exe"=
"c:\\Dokumente und Einstellungen\\Hammann\\Eigene Dateien\\Abischnitt_2007\\PPStream.exe"=
"c:\\Programme\\LeechFTP\\Leechftp.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Programme\\FIFA 2001\\FIFA2001.ICD"=
"c:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programme\\PPStream\\PPSAP.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre1.5.0_06\\bin\\java.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Programme\\SparVoip.de\\SparVoip\\SparVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:RSP
"38679:TCP"= 38679:TCP:TCP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.09.2009 13:21 108289]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]
R2 WTGService;WTGService;c:\programme\Verbindungsassistent\WTGService.exe [03.01.2010 19:01 296400]
S0 btjmjfg;btjmjfg;c:\windows\system32\drivers\ehqap.sys --> c:\windows\system32\drivers\ehqap.sys [?]
S0 lfrwknip;lfrwknip;c:\windows\system32\drivers\mrnffmi.sys --> c:\windows\system32\drivers\mrnffmi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.07.2009 15:08 133104]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [26.08.2009 22:07 4352]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [26.08.2009 22:06 440832]
S3 jfdcd;jfdcd;\??\c:\dokume~1\Hammann\LOKALE~1\Temp\jfdcd.sys --> c:\dokume~1\Hammann\LOKALE~1\Temp\jfdcd.sys [?]
S3 nhcAcpi_driver;Notebook Hardware Control ACPI Driver;\??\c:\windows\system32\drivers\nhcAcpi.sys --> c:\windows\system32\drivers\nhcAcpi.sys [?]
S3 zlportio;zlportio;\??\e:\programme\Ultrastar\zlportio.sys --> e:\programme\Ultrastar\zlportio.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2006 14:00 611064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc        REG_MULTI_SZ          vvdsvc
.
Inhalt des "geplante Tasks" Ordners

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zdf.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Suche - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
FF - ProfilePath - c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\
FF - prefs.js: browser.startup.homepage - ZDF.de - Startseite
FF - plugin: c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programme\Veetle\VLC\npvlc.dll
FF - plugin: e:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKU-Default-Run-cleansweep.exe - c:\cleansweep.exe\cleansweep.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-09-30 10:43
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\Ati2evxx.dll
.
Zeit der Fertigstellung: 2010-09-30  10:45:59
ComboFix-quarantined-files.txt  2010-09-30 08:45

Vor Suchlauf: 5.886.623.744 Bytes frei
Nach Suchlauf: 6.580.817.920 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 63139D7721D9346FC89DD6D96C1FCBBC
--- --- ---

cosinus 30.09.2010 15:24
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
KILLALL::

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"=-
"38679:TCP"=-

FCopy::
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\drivers\TCPIP.SYS
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys | c:\windows\system32\dllcache\TCPIP.SYS
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

nickel 01.10.2010 09:45
Bitte sehr:
Combofix Logfile:
Code:
ComboFix 10-09-30.01 - Hammann 01.10.2010  0:16.2.1 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.1023.629 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Hammann\Desktop\cofi.exe.exe
Benutzte Befehlsschalter :: c:\dokumente und einstellungen\Hammann\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD100-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD408-FFA4-00DA-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD408-FFA4-00EB-0D24-347CA8A3377C}
AV: AntiVir PersonalEdition Classic Virenschutz *On-access scanning enabled* (Updated) {804FD408-FFA4-00FC-0D24-347CA8A3377C}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\drivers\TCPIP.SYS
c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys --> c:\windows\system32\dllcache\TCPIP.SYS
.
(((((((((((((((((((((((  Dateien erstellt von 2010-09-01 bis 2010-10-01  ))))))))))))))))))))))))))))))
.

2010-09-29 23:57 . 2010-09-30 08:46        --------        d-----w-        C:\cofi.exe
2010-09-23 20:34 . 2010-09-23 20:34        --------        d-----w-        C:\_OTL
2010-09-22 21:01 . 2010-09-22 21:01        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Malwarebytes
2010-09-22 21:01 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-22 21:01 . 2010-09-23 07:08        --------        d-----w-        c:\programme\Malwarebytes' Anti-Malware
2010-09-22 21:01 . 2010-09-22 21:01        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-09-22 21:01 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-22 19:41 . 2008-11-07 16:55        16928        ------w-        c:\windows\system32\spmsgXP_2k3.dll
2010-09-22 19:41 . 2010-09-22 19:41        --------        d-----w-        c:\programme\Synaptics
2010-09-21 19:11 . 2010-09-21 19:11        --------        d-----r-        c:\dokumente und einstellungen\LocalService\Favoriten
2010-09-21 19:03 . 2009-08-28 08:33        228784        ----a-w-        c:\windows\system32\drivers\SynTP.sys
2010-09-21 19:03 . 2009-08-28 08:32        120104        ----a-w-        c:\windows\system32\SynTPCo4.dll
2010-09-21 19:03 . 2009-08-28 08:32        206120        ----a-w-        c:\windows\system32\SynCtrl.dll
2010-09-21 19:03 . 2009-08-28 08:32        161064        ----a-w-        c:\windows\system32\SynTPAPI.dll
2010-09-21 19:03 . 2009-08-28 08:32        169256        ----a-w-        c:\windows\system32\SynCOM.dll
2010-09-21 19:03 . 2009-08-07 07:49        1461992        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2010-09-20 18:03 . 2010-09-20 18:03        --------        d-sh--w-        c:\dokumente und einstellungen\LocalService\IETldCache
2010-09-12 13:56 . 2010-09-14 15:18        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\SparVoip
2010-09-12 13:53 . 2010-09-12 13:53        --------        d-----w-        c:\programme\SparVoip.de

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-30 20:58 . 2010-09-30 20:58        --------        d--h--w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\CanonBJ
2010-09-30 08:42 . 2010-01-15 14:25        --------        d-----w-        c:\programme\pdfforge Toolbar
2010-09-29 23:47 . 2009-10-15 16:02        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Winamp
2010-09-29 23:38 . 2008-10-17 10:33        --------        d-----w-        c:\programme\CCleaner
2010-09-23 13:33 . 2005-10-06 18:10        87566        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-23 13:33 . 2005-10-06 18:10        465786        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-23 11:36 . 2005-11-28 00:43        --------        d-----w-        c:\programme\Google
2010-09-22 19:41 . 2010-09-22 19:41        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
2010-09-22 19:41 . 2010-09-22 19:41        0        ---ha-w-        c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-09-17 09:49 . 2008-02-19 21:07        188152        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\FlashGot.exe
2010-09-16 07:37 . 2009-03-10 15:13        --------        d-----w-        c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-09-12 13:51 . 2009-09-29 09:26        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\vlc
2010-09-08 17:58 . 2005-12-09 18:09        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\OpenOffice.org2
2010-09-08 01:42 . 2010-06-16 06:54        --------        d-----w-        c:\programme\JDownloader
2010-09-08 01:34 . 2005-11-30 22:23        --------        d-----w-        c:\programme\Emule
2010-09-06 19:56 . 2006-01-07 14:19        --------        d-----w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Azureus
2010-08-20 09:11 . 2010-08-20 09:10        27198960        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\rp\RealPlayerSPGold_de.exe
2010-08-20 09:10 . 2010-08-20 09:10        220272        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-08-20 09:10 . 2010-08-20 09:10        149000        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
2010-08-20 09:10 . 2010-08-20 09:10        13407072        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\chr\ChromeInstaller.exe
2010-08-20 09:10 . 2010-08-20 09:10        79368        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\vista.exe
2010-08-20 09:10 . 2010-08-20 09:10        73344        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
2010-08-20 09:10 . 2010-08-20 09:10        64000        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
2010-08-20 09:10 . 2010-08-20 09:10        52288        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
2010-08-20 09:10 . 2010-08-20 09:10        122880        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\RUP\inst_config\compat.dll
2010-08-19 23:42 . 2010-08-19 23:42        456200        ----a-w-        c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Real\Update\setup3.12\setup.exe
2010-08-17 13:17 . 2005-10-06 18:10        58880        ----a-w-        c:\windows\system32\spoolsv.exe
2010-08-16 17:24 . 2007-12-30 10:57        --------        d-----w-        c:\programme\UltraStar
2010-08-09 12:04 . 2010-08-09 12:04        --------        d-----w-        c:\programme\Air Mouse
2010-07-22 15:48 . 2005-10-06 18:10        590848        ----a-w-        c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25        5632        ----a-w-        c:\windows\system32\xpsp4res.dll
2010-07-20 08:37 . 2010-07-20 08:37        72804        ---ha-w-        c:\windows\system32\mlfcache.dat
2009-12-09 10:00 . 2008-05-09 17:02        30        ----a-w-        c:\programme\Exiferupdate.ini
2006-05-03 09:06 . 2010-07-14 09:43        163328        --sh--r-        c:\windows\system32\flvDX.dll
2007-02-21 10:47 . 2010-07-14 09:43        31232        --sh--r-        c:\windows\system32\msfDX.dll
2008-03-16 12:30 . 2010-07-14 09:43        216064        --sh--r-        c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\programme\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"e:\\Programme\\Age of Empire II\\age2_x1 k.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Programme\\LimeWire 4.2.6 Pro\\LimeWire.exe"=
"c:\\Programme\\CuteSoft\\NetSkat\\Netskat.exe"=
"e:\\Programme\\Commandos 3 - Destination Berlin\\Commandos3.exe"=
"c:\\Programme\\Mozilla Firefox\\firefox.exe"=
"e:\\Programme\\Command and Conquer Generäle\\game.dat"=
"e:\\Programme\\Jedi Night- Jedi Academy\\GameData\\jamp.exe"=
"c:\\Programme\\PPLive\\PPLive.exe"=
"c:\\Programme\\TVAnts\\Tvants.exe"=
"e:\\Programme\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"c:\\Programme\\PPStream\\PPStream.exe"=
"c:\\Programme\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Programme\\SopCast\\SopCast.exe"=
"c:\\Programme\\PPMate\\ppmate.exe"=
"c:\\Dokumente und Einstellungen\\Hammann\\Eigene Dateien\\Abischnitt_2007\\PPStream.exe"=
"c:\\Programme\\LeechFTP\\Leechftp.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"e:\\Programme\\FIFA 2001\\FIFA2001.ICD"=
"c:\\Programme\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Programme\\PPStream\\PPSAP.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Programme\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\ICQ6.5\\ICQ.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"c:\\Programme\\Java\\jre1.5.0_06\\bin\\java.exe"=
"c:\\Programme\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"e:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Air Mouse\\Air Mouse\\Air Mouse.exe"=
"c:\\Programme\\SparVoip.de\\SparVoip\\SparVoip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [18.09.2009 13:21 108289]
R2 Application Updater;Application Updater;c:\programme\Application Updater\ApplicationUpdater.exe [08.01.2010 01:51 380928]
R2 WTGService;WTGService;c:\programme\Verbindungsassistent\WTGService.exe [03.01.2010 19:01 296400]
S0 btjmjfg;btjmjfg;c:\windows\system32\drivers\ehqap.sys --> c:\windows\system32\drivers\ehqap.sys [?]
S0 lfrwknip;lfrwknip;c:\windows\system32\drivers\mrnffmi.sys --> c:\windows\system32\drivers\mrnffmi.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [16.07.2009 15:08 133104]
S3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [26.08.2009 22:07 4352]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\drivers\fwlanusbn.sys [26.08.2009 22:06 440832]
S3 jfdcd;jfdcd;\??\c:\dokume~1\Hammann\LOKALE~1\Temp\jfdcd.sys --> c:\dokume~1\Hammann\LOKALE~1\Temp\jfdcd.sys [?]
S3 nhcAcpi_driver;Notebook Hardware Control ACPI Driver;\??\c:\windows\system32\drivers\nhcAcpi.sys --> c:\windows\system32\drivers\nhcAcpi.sys [?]
S3 zlportio;zlportio;\??\e:\programme\Ultrastar\zlportio.sys --> e:\programme\Ultrastar\zlportio.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.11.2006 14:00 611064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc        REG_MULTI_SZ          vvdsvc
.
Inhalt des "geplante Tasks" Ordners

2010-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]

2010-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-07-16 13:08]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.zdf.de/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Suche - c:\programme\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} - hxxp://chkr-web.ifolor.net/ORDERINGGENERAL/LowRes/app_support/ActiveX/IfolorUploader_chkr.cab
FF - ProfilePath - c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\
FF - prefs.js: browser.startup.homepage - ZDF.de - Startseite
FF - plugin: c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\dokumente und einstellungen\Hammann\Anwendungsdaten\Mozilla\Firefox\Profiles\ntlresfk.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\programme\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\programme\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\programme\Veetle\plugins\npVeetle.dll
FF - plugin: c:\programme\Veetle\VLC\npvlc.dll
FF - plugin: e:\programme\iTunes\Mozilla Plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-10-01 10:17
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1276)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3304)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\programme\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\programme\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\programme\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_ger.nlr
c:\programme\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\programme\Cisco Systems\VPN Client\cvpnd.exe
c:\programme\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\programme\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\windows\SYSTEM32\GEARSEC.EXE
c:\programme\Java\jre6\bin\jqs.exe
c:\programme\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\programme\Canon\CAL\CALMAIN.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\Ati2evxx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-10-01  10:24:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-10-01 08:24
ComboFix2.txt  2010-09-30 08:46

Vor Suchlauf: 6.505.922.560 Bytes frei
Nach Suchlauf: 6.482.890.752 Bytes frei

Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - FCB1AC3708D0C1AEC94589499A63AEBA
--- --- ---

cosinus 01.10.2010 11:10
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131