Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   youarel.com - trojaner? über MSN (https://www.trojaner-board.de/86327-youarel-com-trojaner-msn.html)

CrazyUnited 21.05.2010 19:38
youarel.com - trojaner? über MSN
 
Hey :)

meine schwester und ihre freundin haben über msn einen link bekommen, der im normalfall trojaner auf den pc schickt.
nun hab sie mit meiner hilfe malwarebytes und OTL durchlaufen lassen.

von der schwester sind die folgenden logs :

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4124

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

21.05.2010 20:17:27
mbam-log-2010-05-21 (20-17-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 195405
Laufzeit: 31 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe (Worm.Bot.Gen) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Worm.Bot.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Temp\atb.exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Temp\dzh.exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Temporary Internet Files\Content.IE5\24BT6AD3\pt[1].exe (Worm.Bot.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.
Code:
OTL Extras logfile created on: 21.05.2010 20:31:06 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 153,38 Gb Total Space | 70,77 Gb Free Space | 46,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-6R4N9TLVP
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled: -- File not found
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- File not found
"C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Programme\Steam\SteamApps\sascha115\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\sascha115\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabledbiggrin ie Schlacht um Mittelerde (tm) -- ()
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe" = C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\msng.exe:*:Enabled:Windows System Guard -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{1FF12BFD-84AC-4E81-9A8F-496E5C2DDA79}_is1" = Didi V3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.57
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ask Toolbar_is1" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Bewerbung um eine Ausbildungsstelle 2006/2007" = Bewerbung um eine Ausbildungsstelle 2006/2007
"Call of Duty" = Call of Duty
"CCleaner" = CCleaner (remove only)
"Clean Virus MSN_is1" = Clean Virus MSN
"Cucusoft YouTube Mate (Downloader+Player+Converter)_is1" = Cucusoft YouTube Mate 7.12
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Harry der Höhlenmensch" = Harry der Höhlenmensch
"hp deskjet 3420 series" = hp deskjet 3420 series (nur entfernen)
"InstallShield_{B406605B-45FE-4D8F-8250-1E77479583AE}" = Zoo Tycoon 2 - Marine Mania
"Little Shop - City Lights Deluxe" = Little Shop - City Lights Deluxe
"Little Shop - Road Trip Deluxe" = Little Shop - Road Trip Deluxe
"Little Shop of Treasures 2 Deluxe" = Little Shop of Treasures 2 Deluxe
"Little Shop of Treasures Deluxe" = Little Shop of Treasures Deluxe
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NVIDIA Drivers" = NVIDIA Drivers
"Paradise Beach Deluxe" = Paradise Beach Deluxe
"PhotoScape" = PhotoScape
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SprayR" = SprayR 1.0 RC7
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaMizer" = VistaMizer 3.1.0.0
"VLC media player" = VLC media player 1.0.3
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YRefresher_is1" = Yrefresher 1.00

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.05.2010 09:56:12 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003dd11.

Error - 18.05.2010 09:56:18 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.2180, Fehleradresse 0x0001295d.

Error - 18.05.2010 09:57:07 | Computer Name = SARAH-6R4N9TLVP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung explorer.exe, Version 6.0.2900.2180, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 18.05.2010 09:58:55 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003dd11.

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 416: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:00:31 | Computer Name = SARAH-6R4N9TLVP | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 18.05.2010 10:01:44 | Computer Name = SARAH-6R4N9TLVP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003dd11.

[ System Events ]
Error - 19.05.2010 05:47:03 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 19.05.2010 05:59:43 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 19.05.2010 07:54:24 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 19.05.2010 11:40:35 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 01:08:10 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 08:08:53 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 10:32:12 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 20.05.2010 13:09:35 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 21.05.2010 10:02:55 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt

Error - 21.05.2010 14:20:34 | Computer Name = SARAH-6R4N9TLVP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
i8042prt


< End of report >
Code:
OTL logfile created on: 21.05.2010 20:31:06 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Sarah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 153,38 Gb Total Space | 70,77 Gb Free Space | 46,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SARAH-6R4N9TLVP
Current User Name: Sarah
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.live.com/sphome.aspx
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.live.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.jappy.de/user/Twinkie"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q="


FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.05.01 21:01:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.05.01 21:01:27 | 000,000,000 | ---D | M]

[2010.05.21 16:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions
[2010.03.08 19:15:11 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.04.10 16:56:33 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.29 21:00:31 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2009.04.10 16:56:33 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.01.18 18:58:51 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2009.07.17 11:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.11.07 19:46:22 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\bing.xml
[2010.01.19 06:48:43 | 000,000,873 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\conduit.xml
[2010.05.19 20:12:37 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\icqplugin.xml
[2010.03.08 21:37:05 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Anwendungsdaten\Mozilla\Firefox\Profiles\v77fnyv6.default\searchplugins\winamp-search.xml
[2010.05.21 16:12:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.11.29 19:10:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.04.10 16:44:23 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.12.18 00:34:33 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2008.12.18 00:34:33 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2008.12.18 00:34:33 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2008.12.18 00:34:33 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2008.12.18 00:34:33 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2006.08.24 23:07:50 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2006.08.24 23:07:50 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2006.11.10 13:42:00 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2006.11.11 00:32:03 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.04.10 17:14:17 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Programme\YRefresher\YRefresher.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Programme\YRefresher\YRefresher.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.10 14:42:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{4b648804-3511-11df-8053-001d92490b04}\Shell - "" = AutoRun
O33 - MountPoints2\{4b648804-3511-11df-8053-001d92490b04}\Shell\1\Command - "" = .\recycled\info.exe
O33 - MountPoints2\{4b648804-3511-11df-8053-001d92490b04}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d62c83db-5cd9-11de-be62-001d92490b04}\Shell - "" = AutoRun
O33 - MountPoints2\{d62c83db-5cd9-11de-be62-001d92490b04}\Shell\1\Command - "" = E:\.\recycled\info.exe -- File not found
O33 - MountPoints2\{d62c83db-5cd9-11de-be62-001d92490b04}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.21 20:29:35 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2010.05.21 19:42:53 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\mbam146-setup.exe
[2010.05.21 19:26:13 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010.05.21 19:25:28 | 004,173,256 | ---- | C] (AxBx ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\setup.exe
[2010.05.21 19:12:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.15 20:12:57 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71u.dll
[2010.05.15 20:12:57 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2010.05.15 20:12:57 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71DEU.DLL
[2010.05.15 20:12:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ITA.DLL
[2010.05.15 20:12:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71FRA.DLL
[2010.05.15 20:12:57 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ESP.DLL
[2010.05.15 20:12:57 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71ENU.DLL
[2010.05.15 20:12:57 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71KOR.DLL
[2010.05.15 20:12:57 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71JPN.DLL
[2010.05.15 20:12:57 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHT.DLL
[2010.05.15 20:12:57 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71CHS.DLL
[2010.05.15 20:12:56 | 000,964,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70u.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70ita.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70fra.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70esp.dll
[2010.05.15 20:12:56 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70deu.dll
[2010.05.15 20:12:56 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70enu.dll
[2010.05.15 20:12:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70kor.dll
[2010.05.15 20:12:56 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70jpn.dll
[2010.05.15 20:12:56 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70cht.dll
[2010.05.15 20:12:56 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70chs.dll
[2010.05.15 20:12:55 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2010.05.15 20:12:54 | 000,905,216 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8OB.LLX
[2010.05.15 20:12:54 | 000,369,664 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\cm32l800.lng
[2010.05.15 20:12:54 | 000,151,040 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8S.DLL
[2010.05.15 20:12:54 | 000,126,464 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32PR8.DLL
[2010.05.15 20:12:54 | 000,115,712 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32UT8.DLL
[2010.05.15 20:12:54 | 000,079,872 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32MM8.DLL
[2010.05.15 20:12:53 | 001,730,048 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32L8.DLL
[2010.05.15 20:12:53 | 000,340,992 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32DW8.DLL
[2010.05.15 20:12:52 | 000,505,344 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32CT8.DLL
[2010.05.15 20:12:52 | 000,114,688 | ---- | C] (combit GmbH) -- C:\WINDOWS\System32\CM32CR8.DLL
[2010.05.15 20:12:52 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2010.05.15 20:12:52 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl70.dll
[2010.05.15 20:10:05 | 000,000,000 | ---D | C] -- C:\Programme\Degener
[2010.05.14 13:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Neuer Ordner (2)
[2010.05.14 11:22:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\softonic-de3
[2010.05.01 21:02:30 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010.05.01 21:01:56 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.05.01 21:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.05.01 21:01:01 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.01 20:59:52 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.05.01 20:59:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.01 20:58:22 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.05.01 20:43:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\Schule Ausbildung ect
[2010.05.01 20:42:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\Counter-Strike
[2010.05.01 20:19:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Desktop\ipod
[2010.04.29 21:00:32 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[2010.04.29 21:00:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\softonic-de3
[2010.04.29 20:55:40 | 000,000,000 | ---D | C] -- C:\YouTubeDownload
[2010.04.29 20:55:39 | 000,000,000 | ---D | C] -- C:\ConverterOutput
[2010.04.29 20:55:28 | 000,258,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll
[2010.04.29 20:55:28 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2010.04.29 20:55:27 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll
[2010.04.29 20:55:27 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll
[2010.04.29 20:55:26 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2010.04.29 20:55:26 | 000,114,688 | ---- | C] (Cucusoft Inc.) -- C:\WINDOWS\System32\PropListCtrl.ocx
[2010.04.29 20:55:25 | 000,000,000 | ---D | C] -- C:\Programme\Cucusoft
[2010.04.23 14:35:56 | 000,000,000 | ---D | C] -- C:\Programme\YouTube Downloader
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.21 20:29:32 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sarah\Desktop\OTL.exe
[2010.05.21 20:21:00 | 005,767,168 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\NTUSER.DAT
[2010.05.21 20:19:16 | 000,215,715 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.21 20:19:13 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.05.21 20:18:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.21 20:18:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.21 19:43:41 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 19:43:07 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\mbam146-setup.exe
[2010.05.21 19:26:15 | 000,000,737 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Clean Virus MSN.lnk
[2010.05.21 19:25:38 | 004,173,256 | ---- | M] (AxBx ) -- C:\Dokumente und Einstellungen\Sarah\Desktop\setup.exe
[2010.05.21 19:07:23 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.20 19:18:56 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.05.20 14:14:49 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Sarah\ntuser.ini
[2010.05.19 14:37:05 | 000,074,870 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\mrz_vw.jpg
[2010.05.19 14:32:13 | 000,108,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\flotte.jpg
[2010.05.18 21:35:11 | 000,046,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.17 16:27:17 | 000,006,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\photothumb.db
[2010.05.15 20:12:59 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Didi V3.lnk
[2010.05.14 11:22:00 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.05.14 09:28:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.01 21:01:14 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.04.29 21:00:50 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\DVDVideoSoft Free Studio.lnk
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.25 19:01:20 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\erste seite.doc
[2010.04.25 18:27:31 | 000,000,521 | ---- | M] () -- C:\hpfr3420.xml
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.21 19:43:41 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 19:26:15 | 000,000,737 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Clean Virus MSN.lnk
[2010.05.19 14:37:05 | 000,074,870 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\mrz_vw.jpg
[2010.05.19 14:32:13 | 000,108,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\flotte.jpg
[2010.05.15 20:12:59 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\Didi V3.lnk
[2010.05.15 20:12:55 | 001,170,504 | ---- | C] () -- C:\WINDOWS\System32\CMBTL800.HLP
[2010.05.01 21:02:32 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010.05.01 21:01:14 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.04.29 21:00:47 | 000,000,906 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Desktop\DVDVideoSoft Free Studio.lnk
[2010.04.29 20:55:28 | 000,092,102 | ---- | C] () -- C:\WINDOWS\System32\HKCU_GNU.reg
[2010.04.29 20:55:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.04.29 20:55:28 | 000,006,700 | ---- | C] () -- C:\WINDOWS\System32\HKLM_GNU.reg
[2010.04.29 20:55:28 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ff_acm.acm
[2010.04.29 20:55:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.04.29 20:55:27 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2010.04.29 20:55:27 | 000,014,909 | ---- | C] () -- C:\WINDOWS\System32\A_reg.reg
[2010.04.25 19:01:20 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\Sarah\Eigene Dateien\erste seite.doc
[2010.01.09 14:18:28 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2009.04.10 20:51:36 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.10 17:28:24 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.10 17:23:05 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009.04.10 15:56:32 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2009.04.10 15:23:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009.03.27 10:03:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.03.27 10:03:00 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.03.27 10:03:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.03.27 10:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.11.26 22:28:48 | 000,000,272 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
< End of report >

CrazyUnited 21.05.2010 19:56
Und als 2. die Logdateien von meiner Freundin :

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4124

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

21.05.2010 20:39:27
mbam-log-2010-05-21 (20-39-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 301371
Laufzeit: 1 Stunde(n), 5 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\msng.exe (Trojan.Backdoor) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system guard (Trojan.Backdoor) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\msng.exe (Trojan.Backdoor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsvncs.txt (Malware.Trace) -> Quarantined and deleted successfully.
Code:
OTL Extras logfile created on: 21.05.2010 20:42:46 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Maria\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 161,37 Gb Total Space | 105,24 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
Drive D: | 7,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 136,72 Gb Total Space | 91,43 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARIA-MRQQYSP6F
Current User Name: Maria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNetbiggrin isabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNetbiggrin isabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNetbiggrin isabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNetbiggrin isabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabledbiggrin ie Schlacht um Mittelerde (tm) -- ()
"C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Programme\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxcgcoms.exe" = C:\WINDOWS\system32\lxcgcoms.exe:*:Enabled:2300 Series -- ()
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\msng.exe" = C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\msng.exe:*:Enabled:Windows System Guard -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4393DE35-AD67-4F37-95E4-30F06EA0FDB2}" = Adobe Creative Suite 3 Design Premium
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{5E5E66D9-68DF-4818-A883-8787DC52EB7A}" = General Runtime Files for Nemetschek Allplan 2008
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Samsung Battery Manager
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71A51B59-E7D3-11DB-A386-005056C00008}" = Namuga 1.3M Webcam
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7262D0C8-41CC-4F75-8383-A6C7C61D7FC6}" = Nemetschek SoftLock 2006
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{746F49C9-3789-4F8E-AF3A-3A4B42ACFAF8}" = Spellforce 2 Gold
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{87F6C83D-F949-4d14-B5CB-DC8C75F8932D}" = Die Sims™ 2 Freizeit-Spaß
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8C640345-AF96-4ABA-A697-97D2A0B8C6DB}" = Adobe Flash CS3
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A88EFF90-6DA0-4468-85D4-62543AD92A83}" = Nemetschek Allplan 2008
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B975F4A1-63B6-11D4-BFEC-005004AF2D32}" = Monopoly Tycoon
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BCEDD813-269C-4D8F-A4BA-01FDC66254D3}" = Adobe Flash Video Encoder
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DA47ABC4-52DF-468D-988D-B9E768A3DF52}" = Pizza Connection 2
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0312AC6-988B-11DA-9C49-000476F770CC}" = CIB pdf brewer 2.5.22
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F41D14-E0DD-4FB4-AA09-A14225C769BD}" = Atheros WLAN Client
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner (remove only)
"Clean Virus MSN_is1" = Clean Virus MSN
"Convert Image To PDF_is1" = Convert Image To PDF
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Farm Craft" = Farm Craft
"Farm Craft 2" = Farm Craft 2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = FSCTV
"InterBase" = InterBase 6.5
"Lexmark 2300 Series" = Lexmark 2300 Series
"Little Shop - City Lights Deluxe" = Little Shop - City Lights Deluxe
"Little Shop - Road Trip Deluxe" = Little Shop - Road Trip Deluxe
"Little Shop of Treasures 2 Deluxe" = Little Shop of Treasures 2 Deluxe
"Little Shop of Treasures Deluxe" = Little Shop of Treasures Deluxe
"Mah Jong Quest II" = Mah Jong Quest II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mathcad 8 Explorer" = Mathcad 8 Explorer
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Slim Mobile USB DVB-T" = Slim Mobile USB DVB-T 1.0.0.29
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vbcpp40" = VisiBroker for Cpp 4.5
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"YRefresher_is1" = Yrefresher 1.00

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07.04.2010 06:53:16 | Computer Name = MARIA-MRQQYSP6F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CINEMA 4D.exe, Version 10.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 07.04.2010 10:23:01 | Computer Name = MARIA-MRQQYSP6F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung CINEMA 4D.exe, Version 10.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 11.04.2010 11:31:52 | Computer Name = MARIA-MRQQYSP6F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung spellforce2.exe, Version 0.0.0.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 14.04.2010 07:56:07 | Computer Name = MARIA-MRQQYSP6F | Source = ESENT | ID = 490
Description = svchost (1120) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 15.04.2010 09:01:29 | Computer Name = MARIA-MRQQYSP6F | Source = ESENT | ID = 490
Description = svchost (1124) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 16.04.2010 14:04:05 | Computer Name = MARIA-MRQQYSP6F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung manager10.exe, Version 2.0.0.5, fehlgeschlagenes
Modul manager10.exe, Version 2.0.0.5, Fehleradresse 0x0075a4ce.

Error - 16.04.2010 14:04:46 | Computer Name = MARIA-MRQQYSP6F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Manager10.exe, Version 2.0.0.5, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 16.04.2010 14:46:10 | Computer Name = MARIA-MRQQYSP6F | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung manager10.exe, Version 2.0.0.5, fehlgeschlagenes
Modul manager10.exe, Version 2.0.0.5, Fehleradresse 0x0062fd20.

Error - 20.04.2010 09:18:47 | Computer Name = MARIA-MRQQYSP6F | Source = ESENT | ID = 490
Description = svchost (1112) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error - 22.04.2010 07:44:24 | Computer Name = MARIA-MRQQYSP6F | Source = ESENT | ID = 490
Description = svchost (1124) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

[ System Events ]
Error - 20.05.2010 05:06:18 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016
(NDIS)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058

Error - 20.05.2010 08:46:33 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst stisvc.

Error - 21.05.2010 01:57:08 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft TV-/Videoverbindung" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 21.05.2010 01:57:08 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016
(NDIS)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058

Error - 21.05.2010 04:27:18 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService.

Error - 21.05.2010 04:54:50 | Computer Name = MARIA-MRQQYSP6F | Source = Print | ID = 6161
Description =

Error - 21.05.2010 04:59:59 | Computer Name = MARIA-MRQQYSP6F | Source = Print | ID = 6161
Description =

Error - 21.05.2010 14:40:22 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7034
Description = Dienst "Marvell Yukon Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.

Error - 21.05.2010 14:43:00 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft TV-/Videoverbindung" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 21.05.2010 14:43:00 | Computer Name = MARIA-MRQQYSP6F | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016
(NDIS)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1058


< End of report >
Code:
OTL logfile created on: 21.05.2010 20:42:46 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Dokumente und Einstellungen\Maria\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 86,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 161,37 Gb Total Space | 105,24 Gb Free Space | 65,22% Space Free | Partition Type: NTFS
Drive D: | 7,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive E: | 136,72 Gb Total Space | 91,43 Gb Free Space | 66,87% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARIA-MRQQYSP6F
Current User Name: Maria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Maria\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
PRC - C:\Programme\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Maria\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Adobe Version Cue CS3) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (lxcg_device) -- C:\WINDOWS\System32\lxcgcoms.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (InterBaseServer) -- C:\Programme\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
SRV - (InterBaseGuardian) -- C:\Programme\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)


========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (VMC326) -- C:\WINDOWS\system32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM) -- C:\WINDOWS\system32\drivers\s0016unic.sys (MCCI Corporation)
DRV - (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS) -- C:\WINDOWS\system32\drivers\s0016nd5.sys (MCCI Corporation)
DRV - (s0016mdfl) -- C:\WINDOWS\system32\drivers\s0016mdfl.sys (MCCI Corporation)
DRV - (s0016mdm) -- C:\WINDOWS\system32\drivers\s0016mdm.sys (MCCI Corporation)
DRV - (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s0016mgmt.sys (MCCI Corporation)
DRV - (s0016obex) -- C:\WINDOWS\system32\drivers\s0016obex.sys (MCCI Corporation)
DRV - (s0016bus) Sony Ericsson Device 0016 driver (WDM) -- C:\WINDOWS\system32\drivers\s0016bus.sys (MCCI Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (AVerAF15) -- C:\WINDOWS\system32\drivers\AVerAF15.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (DOSMEMIO) -- C:\WINDOWS\system32\MEMIO.SYS ()
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (PQNTDrv) -- C:\WINDOWS\system32\drivers\PQNTDRV.sys (PowerQuest Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://farmerama.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.0
FF - prefs.js..network.proxy.backup.ftp: "10.0.0.9"
FF - prefs.js..network.proxy.backup.ftp_port: 3128
FF - prefs.js..network.proxy.backup.gopher: "10.0.0.9"
FF - prefs.js..network.proxy.backup.gopher_port: 3128
FF - prefs.js..network.proxy.backup.socks: "10.0.0.9"
FF - prefs.js..network.proxy.backup.socks_port: 3128
FF - prefs.js..network.proxy.backup.ssl: "10.0.0.9"
FF - prefs.js..network.proxy.backup.ssl_port: 3128
FF - prefs.js..network.proxy.ftp: "10.0.0.9"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "10.0.0.9"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "10.0.0.9"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 10.0.0.0/99"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "10.0.0.9"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "10.0.0.9"
FF - prefs.js..network.proxy.ssl_port: 3128

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.03.31 12:13:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.03.31 12:13:20 | 000,000,000 | ---D | M]

[2009.07.01 20:57:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Extensions
[2010.05.21 15:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\ng75jzor.default\extensions
[2009.12.08 16:51:34 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\ng75jzor.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2009.08.13 11:57:21 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\Mozilla\Firefox\Profiles\ng75jzor.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.28 20:03:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2006.09.26 12:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll
[2010.02.19 07:20:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 07:20:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 07:20:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 07:20:23 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 07:20:23 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.07.15 23:36:10 | 000,000,867 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Programme\YRefresher\YRefresher.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (RefresherBand Class) - {B24BA06E-FB7B-4757-95C2-DC01125F750E} - C:\Programme\YRefresher\YRefresher.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BatteryManager] C:\Programme\Samsung\Samsung Battery Manager\BatteryManager.exe ()
O4 - HKLM..\Run: [LXCGCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.DLL ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.01 19:43:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.21 20:42:26 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Maria\Desktop\OTL.exe
[2010.05.21 19:32:00 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.21 19:31:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.21 19:31:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.21 19:31:23 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Maria\Desktop\mbam146-setup.exe
[2010.05.21 19:16:15 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010.05.21 19:16:01 | 004,173,256 | ---- | C] (AxBx ) -- C:\Dokumente und Einstellungen\Maria\Desktop\setup.exe
[2010.05.21 11:35:04 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Maria\Recent
[2010.05.14 09:37:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maria\Anwendungsdaten\NevoSoft Games
[2010.05.11 19:46:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maria\Desktop\Anfangprüfung 2009 projekt.prj
[2010.05.11 19:46:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maria\Desktop\prüfung 09 projekt.prj
[2010.04.28 20:20:22 | 000,000,000 | ---D | C] -- C:\Programme\MathSoft
[2010.04.28 20:19:30 | 000,000,000 | ---D | C] -- C:\Programme\mcd
[2010.04.27 09:26:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Maria\Eigene Dateien\Updater5
[2010.04.25 13:10:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\nView_Profiles
[2010.04.25 13:05:06 | 000,000,000 | ---D | C] -- C:\Programme\Motherboard Monitor 5
[2009.07.02 13:56:42 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\implode.dll
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.21 20:42:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Maria\Desktop\OTL.exe
[2010.05.21 20:41:40 | 000,186,039 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.05.21 20:41:23 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.21 20:41:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.21 20:40:44 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Maria\NTUSER.DAT
[2010.05.21 20:40:32 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Maria\ntuser.ini
[2010.05.21 19:32:03 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 19:31:29 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Maria\Desktop\mbam146-setup.exe
[2010.05.21 19:16:16 | 000,000,737 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\Clean Virus MSN.lnk
[2010.05.21 19:16:04 | 004,173,256 | ---- | M] (AxBx ) -- C:\Dokumente und Einstellungen\Maria\Desktop\setup.exe
[2010.05.21 10:47:05 | 000,254,782 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\TIERPARK_LAGEPLAN.jpg
[2010.05.20 18:59:13 | 000,100,864 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.20 11:38:29 | 000,009,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Eigene Dateien\1664723192_Kontoauszug_20100520-08.pdf
[2010.05.16 19:57:08 | 000,031,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\Mappe1.xls
[2010.05.16 17:55:12 | 000,079,484 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\gin.rtf
[2010.05.14 19:37:05 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Desktop\Abschlussfeier.doc
[2010.05.02 14:57:08 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.29 09:00:33 | 000,047,416 | ---- | M] () -- C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.04.29 08:42:45 | 000,303,624 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.25 20:39:55 | 002,648,194 | -H-- | M] () -- C:\Dokumente und Einstellungen\Maria\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.04.25 13:36:21 | 000,010,727 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010.04.25 13:31:33 | 000,000,144 | ---- | M] () -- C:\WINDOWS\Sierra.ini
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.21 19:32:03 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.21 19:16:16 | 000,000,737 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\Desktop\Clean Virus MSN.lnk
[2010.05.21 10:47:03 | 000,254,782 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\Desktop\TIERPARK_LAGEPLAN.jpg
[2010.05.20 19:56:34 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\Desktop\XuMouse.exe
[2010.05.20 11:38:28 | 000,009,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\Eigene Dateien\1664723192_Kontoauszug_20100520-08.pdf
[2010.05.16 19:11:33 | 000,031,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\Desktop\Mappe1.xls
[2010.05.16 17:55:12 | 000,079,484 | ---- | C] () -- C:\Dokumente und Einstellungen\Maria\Desktop\gin.rtf
[2010.02.26 13:10:43 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2010.01.19 11:14:08 | 000,004,300 | ---- | C] () -- C:\WINDOWS\System32\MEMIO.SYS
[2009.08.23 12:51:13 | 000,000,144 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2009.07.08 16:40:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\AVerText.ini
[2009.07.08 16:15:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009.07.08 16:14:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009.07.08 16:14:12 | 000,003,456 | R--- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009.07.08 16:14:04 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009.07.08 16:14:04 | 000,253,952 | R--- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009.07.02 15:09:28 | 000,056,832 | ---- | C] () -- C:\WINDOWS\energieanzeige.dll
[2009.07.02 15:09:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.07.02 15:09:19 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Energieanzeige.ini
[2009.07.02 14:24:56 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage3.dll
[2009.07.02 14:24:56 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\FreeImage.dll
[2009.07.02 14:11:13 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.07.02 14:03:36 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009.07.02 13:56:43 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2009.07.02 13:56:43 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2009.07.01 21:50:02 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009.07.01 20:25:25 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.05.14 22:13:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.14 22:13:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.14 22:13:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.14 22:13:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.04.01 09:00:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.04.01 08:41:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006.11.29 04:30:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx13_ic.ini
[2005.05.11 11:24:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\lxcginsr.dll
[2005.05.11 11:24:42 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxcgcur.dll
[2005.05.11 11:24:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxcgjswr.dll
[2005.04.15 23:24:38 | 001,191,936 | ---- | C] () -- C:\WINDOWS\System32\lxcgserv.dll
[2005.04.15 23:18:30 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\lxcglmpm.dll
[2005.04.15 23:18:00 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\lxcgcomm.dll
[2005.04.15 23:15:42 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lxcgpplc.dll
[2005.04.15 23:14:42 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\lxcgcomc.dll
[2005.04.15 23:13:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\lxcgprox.dll
[2005.04.15 23:06:40 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\lxcgusb1.dll
[2005.03.14 11:45:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcgvs.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2002.03.25 21:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:ADF211B1
< End of report >
ich hoffe, ihr könnt helfen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131