Trojaner-Board - trojan.dropper & malware.trace

Alles klar, hab ich getan.

Einmal hier die Extras.txt Logfile:

OTL Logfile:

Code:

OTL Extras logfile created on: 13.07.2010 19:25:14 - Run 1

OTL by OldTimer - Version 3.2.9.0     Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.022,00 Mb Total Physical Memory | 464,00 Mb Available Physical Memory | 45,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 48,83 Gb Total Space | 29,02 Gb Free Space | 59,44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 100,22 Gb Total Space | 99,73 Gb Free Space | 99,51% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 186,31 Gb Total Space | 122,44 Gb Free Space | 65,72% Space Free | Partition Type: NTFS

Drive H: | 1,90 Gb Total Space | 0,72 Gb Free Space | 37,66% Space Free | Partition Type: FAT

I: Drive not present or media not loaded

 

Computer Name: FRANKE-04D42930

Current User Name: Besitzer

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service -- File not found

"C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found

"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe" = C:\Programme\KONAMI\Pro Evolution Soccer 2009\pes2009.exe:*:Enabled:Pro Evolution Soccer 2009 -- File not found

"F:\iw3mp.exe" = F:\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- File not found

"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"G:\pes2010.exe" = G:\pes2010.exe:*:Enabled:Pro Evolution Soccer 2010 -- (Konami Digital Entertainment Co., Ltd.)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17

"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5943B7F7-678B-477E-9AEE-6E4C6962322B}" = Sparwelt.de Gutschein Alarm

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{64B20B36-AEE7-4DD4-897C-C5DA5C218F60}" = Logicool Gaming Software 5.02

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{7148F0A8-6813-11D6-A77B-00B0D0142190}" = Java 2 Runtime Environment, SE v1.4.2_19

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9CE80D58-2E74-4FF4-A2D2-5E714E470F36}" = ASUS nVidia Driver

"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.6 - Deutsch

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XIIc

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop 7.0" = Adobe Photoshop 7.0

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CCleaner" = CCleaner (remove only)

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"FileZilla Client" = FileZilla Client 3.3.2.1

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3

"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.8

"Free YouTube Download_is1" = Free YouTube Download 2.6

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5

"Hama Flashlight Pad" = Hama Flashlight Pad

"ICQToolbar" = ICQ Toolbar

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McLoad Preinstaller" = McLoad Preinstaller

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.0.3)" = Mozilla Firefox (3.0.3)

"MSNINST" = MSN

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"OpenAL" = OpenAL

"PunkBusterSvc" = PunkBuster Services

"SystemRequirementsLab" = System Requirements Lab

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 0.9.6

"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinGimp-2.0_is1" = GIMP 2.4.5

"WinLiveSuite_Wave3" = Windows Live Essentials

"Winload Toolbar" = Winload Toolbar

"WinRAR archiver" = WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13.07.2010 13:28:00 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:00 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:00 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:03 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:03 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:03 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:03 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:03 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:03 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

Error - 13.07.2010 13:28:03 | Computer Name = FRANKE-04D42930 | Source = nview_info | ID = 11141121

Description = 

 

[ System Events ]

Error - 21.05.2010 13:11:26 | Computer Name = FRANKE-04D42930 | Source = Service Control Manager | ID = 7023

Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:

   %%126

 

Error - 07.06.2010 08:17:24 | Computer Name = FRANKE-04D42930 | Source = Service Control Manager | ID = 7022

Description = Der Dienst "IPv6-Hilfsdienst" wurde nicht ordnungsgemäß gestartet.

 

Error - 12.06.2010 10:56:32 | Computer Name = FRANKE-04D42930 | Source = W32Time | ID = 39452689

Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten

 Peer  "time.windows.com,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15

 Minuten  wiederholt.  Fehler: Der Host war bei einem Socketvorgang nicht erreichbar.

 (0x80072751)

 

Error - 12.06.2010 10:56:32 | Computer Name = FRANKE-04D42930 | Source = W32Time | ID = 39452701

Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren

 Zeitquellen  konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb  der

 nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung  mit der Quelle

 herzustellen.  Der NtpClient verfügt über keine Quelle mit genauer Zeit.

 

Error - 12.07.2010 14:31:29 | Computer Name = FRANKE-04D42930 | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 12.07.2010 14:31:38 | Computer Name = FRANKE-04D42930 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   nvgts

 

Error - 12.07.2010 14:32:09 | Computer Name = FRANKE-04D42930 | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst NVSvc.

 

Error - 13.07.2010 10:57:12 | Computer Name = FRANKE-04D42930 | Source = sr | ID = 1

Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 

Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung

 wurde angehalten.

 

Error - 13.07.2010 10:57:50 | Computer Name = FRANKE-04D42930 | Source = Service Control Manager | ID = 7026

Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:

   nvgts

 

Error - 13.07.2010 10:57:50 | Computer Name = FRANKE-04D42930 | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst NVSvc.

 

 

< End of report >

--- --- ---

Und einmal das OTL.Txt Logfile:
OTL Logfile:

Code:

OTL logfile created on: 13.07.2010 19:25:14 - Run 1

OTL by OldTimer - Version 3.2.9.0     Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.022,00 Mb Total Physical Memory | 464,00 Mb Available Physical Memory | 45,00% Memory free

3,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 48,83 Gb Total Space | 29,02 Gb Free Space | 59,44% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

Drive E: | 100,22 Gb Total Space | 99,73 Gb Free Space | 99,51% Space Free | Partition Type: NTFS

F: Drive not present or media not loaded

Drive G: | 186,31 Gb Total Space | 122,44 Gb Free Space | 65,72% Space Free | Partition Type: NTFS

Drive H: | 1,90 Gb Total Space | 0,72 Gb Free Space | 37,66% Space Free | Partition Type: FAT

I: Drive not present or media not loaded

 

Computer Name: FRANKE-04D42930

Current User Name: Besitzer

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Logicool\Gaming Software\LWEMon.exe (Logitech Inc.)

PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)

MOD - C:\Programme\NVIDIA Corporation\nView\NVWRSDE.dll (NVIDIA Corporation)

MOD - C:\Programme\NVIDIA Corporation\nView\nView.dll ()

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 
 

SRV - (SandraTheSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe File not found

SRV - (SandraDataSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe File not found

SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe File not found

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()

SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (cpuz130) -- C:\DOKUME~1\Besitzer\LOKALE~1\Temp\cpuz130\cpuz_x32.sys File not found

DRV - (aec) -- C:\WINDOWS\system32\drivers\aec.sys ()

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)

DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)

DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)

DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)

DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: sparweltgutscheinewl@sparwelt.de:1.0

FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.02 15:46:23 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.02 15:46:22 | 000,000,000 | ---D | M]

 

[2010.05.21 17:11:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions

[2010.07.12 20:28:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\extensions

[2010.05.21 17:18:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.05.25 20:08:24 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}

[2010.05.25 18:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.05.23 21:28:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.05.25 20:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\extensions\sparweltgutscheinewl@sparwelt.de

[2010.03.24 16:13:02 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\searchplugins\conduit.xml

[2010.07.13 15:17:17 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\searchplugins\icqplugin-1.xml

[2010.07.03 00:27:51 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\searchplugins\icqplugin-2.xml

[2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\f3iv22mt.default\searchplugins\icqplugin.xml

[2010.07.12 20:28:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2010.05.21 18:14:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2008.03.15 15:56:14 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2008.03.15 15:56:14 | 000,002,642 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2008.02.19 16:40:48 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2006.12.03 17:59:22 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2006.11.17 13:19:24 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.02.28 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\tbWin1.dll (Conduit Ltd.)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [DriveTheLife] C:\Programme\DriveTheLife\DriveTheLife.exe File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe ()

O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logicool\Gaming Software\LWEMon.exe (Logitech Inc.)

O4 - HKCU..\Run: [AdobeUpdater] C:\Programme\Gemeinsame Dateien\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [ccleaner] F:\Programme\CCleaner\CCleaner.exe File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)

O16 - DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} hxxp://intel-drv-cdn.systemrequirementslab.com/wired/bin/sysreqlab_srlx.cab (System Requirements Lab Class)

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab (MSN Photo Upload Tool)

O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008.08.08 22:11:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006.05.12 19:38:11 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

File not found -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Besitzer.

[2010.07.13 19:23:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe

[2010.07.09 15:28:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google

[2010.07.09 15:23:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google

[2010.07.09 15:23:37 | 000,000,000 | ---D | C] -- C:\Programme\Google

[2010.07.04 20:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Temp

[2010.06.26 18:29:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\ArcSoft

[2010.06.26 18:27:40 | 000,018,688 | ---- | C] (Arcsoft, Inc.) -- C:\WINDOWS\System32\drivers\afc.sys

[2010.06.26 18:27:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft

[2010.06.26 18:26:25 | 000,245,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\unicows.dll

[2010.06.26 18:26:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ArcSoft

[2010.06.26 18:26:12 | 000,000,000 | ---D | C] -- C:\Programme\ArcSoft

[2010.06.26 18:25:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\ArcSoft

[2010.06.18 16:44:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

[2010.06.15 15:05:19 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\WINDOWS\IsUn0407.exe

[2010.06.14 18:06:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes

[2010.06.14 18:04:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.06.14 18:04:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.06.14 18:04:11 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.06.14 18:04:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[9 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

File not found -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Besitzer.

[2010.07.13 19:28:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.07.13 19:25:00 | 000,001,220 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1897051121-839522115-1003UA.job

[2010.07.13 19:23:07 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe

[2010.07.13 16:57:00 | 000,244,844 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010.07.13 16:56:56 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.07.13 16:56:55 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.07.13 16:56:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.07.13 16:56:48 | 1072,222,208 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.13 16:55:40 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Besitzer\ntuser.ini

[2010.07.13 16:55:39 | 007,864,320 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\ntuser.dat

[2010.07.12 21:50:04 | 006,396,114 | -H-- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.07.12 20:25:02 | 000,001,168 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1897051121-839522115-1003Core.job

[2010.07.12 20:13:29 | 000,565,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\aec.sys

[2010.07.12 14:36:18 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.07.04 20:22:58 | 000,002,389 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Google Chrome.lnk

[2010.07.02 18:56:32 | 000,045,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT

[2010.07.02 15:46:24 | 000,001,566 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2010.07.01 14:46:58 | 000,177,856 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010.06.29 16:37:17 | 000,001,809 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Windows Live Messenger .lnk

[2010.06.23 23:51:30 | 000,998,466 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.06.23 23:51:30 | 000,449,132 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2010.06.23 23:51:30 | 000,432,806 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.06.23 23:51:30 | 000,080,456 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2010.06.23 23:51:30 | 000,067,762 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.06.15 15:10:04 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Adobe Photoshop 7.0.lnk

[2010.06.15 15:08:25 | 000,001,000 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk

[2010.06.14 21:17:14 | 000,113,803 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\.recently-used.xbel

[2010.06.14 18:04:16 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[9 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

[13 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.07.12 20:12:42 | 000,000,024 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\hwzypv.dat

[2010.07.09 15:23:43 | 000,001,092 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010.07.09 15:23:43 | 000,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010.07.04 20:22:43 | 000,002,389 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Google Chrome.lnk

[2010.07.04 20:20:15 | 000,001,220 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1897051121-839522115-1003UA.job

[2010.07.04 20:20:15 | 000,001,168 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1343024091-1897051121-839522115-1003Core.job

[2010.07.02 15:46:24 | 000,001,566 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk

[2010.06.29 16:37:17 | 000,001,809 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Windows Live Messenger .lnk

[2010.06.15 15:10:04 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Adobe Photoshop 7.0.lnk

[2010.06.15 15:08:25 | 000,001,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk

[2010.06.14 21:17:14 | 000,113,803 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\.recently-used.xbel

[2010.06.14 18:04:16 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009.08.17 19:57:30 | 000,000,258 | ---- | C] () -- C:\WINDOWS\game.ini

[2009.06.26 19:08:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI

[2009.06.18 20:24:32 | 000,215,144 | ---- | C] () -- C:\WINDOWS\patchw32.dll

[2009.01.16 13:30:01 | 000,000,062 | ---- | C] () -- C:\WINDOWS\pcvcdbr.INI

[2009.01.16 13:30:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcvcdvw.INI

[2009.01.01 21:09:52 | 000,000,450 | ---- | C] () -- C:\WINDOWS\wiso.ini

[2008.12.21 20:30:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI

[2008.11.07 18:55:32 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2008.11.07 18:18:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini

[2008.11.02 19:22:37 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008.10.25 20:29:36 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys

[2008.10.25 11:52:00 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll

[2008.10.25 11:52:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll

[2008.10.18 12:46:23 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2008.10.18 12:43:39 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE DX5000EFDG.ini

[2008.10.18 12:10:49 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll

[2008.10.07 07:33:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2008.10.07 07:33:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2008.10.07 07:33:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2008.10.07 07:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2008.10.07 07:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2008.09.22 20:13:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2008.08.18 20:30:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2008.08.08 22:16:59 | 000,011,027 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2008.08.08 22:16:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2008.08.08 22:16:47 | 000,010,855 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2008.08.08 22:16:34 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2008.08.08 18:51:31 | 000,565,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\aec.sys

[2006.09.07 06:18:00 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\EPSPTDV.DLL

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 110 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8C35AEA7

< End of report >

--- --- ---