Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   explorer.exe als trojaner erkannt! (https://www.trojaner-board.de/90722-explorer-exe-trojaner-erkannt.html)

frERky 13.09.2010 11:29
explorer.exe als trojaner erkannt!
 
Hallo allerseits,

ich war die letzten 3 Wochen im Urlaub, also nicht am Pc, als ich wiederkam meldete der Avira plötzlich dass explorer.exe im windows (xp professional sp3) ordner ein trojaner sei.
daher nehm ich mal an dass ich einen virus auf dem pc habe. da die explorer.exe als virus erkannt wird, kann ich sie ja schlecht löschen weil sonst mein system nicht mehr funktionieren würde.

ist das eine falsche meldung? ich lasse jetzt mal mbam durchlaufen und poste den log dazu nach.

danke schonmal für antworten

mfg

MBAM Log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4607

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

13.09.2010 21:25:31
mbam-log-2010-09-13 (21-25-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|I:\|)
Durchsuchte Objekte: 599361
Laufzeit: 3 Stunde(n), 15 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\System Volume Information\_restore{25A12B0B-C7C1-4A61-9AB1-50D7E9712594}\RP4\A0002547.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{25A12B0B-C7C1-4A61-9AB1-50D7E9712594}\RP4\A0002548.exe (Rogue.SecurityTool) -> Quarantined and deleted successfully.

mal ein kleines update:

avira erkennt die explorer.exe immer noch als trojaner
mein internet ist jetzt auch richtig langsam, das w-lan bzw die ganze netzwerkverbindung setzt regelmäßig kurz aus.
mein icq sagt mir dass die verbindung zum proxyserver nicht hergestellt werden kann, das hat mein browser auch gesagt, als ich die einstellungen dann aber auf "automatisch" eingestellt habe, gings wieder.

ich finde das seltsam dass das alles auf einmal passiert...kann mir da jemand helfen?

cosinus 16.09.2010 10:09
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

frERky 16.09.2010 11:19
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 16.09.2010 12:12:55 - Run 3
OTL by OldTimer - Version 3.2.12.1    Folder = C:\Dokumente und Einstellungen\Altan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,66 Gb Total Space | 11,52 Gb Free Space | 11,80% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 16,40 Gb Free Space | 8,40% Space Free | Partition Type: NTFS
Drive E: | 172,79 Gb Total Space | 10,72 Gb Free Space | 6,20% Space Free | Partition Type: NTFS
Drive F: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,76 Gb Total Space | 40,55 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
 
Computer Name: FRITTENBUDE
Current User Name: Altan
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3106:UDP" = 3106:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"3107:UDP" = 3107:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
"3108:UDP" = 3108:UDP:*:Enabled:Windows Media Format SDK (wmplayer.exe)
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Quake 3\quake3.exe" = D:\Quake 3\quake3.exe:*:Enabled:quake3 -- ()
"D:\Enemy Territory\ET.exe" = D:\Enemy Territory\ET.exe:*:Enabled:ET -- ()
"D:\TmNationsForever\TmForever.exe" = D:\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"D:\Steam\SteamApps\frerky\half-life 2 deathmatch\hl2.exe" = D:\Steam\SteamApps\frerky\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\DNA\btdna.exe" = C:\Programme\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Programme\BitTorrent\bittorrent.exe" = C:\Programme\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"D:\Steam\SteamApps\frerky\team fortress 2\hl2.exe" = D:\Steam\SteamApps\frerky\team fortress 2\hl2.exe:*:Enabled:hl2 -- ()
"D:\Steam\SteamApps\frerky\source sdk base 2007\hl2.exe" = D:\Steam\SteamApps\frerky\source sdk base 2007\hl2.exe:*:Enabled:hl2 -- ()
"D:\Steam\SteamApps\frerky\source sdk base\hl2.exe" = D:\Steam\SteamApps\frerky\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"D:\Steam\SteamApps\nubilein\counter-strike\hl.exe" = D:\Steam\SteamApps\nubilein\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\Steam\SteamApps\nubilein\half-life\hl.exe" = D:\Steam\SteamApps\nubilein\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\Canon\Color Network ScanGear\SgTool.exe" = C:\Programme\Canon\Color Network ScanGear\SgTool.exe:*:Enabled:SGTOOL -- (CANON INC.)
"D:\Steam\SteamApps\nubilein\opposing force\hl.exe" = D:\Steam\SteamApps\nubilein\opposing force\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Programme\GIGABYTE\GEST\run.exe" = C:\Programme\GIGABYTE\GEST\run.exe:*:Disabled:update -- ()
"C:\Programme\CryptLoad_1.1.6\RouterClient.exe" = C:\Programme\CryptLoad_1.1.6\RouterClient.exe:*:Enabled:RouterClient -- (hxxp://cryptload.info)
"D:\Anno 1701\Anno1701.exe" = D:\Anno 1701\Anno1701.exe:*:Enabled:Anno 1701 -- (Related Designs Software GmbH)
"D:\Half Life\hl.exe" = D:\Half Life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve, L.L.C.)
"D:\Command & Conquer 3\RetailExe\1.9\cnc3game.dat" = D:\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars -- (Electronic Arts Inc.)
"D:\GTA2\gta2.exe" = D:\GTA2\gta2.exe:*:Enabled:GTA2 main executable -- (Rockstar North)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"D:\Black & White\runblack.exe" = D:\Black & White\runblack.exe:*:Enabled:lh -- (LionHead Studios Ltd.)
"D:\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe" = D:\Steam\SteamApps\common\peggle extreme\PeggleExtreme.exe:*:Enabled:Peggle Extreme -- ()
"C:\Programme\Backgammon7\Backgammon-Client.exe" = C:\Programme\Backgammon7\Backgammon-Client.exe:*:Enabled:Backgammon7 -- ( backgammon7.net)
"D:\FlatOut2\FlatOut2.exe" = D:\FlatOut2\FlatOut2.exe:*:Disabled:FlatOut2 -- File not found
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood -- ()
"C:\Programme\Zattoo\Zattoo2.exe" = C:\Programme\Zattoo\Zattoo2.exe:*:Enabled:  -- ()
"C:\Programme\Joost\xulrunner\tvprunner.exe" = C:\Programme\Joost\xulrunner\tvprunner.exe:*:Enabled:tvprunner -- (Joost Technologies B.V.)
"C:\Programme\PPLive\PPLive.exe" = C:\Programme\PPLive\PPLive.exe:*:Enabled:PPLive -- ()
"D:\Ghost Recon\GhostRecon.exe" = D:\Ghost Recon\GhostRecon.exe:*:Enabled:GhostRecon -- ()
"D:\Battlefield 2\BF2.exe" = D:\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"D:\Battlefield Vietnam\bfvietnam.exe" = D:\Battlefield Vietnam\bfvietnam.exe:*:Enabled:bfvietnam -- ()
"D:\Quake 2\quake2xp.exe" = D:\Quake 2\quake2xp.exe:*:Enabled:quake2xp -- (Quake2xp Team)
"D:\Quake 2\quake2.exe" = D:\Quake 2\quake2.exe:*:Enabled:quake2 -- ()
"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled:  -- ()
"D:\Diablo\diablo.exe" = D:\Diablo\diablo.exe:*:Enabled:Diablo -- (Blizzard Entertainment)
"D:\Aliens Versus Predator\MyAvP.exe" = D:\Aliens Versus Predator\MyAvP.exe:*:Enabled:MyAvP -- ()
"D:\FEAR\FEAR.exe" = D:\FEAR\FEAR.exe:*:Enabled:FEAR -- (Monolith Productions, Inc.)
"C:\Programme\Vuze\Azureus.exe" = C:\Programme\Vuze\Azureus.exe:*:Enabled:Azureus -- (Vuze Inc.)
"D:\Dawn of War\W40k.exe" = D:\Dawn of War\W40k.exe:*:Disabled:W40K -- (Relic Entertainment Inc.)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6.5 -- (ICQ, LLC.)
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"D:\Crysis\Bin32\Crysis.exe" = D:\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"D:\Crysis\Bin32\CrysisDedicatedServer.exe" = D:\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"I:\Spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe" = I:\Spiele\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)  -- ()
"D:\Left 4 Dead\left4dead.exe" = D:\Left 4 Dead\left4dead.exe:*:Enabled:left4dead -- ()
"D:\Steam\SteamApps\common\jedi outcast\GameData\jk2sp.exe" = D:\Steam\SteamApps\common\jedi outcast\GameData\jk2sp.exe:*:Enabled:Star Wars Jedi Knight II: Jedi Outcast -- ()
"D:\Steam\SteamApps\common\jedi outcast\GameData\jk2mp.exe" = D:\Steam\SteamApps\common\jedi outcast\GameData\jk2mp.exe:*:Enabled:Star Wars Jedi Knight II: Jedi Outcast -- ()
"D:\Steam\SteamApps\common\jedi academy\GameData\jasp.exe" = D:\Steam\SteamApps\common\jedi academy\GameData\jasp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
"D:\Steam\SteamApps\common\jedi academy\GameData\jamp.exe" = D:\Steam\SteamApps\common\jedi academy\GameData\jamp.exe:*:Enabled:Star Wars Jedi Knight: Jedi Academy -- (Activision Inc)
"I:\Spiele\Mass Effect 2\MassEffect2Launcher.exe" = I:\Spiele\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -Launcher -- (BioWare)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\GROOVE.EXE" = C:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"I:\Spiele\Mass Effect 2\Binaries\UT3.exe" = I:\Spiele\Mass Effect 2\Binaries\UT3.exe:*:Enabled:Mass Effect 2 -- (BioWare)
"D:\Steam\SteamApps\common\torchlight\Torchlight.exe" = D:\Steam\SteamApps\common\torchlight\Torchlight.exe:*:Enabled:Torchlight -- (Runic Games, Inc.)
"D:\Star Wars Battlefront II\GameData\BattlefrontII.exe" = D:\Star Wars Battlefront II\GameData\BattlefrontII.exe:*:Enabled:BattlefrontII -- ()
"I:\Spiele\Ghost Recon Advanced Warfighter\GRAW.exe" = I:\Spiele\Ghost Recon Advanced Warfighter\GRAW.exe:*:Enabled:GRAW -- File not found
"C:\Programme\Hamachi\hamachi.exe" = C:\Programme\Hamachi\hamachi.exe:*:Enabled:Hamachi -- (LogMeIn Inc.)
"D:\Starcraft\StarCraft.exe" = D:\Starcraft\StarCraft.exe:*:Enabled:Starcraft - Brood War -- (Blizzard Entertainment)
"D:\Age of Empires II\EMPIRES2.ICD" = D:\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"D:\Age of Empires II\empires2.exe" = D:\Age of Empires II\empires2.exe:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"I:\Spiele\EFLC\EFLC.exe" = I:\Spiele\EFLC\EFLC.exe:*:Disabled:Grand Theft Auto : Episodes from Liberty City -- (Take-Two Interactive Software, Inc.)
"I:\Spiele\Steamless Left4Dead2 Pack\left4dead2.exe" = I:\Spiele\Steamless Left4Dead2 Pack\left4dead2.exe:*:Enabled:left4dead2 -- ()
"D:\Steam\SteamApps\common\flatout ultimate carnage\Fouc.exe" = D:\Steam\SteamApps\common\flatout ultimate carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage -- (Empire Interactive Ltd.)
"D:\Steam\SteamApps\common\grand theft auto iv\GTAIV\GTAIV.exe" = D:\Steam\SteamApps\common\grand theft auto iv\GTAIV\GTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Take-Two Interactive Software, Inc.)
"D:\Steam\SteamApps\common\flatout ultimate carnage\launcher.exe" = D:\Steam\SteamApps\common\flatout ultimate carnage\launcher.exe:*:Enabled:FlatOut: Ultimate Carnage -- (Empire Interactive Ltd.)
"D:\Steam\SteamApps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe" = D:\Steam\SteamApps\common\grand theft auto iv\GTAIV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"D:\Steam\SteamApps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe" = D:\Steam\SteamApps\common\serious sam hd the second encounter\Bin\SamHD_TSE.exe:*:Enabled:Serious Sam HD: The Second Encounter -- ()
"D:\Steam\SteamApps\common\trackmania nations forever\TmForever.exe" = D:\Steam\SteamApps\common\trackmania nations forever\TmForever.exe:*:Enabled:TrackMania Nations Forever -- ()
"D:\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe" = D:\Steam\SteamApps\common\trackmania nations forever\TmForeverLauncher.exe:*:Enabled:TrackMania Nations Forever -- ()
"I:\Spiele\Dragon Age\bin_ship\daorigins.exe" = I:\Spiele\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"I:\Spiele\Dragon Age\DAOriginsLauncher.exe" = I:\Spiele\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"I:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe" = I:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"D:\Steam\SteamApps\common\alien swarm\srcds.exe" = D:\Steam\SteamApps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server -- ()
"D:\Steam\SteamApps\common\boostertrooper\BTroopers.exe" = D:\Steam\SteamApps\common\boostertrooper\BTroopers.exe:*:Enabled:Booster Trooper -- (DnS Development)
"D:\Steam\steam.exe" = D:\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation)
"\" = C:\WINDOWS\system\dwm.exe:*:Enabled:KL -- File not found
"D:\Steam\SteamApps\common\alien swarm\swarm.exe" = D:\Steam\SteamApps\common\alien swarm\swarm.exe:*:Enabled:Alien Swarm -- ()
"D:\Steam\SteamApps\common\worms reloaded\WormsReloaded.exe" = D:\Steam\SteamApps\common\worms reloaded\WormsReloaded.exe:*:Enabled:Worms Reloaded -- (Team17 Software Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0928B2C5-0B16-C2FB-7BAE-A25901414687}" = ATI Catalyst Install Manager
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP220_series" = Canon MP220 series
"{1774C3D2-30FF-70EE-A1AF-1B771E2D2D33}" = ccc-utility
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1BC4026B-1957-4514-9058-2B542557F143}" = Opera 9.63
"{1E2FDD18-E514-4631-AF4A-0CC58FD93DCB}" = Quake Live Mozilla Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FE9594B-E51F-9845-0466-C0D1D915FBB5}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Red Alert™ 3
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2B21DEAC-4EB7-4516-8E0C-F1F3A29FF2AE}" = Gothic III - Götterdämmerung Patch
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31DDEBE2-0F7D-A4AA-B8A9-9E1FD795FC2A}" = CCC Help English
"{33691AFF-9ABF-4278-BDB6-902EE07D9237}" = Native Instruments Guitar Rig 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3BFFC6B8-4EC0-4240-858C-998FD4077983}" = Nokia Connectivity Cable Driver
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{4538055F-EBC6-4E67-9365-F55B1DEFE9DE}" = Gothic 3 - Götterdämmerung
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{576E71DA-3000-48F6-9B21-B9A70D47DFCF}" = Star Wars JK II Jedi Outcast
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}" = Dynamic Energy Saver B7.1214.3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5DA6F06A-B389-407B-BF8C-1548767914D8}" = ATI Problem Report Wizard
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{696DB748-73BB-405D-9567-79B5FCAEB691}" = PowerArchiver 2010 German
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7EACD74C-147F-478C-9389-F9F52EE3C88A}" = LightScribe System Software
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{864785DF-6D78-4A38-B66F-845BC5741843}" = liteCAM Evaluation
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FDC1610-3FB5-4EF2-A0D0-CEDC3A525A25}" = DIE SIEDLER - Das Erbe der Könige
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92BD0C6C-B380-4D21-890A-6198D48D06C6}_is1" = Easy RM Producer
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF507761-0AD4-4BCC-A636-42DB38E689B0}" = Sven 2 XXL
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B713000F-FBE3-11D3-9D91-0050DA5C3DCF}" = YAMAHA XG SoftSynthesizer S-YXG50
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BEAED2F4-04C7-95C4-7D8F-500EFE6CD1F9}" = ccc-core-static
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C457BA5F-35F9-480C-90F8-5C91DB443A15}_is1" = Shutdown Manager
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C79308BC-63CC-4A0F-A585-2E137EA42A1E}_is1" = Power MP4 iPod PSP 3GP AVI MPG WMV Video Converter 8.7
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE567716-7997-E0AE-DD81-1A5D49A5FB25}" = Catalyst Control Center Graphics Previews Common
"{CFEBE886-3EF2-4389-96D0-B0808E58BC3E}" = HipHop 6 Demo
"{D07643A3-CE41-4286-8C78-EB9C83E76DDB}" = PunkBuster für Battlefield Vietnam
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1ADE2BF-32D3-4EC3-9BF4-F5E1A740F92E}" = Color Network ScanGear Ver.2.42
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D4EEC21C-04F0-4CF4-8078-82C11E38EF11}" = REALTEK RTL8187SE Wireless LAN Driver
"{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: The Complete Saga
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F428768A-BA63-43A5-86E9-7F0CFD174944}" = Command & Conquer 3 Tiberium Wars(TM) Worldbuilder
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem  (11/03/2006 6.82.0.1)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD  (11/03/2006 6.82.26.2)
"8461-7759-5462-8226" = Vuze
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Age of Empires 2.0" = Microsoft Age of Empires II
"Aglare WMV to AVI Converter_is1" = Aglare WMV to AVI Converter 6.3
"Aliens Versus Predator" = Aliens Versus Predator
"Aplus WMV to XviD Converter_is1" = Aplus WMV to XviD Converter 8.89
"Ashampoo Cover Studio 2_is1" = Ashampoo Cover Studio 2.00
"Audacity_is1" = Audacity 1.2.6
"AudioRecorder" = AudioRecorder
"Autorun Eater_is1" = Autorun Eater v2.2
"AVIedit 3.38" = AVIedit 3.38
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Babylon" = Babylon
"Battle.net" = Battle.net
"Battlecraft Vietnam1.0 BETA" = Battlecraft Vietnam
"BF2SP64" = BF2SP64
"BidForPower" = BidForPower
"Cake Poker" = Cake Poker
"Cakewalk Beatscape_is1" = Beatscape 1.0
"Canon MP220 series Benutzerregistrierung" = Canon MP220 series Benutzerregistrierung
"CANONBJ_Deinstall_CNMCP64.DLL" = Canon PIXMA iP4000
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"Diablo" = Diablo
"DivX Setup.divx.com" = DivX-Setup
"DreamStation DXi2" = DreamStation DXi2
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0 (build 25)
"foobar2000" = foobar2000 v0.9.5.4
"FormatFactory" = FormatFactory 1.80
"Free Convert XVID AVI WMV MPEG FLV MP4 Converter_is1" = Free Convert XVID AVI WMV MPEG FLV MP4 Converter 5.8
"Free FLV Converter_is1" = Free FLV Converter V 5.9
"Grand Theft Auto" = Grand Theft Auto
"Grand Theft Auto London 1961" = Grand Theft Auto London 1961
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Hamachi" = Hamachi 1.0.1.5
"Instagib - Source 1.0b" = Instagib - Source 1.0b
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{5396FBD8-8BD7-47F9-92AE-F62F13D5A11D}" = NETGEAR WG111v3 wireless USB 2.0 adapter
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D596980D-17BE-4425-B8F0-5640719AADE9}" = LEGO® Star Wars™: Die Komplette Saga
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"Jalbum_0" = Jalbum 8.0
"JDownloader" = JDownloader
"Joost" = Joost (tm) Beta 1.1.8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Left 4 Dead" = Left 4 Dead
"Little Fighter 2" = Little Fighter 2 version 2.0
"MAGIX music maker 2005 e-version" = MAGIX music maker 2005 e-version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDT" = Battlefield Mod Development Toolkit 2.0 Beta
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIDInight Express II" = MIDInight Express II
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP3 Converter Simple" = MP3 Converter Simple
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Guitar Rig 3" = Native Instruments Guitar Rig 3
"Native Instruments Service Center" = Native Instruments Service Center
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"OpenAL" = OpenAL
"PDF Editor 3" = PDF Editor 3
"Peer2Peer-DE Toolbar" = Peer2Peer-DE Toolbar
"Peggle" = Peggle (remove only)
"Peggle World of Warcraft Edition" = Peggle World of Warcraft Edition
"POD-Bot 2.5" = POD-Bot 2.5
"Postal 2" = Postal 2
"PPLive" = PPLive 1.9
"PunkBusterSvc" = PunkBuster Services
"Quake2UninstallKey" = Quake II
"RealPlayer 12.0" = RealPlayer
"Red Alert" = Red Alert Windows 95
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Runic Games Torchlight" = Torchlight
"San Andreas Mod Installer1.1" = San Andreas Mod Installer
"Screen Antics" = Screen Antics 2.1
"ShrinkTo5Basic" = ShrinkTo5Basic
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"SONAR8Producer_is1" = SONAR 8.0 Producer Edition
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Starcraft" = Starcraft
"Steam App 10" = Counter-Strike
"Steam App 11020" = TrackMania Nations Forever
"Steam App 12210" = Grand Theft Auto IV
"Steam App 12360" = FlatOut: Ultimate Carnage
"Steam App 130" = Half-Life: Blue Shift
"Steam App 20" = Team Fortress Classic
"Steam App 218" = Source SDK Base - Orange Box
"Steam App 220" = Half-Life 2
"Steam App 22600" = Worms Reloaded
"Steam App 27920" = Booster Trooper
"Steam App 30" = Day of Defeat
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 32380" = Star Wars Jedi Knight: Dark Forces II
"Steam App 32390" = Star Wars Jedi Knight: Mysteries of the Sith
"Steam App 32400" = Star Wars: Dark Forces
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 3483" = Peggle Extreme
"Steam App 380" = Half-Life 2: Episode One
"Steam App 40" = Deathmatch Classic
"Steam App 400" = Portal
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41500" = Torchlight
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 50" = Opposing Force
"Steam App 6020" = Star Wars Jedi Knight: Jedi Academy
"Steam App 6030" = Star Wars Jedi Knight II: Jedi Outcast
"Steam App 630" = Alien Swarm
"Steam App 70" = Half-Life
"Steamless Left4Dead2 Pack" = Steamless Left4Dead2 Pack
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SurCode for Dolby Digital" = SurCode for Dolby Digital
"TmNationsForever_is1" = TmNationsForever Update 2010-03-15
"TotalBF2 Map Pack 3" = TotalBF2 Map Pack 3
"TVAnts 1.0" = TVAnts 1.0
"Ultra WMV Converter_is1" = Ultra WMV Converter 5.2.1022
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.0
"Webcam and Screen Recorder_is1" = Webcam and Screen Recorder 4.8.1
"WinAVI Video Capture_is1" = WinAVI Video Capture 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Backgammon7" = Backgammon7
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Facebook Plug-In" = Facebook Plug-In
"Pirate Galaxy" = Pirate Galaxy
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.09.2010 06:51:46 | Computer Name = FRITTENBUDE | Source = Google Update | ID = 20
Description =
 
Error - 11.09.2010 07:39:43 | Computer Name = FRITTENBUDE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mnxwrceosa.tmp, Version 7.2.0.51, fehlgeschlagenes
 Modul mnxwrceosa.tmp, Version 7.2.0.51, Fehleradresse 0x00001936.
 
Error - 11.09.2010 07:39:43 | Computer Name = FRITTENBUDE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mnxwrceosa.tmp, Version 7.2.0.51, fehlgeschlagenes
 Modul mnxwrceosa.tmp, Version 7.2.0.51, Fehleradresse 0x00001936.
 
Error - 11.09.2010 07:41:09 | Computer Name = FRITTENBUDE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung osmanrexcw.tmp, Version 0.0.0.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 11.09.2010 07:41:19 | Computer Name = FRITTENBUDE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung osmanrexcw.tmp, Version 0.0.0.0, fehlgeschlagenes
 Modul , Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 12.09.2010 16:25:13 | Computer Name = FRITTENBUDE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3855, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 12.09.2010 16:25:17 | Computer Name = FRITTENBUDE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3855,
 fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5512, Fehleradresse 0x0000100b.
 
Error - 13.09.2010 06:32:51 | Computer Name = FRITTENBUDE | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung yml.exe, Version 1.2.7.0, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.5512, Fehleradresse 0x0001325e.
 
[ System Events ]
Error - 14.09.2010 05:22:34 | Computer Name = FRITTENBUDE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Bluetooth
 Support Service.
 
Error - 14.09.2010 05:22:34 | Computer Name = FRITTENBUDE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Support Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 14.09.2010 17:24:28 | Computer Name = FRITTENBUDE | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 14.09.2010 17:24:28 | Computer Name = FRITTENBUDE | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 14.09.2010 17:24:39 | Computer Name = FRITTENBUDE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Bluetooth
 Support Service.
 
Error - 14.09.2010 17:24:39 | Computer Name = FRITTENBUDE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Support Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 15.09.2010 04:07:44 | Computer Name = FRITTENBUDE | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
 
Error - 15.09.2010 04:07:44 | Computer Name = FRITTENBUDE | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
 fehlgeschlagen. Stellen  Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
 vorhanden ist und dass diese  groß genug ist, um den gesamten physikalischen Speicher
 abbilden zu können.
 
Error - 15.09.2010 04:08:03 | Computer Name = FRITTENBUDE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Bluetooth
 Support Service.
 
Error - 15.09.2010 04:08:03 | Computer Name = FRITTENBUDE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Bluetooth Support Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >
--- --- ---

frERky 16.09.2010 11:29
OTL logfile created on: 16.09.2010 12:12:55 - Run 3
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Dokumente und Einstellungen\Altan\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 78,00% Memory free
5,00 Gb Paging File | 5,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 97,66 Gb Total Space | 11,52 Gb Free Space | 11,80% Space Free | Partition Type: NTFS
Drive D: | 195,31 Gb Total Space | 16,40 Gb Free Space | 8,40% Space Free | Partition Type: NTFS
Drive E: | 172,79 Gb Total Space | 10,72 Gb Free Space | 6,20% Space Free | Partition Type: NTFS
Drive F: | 7,86 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 465,76 Gb Total Space | 40,55 Gb Free Space | 8,71% Space Free | Partition Type: NTFS

Computer Name: FRITTENBUDE
Current User Name: Altan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Altan\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\foobar2000\foobar2000.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\GIGABYTE\GEST\gest.exe ()
PRC - C:\Programme\GIGABYTE\GEST\GSvr.exe ()
PRC - C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Programme\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\WINDOWS\system32\Sxgtkbar.exe (YAMAHA COROPRATION)
PRC - C:\refreshlock\RefreshLock.exe (Gregory Maynard-Hoare)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Altan\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\gdionce.dll ()
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Programme\ScanSoft\OmniPageSE4\OpHookSE4.dll (Nuance Communications, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (DAUpdaterSvc) -- I:\Spiele\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (InstallShield Licensing Service) -- C:\Programme\Gemeinsame Dateien\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision )
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (GEST Service) -- C:\Programme\GIGABYTE\GEST\GSvr.exe ()
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\cofi.exe5082c\catchme.sys File not found
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (VClone) -- C:\WINDOWS\system32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (Kbdclass) -- C:\WINDOWS\system32\drivers\kbdclass.sys ()
DRV - (Tcpip6) -- C:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (ET5Drv) -- C:\WINDOWS\system32\drivers\ET5Drv.sys (Windows (R) 2000 DDK provider)
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (Nokia USB Phone Parent) -- C:\WINDOWS\system32\drivers\nmwcd.sys (Nokia)
DRV - (Nokia USB Port) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys (Nokia)
DRV - (Nokia USB Modem) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys (Nokia)
DRV - (Nokia USB Generic) -- C:\WINDOWS\system32\drivers\nmwcdc.sys (Nokia)
DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation)
DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)
DRV - (SOFTXG) -- C:\WINDOWS\system32\drivers\sxgxgwdm.sys (YAMAHA CORPORATION)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://video.tomp4.com/
IE - HKCU\..\URLSearchHook: {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Programme\Peer2Peer-DE\tbPee0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ant.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.6.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.27 13:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.27 13:26:52 | 000,000,000 | ---D | M]

[2008.11.21 13:20:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Extensions
[2010.09.15 23:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\extensions
[2010.04.13 23:53:13 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010.02.01 00:05:06 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.03.20 04:11:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\extensions\anttoolbar@ant.com
[2009.07.25 17:15:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\extensions\dlembed@aeruder.net
[2009.07.03 15:54:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\extensions\myspacetoolbar@gmail.com
[2009.10.25 13:33:18 | 000,000,886 | ---- | M] () -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\searchplugins\conduit.xml
[2009.01.12 17:45:05 | 000,001,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Altan\Anwendungsdaten\Mozilla\Firefox\Profiles\gonf3w8u.default\searchplugins\leo-deu-spa.xml
[2010.09.15 23:39:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.06 13:06:16 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009.04.09 13:25:11 | 000,000,000 | ---D | M] (pdfforge Toolbar Plugin) -- C:\Programme\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
[2009.04.09 13:25:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\search@searchsettings.com
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll
[2008.07.16 15:42:38 | 000,066,208 | ---- | M] (Joost Technologies B.V. ) -- C:\Programme\Mozilla Firefox\plugins\npJoostPlugin.dll
[2010.07.27 13:26:44 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.27 13:26:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.27 13:26:45 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.27 13:26:45 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.27 13:26:45 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.05.30 16:37:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Shareware.Pro-DE Toolbar) - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Programme\Peer2Peer-DE\tbPee0.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Shareware.Pro-DE Toolbar) - {97ac393a-a525-4cd0-95cf-019b028cc7a4} - C:\Programme\Peer2Peer-DE\tbPee0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Shareware.Pro-DE Toolbar) - {97AC393A-A525-4CD0-95CF-019B028CC7A4} - C:\Programme\Peer2Peer-DE\tbPee0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Shareware.Pro-DE Toolbar) - {97AC393A-A525-4CD0-95CF-019B028CC7A4} - C:\Programme\Peer2Peer-DE\tbPee0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (Gigabyte Technology Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Programme\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CloneCDTray] C:\Programme\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [GEST] C:\Programme\GIGABYTE\GEST\run.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Programme\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SxgTkBar] C:\WINDOWS\System32\Sxgtkbar.exe (YAMAHA COROPRATION)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Programme\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Programme\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NETGEAR WG111v3 Smart Wizard.lnk = C:\Programme\NETGEAR\WG111v3\WG111v3.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Dokumente und Einstellungen\Altan\Startmenü\Programme\Autostart\Verknüpfung mit RefreshLock.lnk = C:\refreshlock\RefreshLock.exe (Gregory Maynard-Hoare)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.220.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Altan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Altan\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.21 13:06:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: reloemon - (C:\WINDOWS\system32\gdionce.dll) - C:\WINDOWS\system32\gdionce.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

cosinus 16.09.2010 11:49
Das OTL-Log (OTL.txt) ist unvollständig. Bitte zippen und hier anhängen.

frERky 16.09.2010 11:58
Hier der Anhang.

cosinus 16.09.2010 12:01
Mit was hast Du das gezippt? Ich kanns nicht entpacken. Die Zip ist defekt oder Du hast irgendein exotisches Tool benutzt.

frERky 16.09.2010 12:12
habs jetzt mit winrar gemacht.

cosinus 16.09.2010 12:38
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
MOD - C:\WINDOWS\system32\gdionce.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
O36 - AppCertDlls: reloemon - (C:\WINDOWS\system32\gdionce.dll) - C:\WINDOWS\system32\gdionce.dll ()
[2010.09.15 15:29:18 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\crash
[2010.09.14 23:28:47 | 000,046,592 | -H-- | C] () -- C:\WINDOWS\System32\gdionce.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

frERky 16.09.2010 12:45
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\reloemon:C:\WINDOWS\system32\gdionce.dll deleted successfully.
C:\WINDOWS\system32\gdionce.dll moved successfully.
C:\WINDOWS\system32\crash moved successfully.
File C:\WINDOWS\System32\gdionce.dll not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: All Users.WINXP

User: Altan
->Temp folder emptied: 126008729 bytes
->Temporary Internet Files folder emptied: 1410508 bytes
->Java cache emptied: 20100075 bytes
->FireFox cache emptied: 48658963 bytes
->Opera cache emptied: 45668312 bytes
->Flash cache emptied: 27228 bytes

User: Altan.FRITTENBUDE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINXP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3715157 bytes
->Flash cache emptied: 456 bytes

User: LocalService.NT-AUTORITÄT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2718747 bytes
->Java cache emptied: 8682 bytes
->Flash cache emptied: 1881 bytes

User: NetworkService.NT-AUTORITÄT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: wurst
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 99840 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132615 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 237,00 mb


OTL by OldTimer - Version 3.2.12.1 log created on 09162010_134219

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 16.09.2010 13:25
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

frERky 16.09.2010 14:07
ich hab jetzt aus versehen (falsch gelesen, sry) zuerst das cofi ausgeführt...
soll ich das mit dem ccleaner jetzt trotzdem noch machen?

cosinus 16.09.2010 19:14
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Folder::
c:\dokumente und einstellungen\Altan\Lokale Einstellungen\Anwendungsdaten\qhgeosbdp
c:\programme\Peer2Peer-DE
c:\programme\softonic-de3

File::
c:\windows\gdrv.sys

Registry::
[-HKEY_CLASSES_ROOT\clsid\{97ac393a-a525-4cd0-95cf-019b028cc7a4}]
[-HKEY_CLASSES_ROOT\clsid\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97ac393a-a525-4cd0-95cf-019b028cc7a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{97ac393a-a525-4cd0-95cf-019b028cc7a4}"=-
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{97ac393a-a525-4cd0-95cf-019b028cc7a4}"=-
"{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{97AC393A-A525-4CD0-95CF-019B028CC7A4}"=-
"{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}"=-
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

frERky 17.09.2010 10:00
hier das log

cosinus 17.09.2010 13:25
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:41 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27