Trojaner-Board - 20 TAN Trojaner Sparkasse

Der Log war noch gespeichert :)

Hier der erste Log, seit dem findet Malwarebytes nichts mehr, hab es gerade noch mal per Vollscan getestet.
Außerdem 2 aktuelle OTL Logs nach Anweisung hier im Forum.

Code:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org
 

Datenbank Version: 4786
 

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180
 

09.10.2010 23:21:54

mbam-log-2010-10-09 (23-21-54).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|D:\|F:\|G:\|H:\|I:\|)

Durchsuchte Objekte: 280409

Laufzeit: 1 Stunde(n), 40 Minute(n), 11 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 3

Infizierte Verzeichnisse: 0

Infizierte Dateien: 7
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\Dokumente und Einstellungen\NetworkService.NT-AUTORITÄT\Anwendungsdaten\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS.0\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS.0\rasqervy.dll (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS.0\sdfinacs.dll (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS.0\sdfixwcs.dll (Malware.Trace) -> Quarantined and deleted successfully.

Aktueller OTL Scan:

Code:

OTL logfile created on: 11.10.2010 20:05:36 - Run 2

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s):  [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme

Drive C: | 18,03 Gb Total Space | 1,51 Gb Free Space | 8,35% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 214,85 Gb Total Space | 47,22 Gb Free Space | 21,98% Space Free | Partition Type: NTFS

Drive G: | 699,20 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PEPPI

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)

PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Emsisoft Anti-Malware\a2start.exe (Emsi Software GmbH)

PRC - C:\Programme\Emsisoft Anti-Malware\a2guard.exe (Emsi Software GmbH)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

PRC - C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

PRC - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Programme\Emsisoft Anti-Malware\a2hooks32.dll (Emsi Software GmbH)

MOD - C:\WINDOWS.0\system32\framedyn.dll (Microsoft Corporation)

MOD - C:\WINDOWS.0\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

MOD - C:\WINDOWS.0\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS.0\System32\hidserv.dll File not found

SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsi Software GmbH)

SRV - (EhttpSrv) -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)

SRV - (ekrn) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsi Software GmbH)

DRV - (a2injectiondriver) -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys (Emsi Software GmbH)

DRV - (a2util) -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)

DRV - (epfwtdir) -- C:\WINDOWS.0\system32\drivers\epfwtdir.sys (ESET)

DRV - (ehdrv) -- C:\WINDOWS.0\system32\drivers\ehdrv.sys (ESET)

DRV - (eamon) -- C:\WINDOWS.0\system32\drivers\eamon.sys (ESET)

DRV - (ssmdrv) -- C:\WINDOWS.0\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (ati2mtag) -- C:\WINDOWS.0\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (ATIAVAIW) -- C:\WINDOWS.0\system32\drivers\atinavt2.sys (ATI Technologies Inc.)

DRV - (se44unic) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM) -- C:\WINDOWS.0\system32\drivers\se44unic.sys (MCCI)

DRV - (se44obex) -- C:\WINDOWS.0\system32\drivers\se44obex.sys (MCCI)

DRV - (se44nd5) Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS) -- C:\WINDOWS.0\system32\drivers\se44nd5.sys (MCCI)

DRV - (se44mgmt) Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS.0\system32\drivers\se44mgmt.sys (MCCI)

DRV - (se44mdm) -- C:\WINDOWS.0\system32\drivers\se44mdm.sys (MCCI)

DRV - (se44mdfl) -- C:\WINDOWS.0\system32\drivers\se44mdfl.sys (MCCI)

DRV - (se44bus) Sony Ericsson Device 068 driver (WDM) -- C:\WINDOWS.0\system32\drivers\se44bus.sys (MCCI)

DRV - (ASCTRM) -- C:\WINDOWS.0\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)

DRV - (StarOpen) -- C:\WINDOWS.0\System32\drivers\StarOpen.sys ()

DRV - (AmdK8) -- C:\WINDOWS.0\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (nvata) -- C:\WINDOWS.0\system32\DRIVERS\nvata.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS.0\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS.0\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (k750obex) -- C:\WINDOWS.0\system32\drivers\k750obex.sys (MCCI)

DRV - (k750mgmt) -- C:\WINDOWS.0\system32\drivers\k750mgmt.sys (MCCI)

DRV - (k750mdm) -- C:\WINDOWS.0\system32\drivers\k750mdm.sys (MCCI)

DRV - (k750mdfl) -- C:\WINDOWS.0\system32\drivers\k750mdfl.sys (MCCI)

DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\WINDOWS.0\system32\drivers\k750bus.sys (MCCI)

DRV - (xnacc) -- C:\WINDOWS.0\system32\drivers\xnacc.sys (Microsoft Corporation)

DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS.0\system32\drivers\nvapu.sys (NVIDIA Corporation)

DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS.0\system32\drivers\nvax.sys (NVIDIA Corporation)

DRV - (yukonwxp) -- C:\WINDOWS.0\system32\drivers\yk51x86.sys (Marvell)

DRV - (MPE) -- C:\WINDOWS.0\system32\drivers\MPE.sys (Microsoft Corporation)

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS.0\system32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (irsir) -- C:\WINDOWS.0\system32\drivers\irsir.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS.0\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.update: false

FF - prefs.js..browser.startup.homepage: "hxxp://www.2minman.com/"

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2

FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.41

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - prefs.js..network.proxy.type: 0

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.18 12:43:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.09.18 12:43:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.10.10 18:46:42 | 000,000,000 | ---D | M]

 

[2008.09.07 19:00:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions

[2010.10.10 20:35:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\extensions

[2010.04.30 22:59:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2010.04.09 18:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}

[2010.10.10 20:35:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}

[2009.08.13 19:04:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\searchplugins\icqplugin-1.xml

[2008.12.17 17:37:38 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\searchplugins\icqplugin-2.xml

[2009.02.05 21:45:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\searchplugins\icqplugin-3.xml

[2009.03.06 19:08:41 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\searchplugins\icqplugin-4.xml

[2009.03.29 22:56:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\searchplugins\icqplugin-5.xml

[2010.02.09 23:33:02 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\searchplugins\icqplugin-6.xml

[2009.07.13 18:12:02 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\u4umcn4p.default\searchplugins\icqplugin.xml

[2010.10.10 20:35:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions

[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll

[2010.08.25 23:16:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.08.25 23:16:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.08.25 23:16:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.08.25 23:16:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.08.25 23:16:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.02.14 22:50:27 | 000,378,533 | R--- | M]) - C:\WINDOWS.0\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1    www.007guard.com

O1 - Hosts: 127.0.0.1    007guard.com

O1 - Hosts: 127.0.0.1    008i.com

O1 - Hosts: 127.0.0.1    www.008k.com

O1 - Hosts: 127.0.0.1    008k.com

O1 - Hosts: 127.0.0.1    www.00hq.com

O1 - Hosts: 127.0.0.1    00hq.com

O1 - Hosts: 127.0.0.1    010402.com

O1 - Hosts: 127.0.0.1    www.032439.com

O1 - Hosts: 127.0.0.1    032439.com

O1 - Hosts: 127.0.0.1    www.0scan.com

O1 - Hosts: 127.0.0.1    0scan.com

O1 - Hosts: 127.0.0.1    www.1000gratisproben.com

O1 - Hosts: 127.0.0.1    1000gratisproben.com

O1 - Hosts: 127.0.0.1    www.1001namen.com

O1 - Hosts: 127.0.0.1    1001namen.com

O1 - Hosts: 127.0.0.1    www.100888290cs.com

O1 - Hosts: 127.0.0.1    100888290cs.com

O1 - Hosts: 127.0.0.1    10sek.com

O1 - Hosts: 127.0.0.1    www.10sek.com

O1 - Hosts: 127.0.0.1    1-2005-search.com

O1 - Hosts: 127.0.0.1    www.1-2005-search.com

O1 - Hosts: 13042 more lines...

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll File not found

O4 - HKLM..\Run: [a-squared] C:\PROGRAMME\EMSISOFT ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)

O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS.0\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS.0\System32\ati2evxx.dll (ATI Technologies Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.07.17 13:23:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{6a286d2e-b075-11dc-8b96-000129fb20d8}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O36 - AppCertDlls: lighices - (C:\WINDOWS.0\system32\DivXINST.dll) - C:\WINDOWS.0\System32\DivXINST.dll File not found

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.12.03 20:34:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Fotos Sofia

[2010.12.03 02:47:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\{9DF687E7-381C-4882-A05F-4ADF1DD53394}

[2010.12.03 02:47:31 | 000,466,944 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS.0\System32\CapabilityTable.exe

[2010.12.03 02:46:56 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS.0\System32\nvunrm.exe

[2010.12.03 02:46:56 | 000,101,888 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS.0\System32\drivers\nvtcp.sys

[2010.12.03 02:37:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InstallShield

[2010.12.03 02:37:45 | 000,000,000 | ---D | C] -- C:\SWSetup

[2010.12.03 02:19:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software

[2010.12.03 01:56:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads

[2010.12.01 00:58:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GlarySoft

[2010.12.01 00:57:22 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent

[2010.10.11 20:02:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\OSam

[2010.10.11 19:45:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Office

[2010.10.11 18:54:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ESET

[2010.10.10 20:50:00 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware

[2010.10.10 20:50:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Anti-Malware

[2010.10.10 18:55:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbamswissarmy.sys

[2010.10.10 18:55:26 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS.0\System32\drivers\mbam.sys

[2010.10.10 18:55:26 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2010.10.10 18:46:42 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2010.10.10 18:46:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\ESET

[2010.10.10 12:27:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\WinZip

[2010.10.10 12:27:10 | 000,000,000 | ---D | C] -- C:\Programme\WinZip

[2010.10.10 11:53:06 | 000,000,000 | ---D | C] -- C:\_OTL

[2010.10.09 23:39:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Backup

[2010.10.09 23:37:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Panda Security

[2010.10.09 21:36:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\SUPERAntiSpyware.com

[2010.10.09 21:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes

[2010.10.09 19:58:45 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security

[2010.10.09 19:52:34 | 000,000,000 | ---D | C] -- C:\Programme\HiJack

[2010.10.06 17:33:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Meine Scans

[2010.10.04 11:05:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\vlc

[2010.09.29 19:50:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\U3

[2010.09.29 19:49:53 | 000,000,000 | ---D | C] -- C:\WINDOWS.0\System32\NtmsData

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.12.03 02:13:01 | 003,932,214 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenannt.bmp

[2010.10.11 18:09:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS.0\tasks\SA.DAT

[2010.10.11 18:09:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS.0\bootstat.dat

[2010.10.11 00:15:11 | 010,485,760 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat

[2010.10.11 00:15:11 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini

[2010.10.10 20:50:24 | 000,000,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\AntiMalware.lnk

[2010.10.10 20:12:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS.0\NeroDigital.ini

[2010.10.10 20:12:33 | 000,139,264 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.10.10 18:55:29 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.10 12:47:48 | 000,008,627 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\PAV_FOG.OPC

[2010.10.10 12:27:17 | 000,001,701 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\WinZip.lnk

[2010.10.09 23:43:55 | 000,000,665 | ---- | M] () -- C:\WINDOWS.0\win.ini

[2010.10.09 23:43:52 | 000,008,627 | ---- | M] () -- C:\WINDOWS.0\System32\PAV_FOG.OPC

[2010.10.08 01:59:22 | 001,577,476 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\IconCache.db

[2010.10.07 21:46:05 | 000,000,010 | ---- | M] () -- C:\WINDOWS.0\popcinfo.dat

[2010.10.07 21:41:27 | 000,000,492 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\spider.sav

[2010.10.07 19:35:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS.0\System32\wpa.dbl

[2010.10.04 11:00:45 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\VLC media player.lnk

[2010.10.03 15:51:47 | 001,042,054 | ---- | M] () -- C:\WINDOWS.0\System32\PerfStringBackup.INI

[2010.10.03 15:51:47 | 000,448,470 | ---- | M] () -- C:\WINDOWS.0\System32\perfh007.dat

[2010.10.03 15:51:47 | 000,432,356 | ---- | M] () -- C:\WINDOWS.0\System32\perfh009.dat

[2010.10.03 15:51:47 | 000,079,910 | ---- | M] () -- C:\WINDOWS.0\System32\perfc007.dat

[2010.10.03 15:51:47 | 000,067,312 | ---- | M] () -- C:\WINDOWS.0\System32\perfc009.dat

 
 ========== Files Created - No Company Name ==========

 

[2010.12.03 02:46:56 | 000,003,903 | ---- | C] () -- C:\WINDOWS.0\System32\nvnrm.nvu

[2010.12.03 02:13:00 | 003,932,214 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Unbenannt.bmp

[2010.10.10 20:50:24 | 000,000,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\AntiMalware.lnk

[2010.10.10 18:55:29 | 000,000,679 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.10 12:27:17 | 000,001,701 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\WinZip.lnk

[2010.10.09 23:45:55 | 000,008,627 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\PAV_FOG.OPC

[2010.10.09 23:43:52 | 000,008,627 | ---- | C] () -- C:\WINDOWS.0\System32\PAV_FOG.OPC

[2010.10.07 21:41:27 | 000,000,492 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\spider.sav

[2010.10.04 11:00:45 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Desktop\VLC media player.lnk

[2010.02.26 01:11:35 | 000,000,078 | ---- | C] () -- C:\WINDOWS.0\wiso.ini

[2009.12.16 20:17:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS.0\vpc32.INI

[2009.06.10 20:37:15 | 000,237,568 | ---- | C] () -- C:\WINDOWS.0\System32\lame_enc.dll

[2009.05.31 20:08:10 | 000,027,648 | ---- | C] () -- C:\WINDOWS.0\System32\AVSredirect.dll

[2008.10.20 18:07:30 | 000,000,032 | ---- | C] () -- C:\WINDOWS.0\CD_Start.INI

[2008.09.27 11:43:37 | 000,022,328 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\PnkBstrK.sys

[2008.09.27 11:43:09 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PnkBstrK.sys

[2008.09.27 11:42:16 | 000,000,279 | ---- | C] () -- C:\WINDOWS.0\game.ini

[2008.06.11 02:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS.0\System32\qt-dx331.dll

[2008.06.11 02:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS.0\System32\dtu100.dll.manifest

[2008.06.11 02:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS.0\System32\dpl100.dll.manifest

[2008.06.05 17:44:18 | 000,000,151 | ---- | C] () -- C:\WINDOWS.0\PhotoSnapViewer.INI

[2008.05.31 10:47:44 | 000,000,004 | ---- | C] () -- C:\WINDOWS.0\msoffice.ini

[2008.05.23 00:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS.0\System32\DivXWMPExtType.dll

[2008.03.08 19:55:12 | 000,005,615 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\hpzinstall.log

[2007.12.22 14:11:37 | 000,000,010 | ---- | C] () -- C:\WINDOWS.0\WININIT.INI

[2007.11.27 23:35:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\LauncherAccess.dt

[2007.11.27 23:34:27 | 000,005,632 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\StarOpen.sys

[2007.11.06 20:57:42 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\NMM-MetaData.db

[2007.06.21 17:24:13 | 000,010,752 | ---- | C] () -- C:\WINDOWS.0\System32\BASSMOD.dll

[2007.03.29 20:09:09 | 000,000,071 | ---- | C] () -- C:\WINDOWS.0\pex.INI

[2007.03.29 19:53:32 | 000,000,147 | ---- | C] () -- C:\WINDOWS.0\Ulead32.ini

[2006.11.27 00:47:57 | 000,000,116 | ---- | C] () -- C:\WINDOWS.0\NeroDigital.ini

[2006.11.27 00:47:55 | 000,139,264 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006.11.27 00:37:46 | 000,000,406 | ---- | C] () -- C:\WINDOWS.0\ODBC.INI

[2006.11.26 23:14:16 | 000,000,140 | ---- | C] () -- C:\WINDOWS.0\winamp.ini

[2006.07.17 13:48:58 | 000,185,856 | ---- | C] () -- C:\WINDOWS.0\System32\PsisDecd.dll

[2004.11.11 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS.0\System32\drivers\secdrv.sys

[2004.09.05 09:59:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS.0\System32\xvidvfw.dll

[2004.09.05 09:58:04 | 000,679,936 | ---- | C] () -- C:\WINDOWS.0\System32\xvidcore.dll

 
 ========== LOP Check ==========

 

[2007.11.06 20:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Datalayer

[2010.12.01 00:58:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GlarySoft

[2010.12.03 12:52:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ

[2006.11.26 23:14:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQLite

[2007.07.21 15:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Leadertech

[2008.03.13 18:22:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MSNInstaller

[2007.08.30 18:43:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia

[2007.11.06 20:57:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Nokia Multimedia Player

[2007.08.30 18:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PC Suite

[2009.03.19 02:42:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Samsung

[2008.01.19 21:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Teleca

[2008.12.04 04:37:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\temp

[2010.12.03 02:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software

[2007.03.29 20:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ulead Systems

[2007.10.22 20:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zylom

[2010.10.09 23:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Backup

[2010.02.26 01:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Buhl Data Service GmbH

[2010.02.09 23:33:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Downloaded Installations

[2010.10.10 18:46:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\ESET

[2010.02.23 18:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\ICQ

[2009.12.20 20:05:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Innovative Solutions

[2010.10.10 18:15:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Panda Security

[2007.08.30 18:40:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\PC Suite

[2008.01.19 21:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Teleca

[2009.06.10 20:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\TEMP

[2009.12.20 21:48:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\TuneUp Software

[2007.07.21 15:03:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Ulead Systems

[2006.11.26 23:56:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Viewpoint

[2010.10.10 12:27:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\WinZip

[2007.10.22 20:09:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\Zylom

[2010.12.03 02:18:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}

[2009.12.16 02:01:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

 
 ========== Purity Check ==========

 

 

< End of report >

OTL Extras

Code:

OTL Extras logfile created on: 11.10.2010 20:05:36 - Run 2

OTL by OldTimer - Version 3.2.14.1     Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.2180)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free

2,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free

Paging file location(s):  [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS.0 | %ProgramFiles% = C:\Programme

Drive C: | 18,03 Gb Total Space | 1,51 Gb Free Space | 8,35% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 214,85 Gb Total Space | 47,22 Gb Free Space | 21,98% Space Free | Partition Type: NTFS

Drive G: | 699,20 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: PEPPI

Current User Name: Administrator

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 1

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

"DisableMonitoring" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\AOL 9.0a\waol.exe" = C:\Programme\AOL 9.0a\waol.exe:*:Enabled:AOL -- File not found

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLAcsd.exe:*:Enabled:AOL -- File not found

"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found

"C:\Programme\HP\Digital Imaging\bin\hpqpse.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found

"C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Programme\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found

"C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe" = C:\Programme\Gemeinsame Dateien\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)

"C:\Programme\Steam\steamapps\electr0\counter-strike\hl.exe" = C:\Programme\Steam\steamapps\electr0\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc

"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status

"{02C23509-87A8-4CFA-B6B9-713A078404AA}" = ESET NOD32 Antivirus

"{0305052F-141B-FCEC-62B2-FB5668E7933E}" = Catalyst Control Center Graphics Full New

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center

"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch

"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{19754346-BF3D-F1FC-9AF3-B84C216E93D7}" = Catalyst Control Center Graphics Full Existing

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17

"{296554E6-A322-EEC8-2185-DF6E624CA990}" = Skins

"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg

"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{32A3A4F4-B792-11D6-A78A-00B0D0160210}" = Java(TM) SE Development Kit 6 Update 21

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant

"{39F55A85-B356-64D7-F2BC-1E6C70A73FB8}" = CCC Help English

"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing

"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010

"{4908C75E-E5E2-43F7-B1DF-023CBA831031}" = Nero 7

"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{771221C5-FD0B-1197-355C-B2AFAA860483}" = ccc-core-preinstall

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder

"{882EE1CB-C2FB-657F-AA98-7DC91FC72447}" = Catalyst Control Center Core Implementation

"{89D2879E-F327-3B5F-F7C6-6E107C816671}" = ccc-utility

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp

"{A036E231-5A03-4d63-94F6-7864CC77EC48}" = PS_AIO_ProductContext

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch

"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant

"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan

"{B040FEFE-B45F-4e30-B3C6-035F53F544A9}" = c4200_Help

"{B22C19AE-6A67-4f28-B541-5AE72FB17A25}" = HP Photosmart All-In-One Software 9.0

"{B9F3A6E6-9C77-4535-9ED9-B16C1EBDFEC2}" = C4200

"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU

"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU

"{C4B7FD4E-6AFD-AE07-FB7E-B9AB9B39232E}" = ccc-core-static

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component

"{D13D0C87-46BA-E646-BC40-C7B0D305A75F}" = Catalyst Control Center Graphics Previews Common

"{D719E8F1-6931-40b4-AC0B-5FE2C097F995}" = C4200_doccd

"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer

"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm

"{E39A3770-3DDE-404c-B91F-3522947874A3}" = PS_AIO_Software_min

"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox

"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery

"{F40F05BE-47BB-72E2-4064-078B69F39BDA}" = Catalyst Control Center Graphics Light

"{FA4FA322-5C90-4d2b-A019-9E588273DED5}" = PS_AIO_Software

"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite

"ActiveScan 2.0" = Panda ActiveScan 2.0

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player

"All ATI Software" = ATI - Software Uninstall Utility

"AOL Toolbar 4.0" = 

"ATI Display Driver" = ATI Display Driver

"Azureus" = Azureus

"DMX5_is1" = DriverMax 5

"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0

"HP Imaging Device Functions" = HP Imaging Device Functions 9.0

"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0

"HPExtendedCapabilities" = HP Customer Participation Program 9.0

"HPOCR" = HP OCR Software 9.0

"IsoBuster_is1" = IsoBuster 1.9

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)

"NVIDIA Drivers" = NVIDIA Drivers

"PokerStars" = PokerStars

"PokerStars.net" = PokerStars.net

"QuickTime" = QuickTime

"RealPlayer 6.0" = RealPlayer Basic

"Steam App 10" = Counter-Strike

"ViewpointMediaPlayer" = Viewpoint Media Player

"VLC media player" = VLC media player 1.1.4

"WIC" = Windows Imaging Component

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR archiver

"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"XviD_is1" = XviD MPEG-4 Video Codec

"Zuma Deluxe RA" = Zuma Deluxe RA

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Warcraft III" = Warcraft III: All Products

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 11.07.2010 05:22:10 | Computer Name = PEPPI | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 11.07.2010 05:22:10 | Computer Name = PEPPI | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 14.08.2010 09:12:38 | Computer Name = PEPPI | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 14.08.2010 09:12:38 | Computer Name = PEPPI | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 

nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel

 in der signierten Datei.  .

 

Error - 14.08.2010 09:57:23 | Computer Name = PEPPI | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung OUTLOOK.EXE, Version 10.0.2616.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 10.09.2010 12:26:42 | Computer Name = PEPPI | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger

 zur Verfügung.  .

 

Error - 10.09.2010 12:26:43 | Computer Name = PEPPI | Source = crypt32 | ID = 131083

Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen

 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 ist fehlgeschlagen mit dem Fehler: Es steht nicht genug Speicherplatz auf dem Datenträger

 zur Verfügung.  .

 

Error - 02.12.2010 20:29:32 | Computer Name = PEPPI | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3909, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 03.12.2010 08:56:23 | Computer Name = PEPPI | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung Zuma.exe, Version 1.0.0.1, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 10.10.2010 12:44:29 | Computer Name = PEPPI | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung IEXPLORE.EXE, Version 6.0.2900.2180, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 10.10.2010 07:57:04 | Computer Name = PEPPI | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 10.10.2010 08:09:05 | Computer Name = PEPPI | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 10.10.2010 10:18:45 | Computer Name = PEPPI | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 10.10.2010 12:11:21 | Computer Name = PEPPI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 10.10.2010 12:44:55 | Computer Name = PEPPI | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 10.10.2010 12:45:26 | Computer Name = PEPPI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 10.10.2010 12:52:00 | Computer Name = PEPPI | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 10.10.2010 12:52:39 | Computer Name = PEPPI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

Error - 11.10.2010 12:10:40 | Computer Name = PEPPI | Source = Service Control Manager | ID = 7022

Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß

 gestartet.

 

Error - 11.10.2010 12:10:57 | Computer Name = PEPPI | Source = DCOM | ID = 10005

Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"

 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}

 

[ TuneUp Events ]

Error - 10.12.2009 15:27:00 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 10.12.2009 15:28:34 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 10.12.2009 15:43:12 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 10.12.2009 15:50:02 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 10.12.2009 15:57:58 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 10.12.2009 16:39:19 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 10.12.2009 17:13:59 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 11.12.2009 13:15:13 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 15.12.2009 12:32:15 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

Error - 15.12.2009 19:48:01 | Computer Name = PEPPI | Source = TuneUp Program Statistics | ID = 131840

Description = 

 

 

< End of report >

OSAM

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 18:25:27 on 13.10.2010
 

OS: Windows XP Professional Service Pack 2 (Build 2600)

Default Browser: Microsoft Corporation Internet Explorer 6.00.2900.2180
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS.0\system32\infocardcpl.cpl

"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS.0\system32\javacpl.cpl

"prefscpl.cpl" - "RealNetworks, Inc." - C:\WINDOWS.0\system32\prefscpl.cpl

"QuickTime.cpl" - "Apple Computer, Inc." - C:\WINDOWS.0\system32\QuickTime.cpl

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"ECSEPM" - "Sony Ericsson Mobile Communications AB" - C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl

"Nero BurnRights" - "Nero AG" - C:\Programme\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl

"PavCPL" - ? - C:\WINDOWS.0\system32\pavcpl.cpl  (File not found)
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"ASCTRM" (ASCTRM) - "Windows (R) 2000 DDK provider" - C:\WINDOWS.0\system32\drivers\ASCTRM.sys

"catchme" (catchme) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\catchme.sys  (File not found)

"Changer" (Changer) - ? - C:\WINDOWS.0\system32\drivers\Changer.sys  (File not found)

"eamon" (eamon) - "ESET" - C:\WINDOWS.0\System32\DRIVERS\eamon.sys

"ehdrv" (ehdrv) - "ESET" - C:\WINDOWS.0\System32\DRIVERS\ehdrv.sys

"epfwtdir" (epfwtdir) - "ESET" - C:\WINDOWS.0\System32\DRIVERS\epfwtdir.sys

"i2omgmt" (i2omgmt) - ? - C:\WINDOWS.0\system32\drivers\i2omgmt.sys  (File not found)

"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS.0\system32\drivers\lbrtfdc.sys  (File not found)

"NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller" (yukonwxp) - "Marvell" - C:\WINDOWS.0\System32\DRIVERS\yk51x86.sys

"PCIDump" (PCIDump) - ? - C:\WINDOWS.0\system32\drivers\PCIDump.sys  (File not found)

"PDCOMP" (PDCOMP) - ? - C:\WINDOWS.0\system32\drivers\PDCOMP.sys  (File not found)

"PDFRAME" (PDFRAME) - ? - C:\WINDOWS.0\system32\drivers\PDFRAME.sys  (File not found)

"PDRELI" (PDRELI) - ? - C:\WINDOWS.0\system32\drivers\PDRELI.sys  (File not found)

"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS.0\system32\drivers\PDRFRAME.sys  (File not found)

"pgtdapow" (pgtdapow) - ? - C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pgtdapow.sys  (Hidden registry entry, rootkit activity | File not found)

"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\WINDOWS.0\System32\Drivers\PxHelp20.sys

"Secdrv" (Secdrv) - ? - C:\WINDOWS.0\System32\DRIVERS\secdrv.sys  (File signed by Microsoft | File found, but it contains no detailed information)

"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\WINDOWS.0\System32\DRIVERS\ssmdrv.sys

"StarOpen" (StarOpen) - ? - C:\WINDOWS.0\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)

"WDICA" (WDICA) - ? - C:\WINDOWS.0\system32\drivers\WDICA.sys  (File not found)
 

[Explorer]

-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----

{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS.0\system32\Rundll32.exe C:\WINDOWS.0\system32\mscories.dll,Install

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{7D4D6379-F301-4311-BEBA-E26EB0561882} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS.0\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS.0\system32\mscoree.dll

{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS.0\system32\mscoree.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBCOM~1\10\OWC10.DLL

{CD00020A-8B95-11D1-82DB-00C04FB1625D} "Microsoft PKM KnowledgePluggable Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)

{2C49B5D0-ACE7-4D17-9DF0-A254A6C5A0C5} "dBpoweramp Music Converter" - ? -   (File not found | COM-object registry key not found)

{B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\shellExt.dll

{72923739-5A47-40A3-9895-25AF0DFBB9E4} "Glary Utilities Context Menu Shell Extension" - ? -   (File not found | COM-object registry key not found)

{73B24247-042E-4EF5-ADC2-42F62E6FD654} "ICQ Lite Shell Extension" - ? -   (File not found | COM-object registry key not found)

{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office11\msohev.dll

{B327765E-D724-4347-8B16-78AE18552FC3} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{7F1CF152-04F8-453A-B34C-E609530A9DC8} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroDigitalExt.dll

{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL

{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "PhoneBrowser" - ? -   (File not found | COM-object registry key not found)

{1AC06E4B-5A0A-4B62-B24A-F48389402CCE} "PowerLame" - ? -   (File not found | COM-object registry key not found)

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS.0\system32\dfshim.dll

{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)

{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS.0\system32\dfshim.dll

{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll

{03DAACC5-10BA-4E3E-9D54-2A569F6B4B87} "Sony Ericsson File Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Sony Ericsson File Manager" - "Popwire AB" - C:\Programme\Sony Ericsson\Mobile2\File Manager\FM.dll

{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll  (File found, but it contains no detailed information)
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)

<binary data> "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -   (File not found | COM-object registry key not found)

<binary data> "{855F3B16-6D32-4FE6-8A56-BBB695989046}" - ? -   (File not found | COM-object registry key not found)

<binary data> "{DE9C389F-3316-41A7-809B-AA305ED9D922}" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\WINDOWS.0\system32\Macromed\Flash\Flash9d.ocx / hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} "{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" - ? -   (File not found | COM-object registry key not found) / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
 

[Logon]

-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users.WINDOWS.0\Startmenü\Programme\Autostart\desktop.ini

-----( %UserProfile%\Startmenü\Programme\Autostart )-----

"desktop.ini" - ? - C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\desktop.ini

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"egui" - "ESET" - "C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe

"ESET HTTP Server" (EhttpSrv) - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

"ESET Service" (ekrn) - "ESET" - C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll

"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe

"Java Quick Starter" (JavaQuickStarterService) - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\jqs.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS.0\system32\HPZinw12.dll

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\WINDOWS.0\system32\HPZipm12.dll

"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS.0\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
 

[Winlogon]

-----( HKCU\Control Panel\IOProcs )-----

"MVB" - ? - mvfs32.dll  (File not found)
 

===[ Logfile end ]=========================================[ Logfile end ]===
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

MBRFIX

Code:

MBRCheck, version 1.2.3

(c) 2010, AD
 

Command-line:            

Windows Version:        Windows XP Professional

Windows Information:        Service Pack 2 (build 2600)

Logical Drives Mask:        0x000001ed
 

Kernel Drivers (total 130):

  0x804D7000 \WINDOWS.0\system32\ntkrnlpa.exe

  0x806CF000 \WINDOWS.0\system32\hal.dll

  0xBA5A8000 \WINDOWS.0\system32\KDCOM.DLL

  0xBA4B8000 \WINDOWS.0\system32\BOOTVID.dll

  0xB9F78000 ACPI.sys

  0xBA5AA000 \WINDOWS.0\system32\DRIVERS\WMILIB.SYS

  0xB9F67000 pci.sys

  0xBA0A8000 isapnp.sys

  0xBA0B8000 ohci1394.sys

  0xBA0C8000 \WINDOWS.0\system32\DRIVERS\1394BUS.SYS

  0xBA670000 pciide.sys

  0xBA328000 \WINDOWS.0\system32\DRIVERS\PCIIDEX.SYS

  0xBA0D8000 MountMgr.sys

  0xB9F48000 ftdisk.sys

  0xBA5AC000 dmload.sys

  0xB9F22000 dmio.sys

  0xBA330000 PartMgr.sys

  0xBA0E8000 VolSnap.sys

  0xB9F0A000 atapi.sys

  0xB9EF1000 nvata.sys

  0xBA0F8000 disk.sys

  0xBA108000 \WINDOWS.0\system32\DRIVERS\CLASSPNP.SYS

  0xB9ED2000 fltMgr.sys

  0xB9EC0000 sr.sys

  0xBA118000 PxHelp20.sys

  0xB9EA9000 KSecDD.sys

  0xB9E1C000 Ntfs.sys

  0xB9DEF000 NDIS.sys

  0xB9DD4000 Mup.sys

  0xBA188000 \SystemRoot\system32\DRIVERS\nic1394.sys

  0xB8C16000 \SystemRoot\system32\DRIVERS\AmdK8.sys

  0xBA360000 \SystemRoot\system32\DRIVERS\usbohci.sys

  0xB85BD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

  0xBA368000 \SystemRoot\system32\DRIVERS\usbehci.sys

  0xB8C06000 \SystemRoot\system32\drivers\nvax.sys

  0xB8A15000 \SystemRoot\system32\DRIVERS\imapi.sys

  0xB8A05000 \SystemRoot\system32\DRIVERS\cdrom.sys

  0xB89F5000 \SystemRoot\system32\DRIVERS\redbook.sys

  0xB859A000 \SystemRoot\system32\DRIVERS\ks.sys

  0xBA554000 \SystemRoot\system32\DRIVERS\nvnetbus.sys

  0xB854F000 \SystemRoot\system32\DRIVERS\NVNRM.SYS

  0xB8518000 \SystemRoot\system32\DRIVERS\NVSNPU.SYS

  0xB822D000 \SystemRoot\system32\DRIVERS\ati2mtag.sys

  0xB8219000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

  0xBA370000 \SystemRoot\system32\DRIVERS\fdc.sys

  0xB8208000 \SystemRoot\system32\DRIVERS\serial.sys

  0xBA558000 \SystemRoot\system32\DRIVERS\serenum.sys

  0xBA378000 \SystemRoot\system32\DRIVERS\irsir.sys

  0xBA55C000 \SystemRoot\system32\DRIVERS\irenum.sys

  0xB89E5000 \SystemRoot\system32\DRIVERS\i8042prt.sys

  0xBA380000 \SystemRoot\system32\DRIVERS\mouclass.sys

  0xBA388000 \SystemRoot\system32\DRIVERS\kbdclass.sys

  0xB861E000 \SystemRoot\system32\DRIVERS\audstub.sys

  0xBA390000 \SystemRoot\system32\DRIVERS\rasirda.sys

  0xBA398000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0xB89D5000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

  0xBA568000 \SystemRoot\system32\DRIVERS\ndistapi.sys

  0xB81F1000 \SystemRoot\system32\DRIVERS\ndiswan.sys

  0xB89C5000 \SystemRoot\system32\DRIVERS\raspppoe.sys

  0xB89B5000 \SystemRoot\system32\DRIVERS\raspptp.sys

  0xB81E0000 \SystemRoot\system32\DRIVERS\psched.sys

  0xB89A5000 \SystemRoot\system32\DRIVERS\msgpc.sys

  0xBA3A0000 \SystemRoot\system32\DRIVERS\ptilink.sys

  0xBA3A8000 \SystemRoot\system32\DRIVERS\raspti.sys

  0xB81AF000 \SystemRoot\system32\DRIVERS\rdpdr.sys

  0xB8995000 \SystemRoot\system32\DRIVERS\termdd.sys

  0xB87ED000 \SystemRoot\system32\DRIVERS\swenum.sys

  0xB817B000 \SystemRoot\system32\DRIVERS\update.sys

  0xB8AAE000 \SystemRoot\system32\DRIVERS\mssmbios.sys

  0xB8985000 \SystemRoot\System32\Drivers\NDProxy.SYS

  0xB8709000 \SystemRoot\system32\DRIVERS\usbhub.sys

  0xB87EB000 \SystemRoot\system32\DRIVERS\USBD.SYS

  0xB80C0000 \SystemRoot\system32\drivers\nvapu.sys

  0xB809C000 \SystemRoot\system32\drivers\portcls.sys

  0xB86F9000 \SystemRoot\system32\drivers\drmk.sys

  0xB7FBA000 \SystemRoot\system32\drivers\nvmcp.sys

  0xB7FA9000 \SystemRoot\system32\drivers\nvarm.sys

  0xB86A9000 \SystemRoot\system32\DRIVERS\NVENETFD.sys

  0xB8783000 \SystemRoot\system32\DRIVERS\flpydisk.sys

  0xB87E1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

  0xBA6FC000 \SystemRoot\System32\Drivers\Null.SYS

  0xB87D5000 \SystemRoot\System32\Drivers\Beep.SYS

  0xABEAB000 \SystemRoot\system32\DRIVERS\ehdrv.sys

  0xB8773000 \SystemRoot\System32\drivers\vga.sys

  0xB87D3000 \SystemRoot\System32\Drivers\mnmdd.SYS

  0xB87D1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

  0xB876B000 \SystemRoot\System32\Drivers\Msfs.SYS

  0xB8763000 \SystemRoot\System32\Drivers\Npfs.SYS

  0xBA59C000 \SystemRoot\system32\DRIVERS\rasacd.sys

  0xABE78000 \SystemRoot\system32\DRIVERS\ipsec.sys

  0xABE20000 \SystemRoot\system32\DRIVERS\tcpip.sys

  0xABDF8000 \SystemRoot\system32\DRIVERS\netbt.sys

  0xABDE0000 \SystemRoot\system32\DRIVERS\epfwtdir.sys

  0xABDBE000 \SystemRoot\System32\drivers\afd.sys

  0xB94C7000 \SystemRoot\system32\DRIVERS\netbios.sys

  0xB875B000 \SystemRoot\System32\Drivers\StarOpen.SYS

  0xB8753000 \SystemRoot\system32\DRIVERS\ssmdrv.sys

  0xABD92000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0xABD23000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0xB94A7000 \SystemRoot\System32\Drivers\Fips.SYS

  0xABD02000 \SystemRoot\system32\DRIVERS\ipnat.sys

  0xB9497000 \SystemRoot\system32\DRIVERS\wanarp.sys

  0xB9487000 \SystemRoot\system32\DRIVERS\arp1394.sys

  0xBA3F8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

  0xBF800000 \SystemRoot\System32\win32k.sys

  0xABCEA000 \SystemRoot\System32\drivers\Dxapi.sys

  0xB8793000 \SystemRoot\System32\watchdog.sys

  0xBF000000 \SystemRoot\System32\drivers\dxg.sys

  0xBA6EC000 \SystemRoot\System32\drivers\dxgthk.sys

  0xABCB0000 \SystemRoot\system32\DRIVERS\atinavt2.sys

  0xB8157000 \SystemRoot\system32\DRIVERS\BdaSup.SYS

  0xBF012000 \SystemRoot\System32\ati2dvag.dll

  0xBF058000 \SystemRoot\System32\ati2cqag.dll

  0xBF0D2000 \SystemRoot\System32\atikvmag.dll

  0xBF140000 \SystemRoot\System32\atiok3x2.dll

  0xBF170000 \SystemRoot\System32\ati3duag.dll

  0xBF478000 \SystemRoot\System32\ativvaxx.dll

  0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

  0xA98AE000 \SystemRoot\system32\DRIVERS\eamon.sys

  0xA9848000 \SystemRoot\system32\DRIVERS\irda.sys

  0xB815B000 \SystemRoot\system32\DRIVERS\ndisuio.sys

  0xA9563000 \SystemRoot\system32\drivers\wdmaud.sys

  0xA96E8000 \SystemRoot\system32\drivers\sysaudio.sys

  0xA93CE000 \SystemRoot\System32\Drivers\Cdfs.SYS

  0xB8ACC000 \SystemRoot\System32\Drivers\ASCTRM.SYS

  0xA916F000 \SystemRoot\system32\DRIVERS\srv.sys

  0xA900C000 \SystemRoot\System32\Drivers\Fastfat.SYS

  0xA8DED000 \??\C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pgtdapow.sys

  0xA8450000 \SystemRoot\system32\drivers\kmixer.sys

  0x7C910000 \WINDOWS.0\system32\ntdll.dll
 

Processes (total 28):

       0 System Idle Process

       4 System

     632 C:\WINDOWS.0\system32\smss.exe

     748 csrss.exe

    1040 C:\WINDOWS.0\system32\winlogon.exe

    1120 C:\WINDOWS.0\system32\services.exe

    1132 C:\WINDOWS.0\system32\lsass.exe

    1332 C:\WINDOWS.0\system32\ati2evxx.exe

    1352 C:\WINDOWS.0\system32\svchost.exe

    1404 svchost.exe

    1608 C:\WINDOWS.0\system32\svchost.exe

    1696 svchost.exe

    1756 C:\WINDOWS.0\system32\ati2evxx.exe

    1912 svchost.exe

     304 C:\WINDOWS.0\system32\spoolsv.exe

     664 C:\WINDOWS.0\explorer.exe

     908 C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe

    1224 C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe

    1420 C:\WINDOWS.0\system32\svchost.exe

    1436 C:\Programme\Java\jre6\bin\jqs.exe

    1476 C:\WINDOWS.0\system32\svchost.exe

    1512 C:\WINDOWS.0\system32\svchost.exe

    1564 C:\WINDOWS.0\system32\svchost.exe

    1584 wdfmgr.exe

    3944 alg.exe

    2848 C:\WINDOWS.0\system32\wuauclt.exe

     616 C:\Programme\Mozilla Firefox\firefox.exe

     728 C:\Dokumente und Einstellungen\Administrator\desktop\MBRCheck.exe
 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00  (NTFS)

\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000004`82156400  (NTFS)
 

PhysicalDrive0 Model Number: WDCWD2500KS-00MJB0, Rev: 02.01C03
 

      Size  Device Name          MBR Status

  --------------------------------------------

    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected

            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
 
 

Done!