Trojaner TR Gendal 89101-pc arbeitet sehr langsam,hohe cpu Auslastung

[pc-jedi]

Hi

Ok, dann machen wir das anders:
Schritt 1
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
  Wähle bitte Minimal-Ausgabe
• Mache einen Haken bei Scan alle Benutzer.
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.
  
  
  
• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
  Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

[motschütze]

gl

nach langen rumgemurkse

hab ich est zum laufen bekommen-resultat kein fund-irgend was zu speichen hab ich nicht hinbekommen-

dann hab ich nochmal kaspersky versucht heir der bericht

soll ich das andere auch noch machen???
mfg

Code:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
 Thursday, September 2, 2010
 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
 Kaspersky Online Scanner version: 7.0.26.13
 Last database update: Wednesday, September 01, 2010 15:43:03
 Records in database: 4173897
--------------------------------------------------------------------------------

Scan settings:
	scan using the following database: extended
	Scan archives: yes
	Scan e-mail databases: yes

Scan area - My Computer:
	A:\
	C:\
	D:\
	E:\
	F:\
	G:\
	H:\

Scan statistics:
	Objects scanned: 114691
	Threats found: 1
	Infected objects found: 1
	Suspicious objects found: 0
	Scan duration: 02:16:40


File name / Threat / Threats count
D:\Downloads D\negxviewer_setup.exe	Infected: not-a-virus:AdWare.Win32.Rabio.aat	1

Selected area has been scanned.

[motschütze]

nun die berichte von otl
hatte ich ja aber schon mal wieter oben

Code:

OTL logfile created on: 02.09.2010 09:03:21 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 21,62 Gb Free Space | 44,28% Space Free | Partition Type: NTFS
Drive D: | 136,72 Gb Total Space | 98,33 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 39,94 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive F: | 93,42 Gb Total Space | 25,39 Gb Free Space | 27,18% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,03 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Razer\DeathAdder\razerhid.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\DOKUME~1\rpl\LOKALE~1\Temp\catchme.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (DAdderFltr) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (Alpham1) -- C:\WINDOWS\system32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (Alpham2) -- C:\WINDOWS\system32\drivers\Alpham2.sys (Ideazon Corporation)
DRV - (Alpham) -- C:\WINDOWS\system32\drivers\Alpham.sys (Ideazon Corporation)
DRV - (k600obex) -- C:\WINDOWS\system32\drivers\k600obex.sys (MCCI)
DRV - (k600mgmt) -- C:\WINDOWS\system32\drivers\k600mgmt.sys (MCCI)
DRV - (k600mdm) -- C:\WINDOWS\system32\drivers\k600mdm.sys (MCCI)
DRV - (k600mdfl) -- C:\WINDOWS\system32\drivers\k600mdfl.sys (MCCI)
DRV - (k600bus) Sony Ericsson 600i driver (WDM) -- C:\WINDOWS\system32\drivers\k600bus.sys (MCCI)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (UMSSSTOR) -- C:\WINDOWS\system32\drivers\Umss.SYS (C-Media Corporation)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.26 14:08:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.30 20:11:25 | 000,000,000 | ---D | M]
 
[2009.09.23 10:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Extensions
[2010.09.01 17:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions
[2010.07.01 17:51:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.01 17:51:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 16:26:24 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.18 18:18:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\searchplugins\conduit.xml
[2010.09.01 17:25:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.17 21:24:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.16 20:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.26 14:08:47 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 14:08:47 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.26 14:08:47 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.26 14:08:47 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.26 14:08:47 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.28 23:14:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe ()
O4 - HKLM..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [Standby] C:\Programme\Gemeinsame Dateien\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1957994488-839522115-112850627-1004..\Run: [Steam] d:\prorgamme aktuell\steam.exe (Valve Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274288242890 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 12:02:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.03.16 13:00:26 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.31 18:21:59 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.30 15:00:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.28 23:11:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.08.28 16:14:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.28 16:14:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.28 16:14:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.28 16:14:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.28 16:14:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.28 16:14:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.08.28 16:13:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.27 12:15:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Malwarebytes
[2010.08.27 12:15:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.27 12:15:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.27 12:15:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.27 12:15:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.18 18:02:26 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.18 12:03:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\rpl\Desktop\schreckschußwaffen-Dateien
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.08.17 14:48:38 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.08.17 14:48:37 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.08.17 14:48:36 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.08.17 14:48:34 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.08.17 14:48:34 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.08.17 14:48:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2010.08.17 14:48:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.08.17 14:41:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Download Manager
[2010.08.17 10:02:11 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.16 20:57:31 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.16 20:57:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.16 20:57:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.12 15:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.08.12 15:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.08.12 15:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2010.08.12 15:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.08.12 15:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.08.12 15:37:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.08.12 15:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.31 21:19:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.31 17:08:22 | 006,815,744 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\ntuser.dat
[2010.08.31 10:51:04 | 000,002,516 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.31 10:51:02 | 000,000,088 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\996B88D018.sys
[2010.08.30 20:11:26 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.30 16:54:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.30 16:54:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.30 16:53:53 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\rpl\ntuser.ini
[2010.08.28 23:14:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.28 23:14:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.28 23:11:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.08.28 16:13:25 | 003,830,469 | R--- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\ComboFix.exe
[2010.08.27 15:26:15 | 000,042,641 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010.08.27 13:32:05 | 001,042,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.27 13:32:05 | 000,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.27 13:32:05 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.27 13:32:05 | 000,080,108 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.27 13:32:05 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.27 12:15:31 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.27 11:08:15 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\rpl\Desktop\procexp.exe
[2010.08.20 14:52:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\defogger_reenable
[2010.08.20 14:40:55 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\fz2r7720.exe
[2010.08.18 18:13:28 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2010.08.18 12:03:41 | 000,189,160 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\schreckschußwaffen.htm
[2010.08.17 16:10:11 | 001,401,830 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Eigene Dateien\pinfect.zip
[2010.08.17 14:50:43 | 005,300,731 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2010.08.17 14:48:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.08.17 14:48:37 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.08.17 14:48:36 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.08.17 14:48:35 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.08.17 10:02:11 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\HijackThis.lnk
[2010.08.16 17:49:49 | 000,001,475 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\Windows-Explorer.lnk
[2010.08.16 17:49:49 | 000,000,577 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Corel VideoStudio 2010.lnk
[2010.08.16 13:06:45 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 21:15:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.12 15:52:41 | 000,052,848 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.12 15:40:07 | 000,251,712 | RHS- | M] () -- C:\ntldr
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.28 23:11:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.08.28 23:11:23 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.08.28 16:14:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.28 16:14:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.28 16:14:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.28 16:14:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.28 16:14:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.28 16:00:44 | 003,830,469 | R--- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\ComboFix.exe
[2010.08.27 12:15:31 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.20 14:52:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\defogger_reenable
[2010.08.20 14:40:55 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\fz2r7720.exe
[2010.08.18 18:08:05 | 000,075,064 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\hjtscanlist.txt
[2010.08.18 12:03:40 | 000,189,160 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\schreckschußwaffen.htm
[2010.08.17 16:10:14 | 001,401,830 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Eigene Dateien\pinfect.zip
[2010.08.17 14:50:07 | 005,300,731 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2010.08.17 14:48:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.08.17 14:48:36 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.08.17 10:02:11 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\HijackThis.lnk
[2010.05.31 17:41:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2010.05.18 21:39:51 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.05.18 21:39:17 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010.05.05 11:00:13 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.05.05 11:00:13 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\996B88D018.sys
[2010.03.10 14:48:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2010.02.04 13:05:08 | 000,000,110 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2010.02.03 20:09:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2010.02.03 20:09:14 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2010.02.03 20:09:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2010.02.03 20:09:14 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2010.02.03 19:46:57 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2010.02.03 19:42:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.09 14:02:48 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.09 14:02:48 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\PnkBstrK.sys
[2009.09.18 12:07:48 | 000,038,912 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.03.18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003.05.30 17:27:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CmCardRm.dll
 
========== LOP Check ==========
 
[2009.09.23 10:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2010.05.19 18:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2010.05.05 10:10:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2010.05.18 21:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.08.17 14:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.02.03 19:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.05.05 10:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2010.01.16 12:10:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2009.09.22 20:40:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.01.16 12:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
[2010.05.19 22:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Vodafone
[2009.09.23 10:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Ashampoo
[2010.05.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\FreeVideoConverter
[2009.09.23 19:24:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Ideazon
[2010.01.17 20:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\MAGIX
[2010.03.21 20:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\TS3Client
[2009.09.22 20:55:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\TuneUp Software
[2010.05.05 13:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Ulead Systems
[2010.08.17 11:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Uniblue
[2010.01.16 12:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Vodafone
 
========== Purity Check ==========
 
 
< End of report >

Code:

OTL Extras logfile created on: 02.09.2010 09:03:21 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 21,62 Gb Free Space | 44,28% Space Free | Partition Type: NTFS
Drive D: | 136,72 Gb Total Space | 98,33 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 39,94 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive F: | 93,42 Gb Total Space | 25,39 Gb Free Space | 27,18% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,03 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Prorgamme aktuell\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Prorgamme aktuell\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\ROEd.exe" = D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\ROEd.exe:*:Enabled:RedOrchestra SDK Beta -- ()
"D:\Prorgamme aktuell\SteamApps\nvaler\half-life 2 deathmatch\hl2.exe" = D:\Prorgamme aktuell\SteamApps\nvaler\half-life 2 deathmatch\hl2.exe:*:Disabled:hl2 -- ()
"D:\Prorgamme aktuell\Steam.exe" = D:\Prorgamme aktuell\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\RedOrchestra.exe" = D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\RedOrchestra.exe:*:Enabled:Darkest Hour: Europe '44-'45 -- ()
"D:\Prorgamme aktuell\SteamApps\nvaler\counter-strike source\hl2.exe" = D:\Prorgamme aktuell\SteamApps\nvaler\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
"{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
"{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{72327FA3-281D-4BC6-AB4C-FA24BDF352D5}" = IPM_V
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C08317D2-9E63-470F-A058-71595DDFF5C8}" = Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A77CEE-B8A4-42D9-AF49-E728E8F10D45}" = ICA
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB0EAA54-406C-4119-9A63-EDD0DC1B2B47}" = Sony Ericsson PC Suite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D176D00E-4408-48FB-9D86-ADCFB384FD08}" = Nva
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB 
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"C-Media Card Reader Driver" = C-Media USB Mass Storage Driver
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass  (02/02/2007 1.0.5.0)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free CD Ripper_is1" = Free CD Ripper V 1.8
"Free Studio_is1" = Free Studio version 4.3
"Free Video Converter_is1" = Free Video Converter V 2.7
"HijackThis" = HijackThis 2.0.2
"Hollywood FX" = Pinnacle Hollywood FX
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"MAGIX Slideshow Maker D" = MAGIX Slideshow Maker 1.0.1.3 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = NetShow Tools 3.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeGXViewer" = NeGXViewer
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 1220" = RedOrchestra SDK Beta
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 340" = Half-Life 2: Lost Coast
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.1.8.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a" = FasterPing
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2010 05:28:33 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.04.2010 06:27:22 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 19.04.2010 15:11:30 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.04.2010 04:06:30 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.04.2010 04:13:33 | Computer Name = LACHMANN-DDF883 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jaucheck.exe, Version 2.0.1.2, fehlgeschlagenes
 Modul jaucheck.exe, Version 2.0.1.2, Fehleradresse 0x0000c8d0.
 
Error - 22.04.2010 14:14:50 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 24.04.2010 04:08:30 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 24.04.2010 04:08:33 | Computer Name = LACHMANN-DDF883 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 24.04.2010 04:08:35 | Computer Name = LACHMANN-DDF883 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 24.04.2010 04:08:35 | Computer Name = LACHMANN-DDF883 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 26.07.2010 05:45:09 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 26.07.2010 05:45:22 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.07.2010 05:45:51 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 26.07.2010 05:46:14 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.07.2010 05:46:29 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 29.07.2010 15:17:07 | Computer Name = LACHMANN-DDF883 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.101 für die Netzwerkkarte mit der Netzwerkadresse
 001617EDBD59 wurde durch  den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.08.2010 23:58:40 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst JavaQuickStarterService.
 
Error - 29.08.2010 06:26:18 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 30.08.2010 08:38:03 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 30.08.2010 10:55:09 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
[ TuneUp Events ]
Error - 09.01.2010 08:01:12 | Computer Name = LACHMANN-DDF883 | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.01.2010 08:02:02 | Computer Name = LACHMANN-DDF883 | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.01.2010 08:03:12 | Computer Name = LACHMANN-DDF883 | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >

mfg

[pc-jedi]

Hi

Schritt 1
Fixen mit OTL

• Starte bitte die OTL.exe.
  Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Benutzerdefinierte Scans/Fixes Textbox.

Code:

:files
C:\WINDOWS\VDLL.DLL
C:\WINDOWS\System32\runouce.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\RUNDL132.EXE
C:\WINDOWS\logo1_.exe
C:\WINDOWS\logo_1.exe
D:\Downloads D\negxviewer_setup.exe
:Commands
[purity]
[emptytemp]
[resethosts]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
  Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 2
Deinstallieren von Software

• Gehe in den Arbeitsplatz.
• Klicke dort auf Systemsterung und dann auf Software
• Suche nach folgenden Einträgen und klicke auf Ändern/Enfernen
  
  Code:

  DVDVideoSoftTB Toolbar

[motschütze]

hi

Code:

All processes killed
========== FILES ==========
C:\WINDOWS\VDLL.DLL folder moved successfully.
C:\WINDOWS\System32\runouce.exe folder moved successfully.
C:\WINDOWS\rundll16.exe folder moved successfully.
C:\WINDOWS\RUNDL132.EXE folder moved successfully.
C:\WINDOWS\logo1_.exe folder moved successfully.
C:\WINDOWS\logo_1.exe folder moved successfully.
D:\Downloads D\negxviewer_setup.exe moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
 
User: rpl
->Temp folder emptied: 3267354812 bytes
->Temporary Internet Files folder emptied: 547223 bytes
->Java cache emptied: 1318508 bytes
->FireFox cache emptied: 36222733 bytes
->Flash cache emptied: 18678 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 4278243 bytes
%systemroot%\System32 .tmp files removed: 4066183 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3.160,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.11.0 log created on 09022010_152038

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[motschütze]

soweit so gut


mal noch gleich 2 -3 fragen:
warum stürtzt paint immer bein speichern ab
was ist Punkbuster servieces
und Faster Ping

mir nicht bewust so was runtergelden zu haben
braucht man das ?
und für was?
kanns weg?
und wie am besten?

mfg
aus dem erzgebirge

[pc-jedi]

Hi

Der Punkbuster Service ist ein Programm das für manche spiele erforderlich ist, da es Veränderungen am Spiel und somit "Cheaten" verhindert.
Faster Ping kenn ich nicht, das könntest du über Systemsteuerung->Software deinstallieren.

warum stürtzt paint immer bein speichern ab

Kann ich nicht genau sagen.
Läuft der PC jetzt besser?

[motschütze]

glück auf
danke
punkbuster brauch ich also
das ander kommt weg

pc läuft jetzt sehr viel besser schein ok zu sein
allein hätt ich so bestimmt nicht hinbekommen
was sollte nun getan werden?

mfg

[pc-jedi]

Nun. möchte ich noch ein OTL Logfile und wissen, ob die hohe CPU Auslastung immer noch vorhanden ist.

[motschütze]

hallo die hier?
ich komm langsan etwas durcheinander

Code:

OTL logfile created on: 02.09.2010 09:03:21 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 21,62 Gb Free Space | 44,28% Space Free | Partition Type: NTFS
Drive D: | 136,72 Gb Total Space | 98,33 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 39,94 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive F: | 93,42 Gb Total Space | 25,39 Gb Free Space | 27,18% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,03 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Razer\DeathAdder\razerhid.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Razer\DeathAdder\razerofa.exe (Razer Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\DOKUME~1\rpl\LOKALE~1\Temp\catchme.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (VIAudio) Vinyl AC'97 Audio Controller (WDM) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (DAdderFltr) -- C:\WINDOWS\system32\drivers\dadder.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (Alpham1) -- C:\WINDOWS\system32\drivers\Alpham1.sys (Ideazon Corporation)
DRV - (Alpham2) -- C:\WINDOWS\system32\drivers\Alpham2.sys (Ideazon Corporation)
DRV - (Alpham) -- C:\WINDOWS\system32\drivers\Alpham.sys (Ideazon Corporation)
DRV - (k600obex) -- C:\WINDOWS\system32\drivers\k600obex.sys (MCCI)
DRV - (k600mgmt) -- C:\WINDOWS\system32\drivers\k600mgmt.sys (MCCI)
DRV - (k600mdm) -- C:\WINDOWS\system32\drivers\k600mdm.sys (MCCI)
DRV - (k600mdfl) -- C:\WINDOWS\system32\drivers\k600mdfl.sys (MCCI)
DRV - (k600bus) Sony Ericsson 600i driver (WDM) -- C:\WINDOWS\system32\drivers\k600bus.sys (MCCI)
DRV - (MarvinBus) -- C:\WINDOWS\system32\drivers\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (UMSSSTOR) -- C:\WINDOWS\system32\drivers\Umss.SYS (C-Media Corporation)
DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH)
DRV - (PCLEPCI) -- C:\WINDOWS\system32\drivers\Pclepci.sys (Pinnacle Systems GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1957994488-839522115-112850627-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2431245&SearchSource=13"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.26 14:08:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.30 20:11:25 | 000,000,000 | ---D | M]
 
[2009.09.23 10:58:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Extensions
[2010.09.01 17:25:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions
[2010.07.01 17:51:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.07.01 17:51:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 16:26:24 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.05.18 18:18:36 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.03.16 11:42:56 | 000,000,927 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Mozilla\Firefox\Profiles\xtn1hqnf.default\searchplugins\conduit.xml
[2010.09.01 17:25:09 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.05.17 21:24:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.16 20:57:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.26 14:08:47 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.26 14:08:47 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.26 14:08:47 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.26 14:08:47 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.26 14:08:47 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.28 23:14:20 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsof1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CmCardRun] C:\WINDOWS\system32\CmWatch.exe ()
O4 - HKLM..\Run: [DeathAdder] C:\Programme\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [Standby] C:\Programme\Gemeinsame Dateien\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-1957994488-839522115-112850627-1004..\Run: [Steam] d:\prorgamme aktuell\steam.exe (Valve Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1274288242890 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.18 12:02:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.03.16 13:00:26 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.31 18:21:59 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.30 15:00:34 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.28 23:11:22 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.08.28 16:14:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.08.28 16:14:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.08.28 16:14:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.08.28 16:14:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.08.28 16:14:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.08.28 16:14:25 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010.08.28 16:13:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.08.27 12:15:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Malwarebytes
[2010.08.27 12:15:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.27 12:15:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.27 12:15:27 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.27 12:15:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.08.18 18:02:26 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.18 12:03:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\rpl\Desktop\schreckschußwaffen-Dateien
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\VDLL.DLL
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\RUNDL132.EXE
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.08.17 14:50:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\logo_1.exe
[2010.08.17 14:48:38 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.08.17 14:48:37 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.08.17 14:48:36 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.08.17 14:48:34 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\R.COM
[2010.08.17 14:48:34 | 000,140,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.08.17 14:48:32 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MicroWorld
[2010.08.17 14:48:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.08.17 14:41:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Download Manager
[2010.08.17 10:02:11 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.08.16 20:57:31 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.16 20:57:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.16 20:57:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.12 15:51:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.08.12 15:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.08.12 15:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2010.08.12 15:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.08.12 15:40:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.08.12 15:37:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.08.12 15:37:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.31 21:19:23 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.31 17:08:22 | 006,815,744 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\ntuser.dat
[2010.08.31 10:51:04 | 000,002,516 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.31 10:51:02 | 000,000,088 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\996B88D018.sys
[2010.08.30 20:11:26 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2010.08.30 16:54:53 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.30 16:54:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.30 16:53:53 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\rpl\ntuser.ini
[2010.08.28 23:14:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.28 23:14:20 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.28 23:11:25 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.08.28 16:13:25 | 003,830,469 | R--- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\ComboFix.exe
[2010.08.27 15:26:15 | 000,042,641 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010.08.27 13:32:05 | 001,042,054 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.27 13:32:05 | 000,448,800 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.27 13:32:05 | 000,432,492 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.27 13:32:05 | 000,080,108 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.27 13:32:05 | 000,067,448 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.27 12:15:31 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.27 11:08:15 | 003,887,480 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Dokumente und Einstellungen\rpl\Desktop\procexp.exe
[2010.08.20 14:52:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\defogger_reenable
[2010.08.20 14:40:55 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\fz2r7720.exe
[2010.08.18 18:13:28 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\tasklist.exe
[2010.08.18 12:03:41 | 000,189,160 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\schreckschußwaffen.htm
[2010.08.17 16:10:11 | 001,401,830 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Eigene Dateien\pinfect.zip
[2010.08.17 14:50:43 | 005,300,731 | ---- | M] () -- C:\WINDOWS\REGBK00.ZIP
[2010.08.17 14:48:52 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.08.17 14:48:37 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.08.17 14:48:36 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.08.17 14:48:35 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.08.17 10:02:11 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\HijackThis.lnk
[2010.08.16 17:49:49 | 000,001,475 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Desktop\Windows-Explorer.lnk
[2010.08.16 17:49:49 | 000,000,577 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Corel VideoStudio 2010.lnk
[2010.08.16 13:06:45 | 000,197,752 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.12 21:15:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.12 15:52:41 | 000,052,848 | ---- | M] () -- C:\Dokumente und Einstellungen\rpl\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.08.12 15:40:07 | 000,251,712 | RHS- | M] () -- C:\ntldr
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.28 23:11:25 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.08.28 23:11:23 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010.08.28 16:14:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.08.28 16:14:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.08.28 16:14:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.08.28 16:14:31 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.08.28 16:14:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.08.28 16:00:44 | 003,830,469 | R--- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\ComboFix.exe
[2010.08.27 12:15:31 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.20 14:52:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\defogger_reenable
[2010.08.20 14:40:55 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\fz2r7720.exe
[2010.08.18 18:08:05 | 000,075,064 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\hjtscanlist.txt
[2010.08.18 12:03:40 | 000,189,160 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\schreckschußwaffen.htm
[2010.08.17 16:10:14 | 001,401,830 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Eigene Dateien\pinfect.zip
[2010.08.17 14:50:07 | 005,300,731 | ---- | C] () -- C:\WINDOWS\REGBK00.ZIP
[2010.08.17 14:48:52 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Lic.xxx
[2010.08.17 14:48:36 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.08.17 10:02:11 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Desktop\HijackThis.lnk
[2010.05.31 17:41:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2010.05.18 21:39:51 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010.05.18 21:39:17 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2010.05.05 11:00:13 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.05.05 11:00:13 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\996B88D018.sys
[2010.03.10 14:48:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2010.02.04 13:05:08 | 000,000,110 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2010.02.03 20:09:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2010.02.03 20:09:14 | 000,000,922 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2010.02.03 20:09:14 | 000,000,061 | ---- | C] () -- C:\WINDOWS\dswplug.ini
[2010.02.03 20:09:14 | 000,000,011 | ---- | C] () -- C:\WINDOWS\Msdevctl.ini
[2010.02.03 19:46:57 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2010.02.03 19:42:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.09 14:02:48 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.01.09 14:02:48 | 000,139,152 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\PnkBstrK.sys
[2009.09.18 12:07:48 | 000,038,912 | ---- | C] () -- C:\Dokumente und Einstellungen\rpl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.03.18 09:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2003.05.30 17:27:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\CmCardRm.dll
 
========== LOP Check ==========
 
[2009.09.23 10:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2010.05.19 18:43:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz
[2010.05.05 10:10:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InterVideo
[2010.05.18 21:40:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.08.17 14:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MicroWorld
[2010.02.03 19:45:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.05.05 10:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2010.01.16 12:10:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2009.09.22 20:40:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.01.16 12:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone
[2010.05.19 22:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Vodafone
[2009.09.23 10:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Ashampoo
[2010.05.18 18:16:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\FreeVideoConverter
[2009.09.23 19:24:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Ideazon
[2010.01.17 20:22:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\MAGIX
[2010.03.21 20:56:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\TS3Client
[2009.09.22 20:55:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\TuneUp Software
[2010.05.05 13:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Ulead Systems
[2010.08.17 11:39:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Uniblue
[2010.01.16 12:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\rpl\Anwendungsdaten\Vodafone
 
========== Purity Check ==========
 
 
< End of report >

Code:

OTL Extras logfile created on: 02.09.2010 09:03:21 - Run 2
OTL by OldTimer - Version 3.2.11.0     Folder = C:\Dokumente und Einstellungen\rpl\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 21,62 Gb Free Space | 44,28% Space Free | Partition Type: NTFS
Drive D: | 136,72 Gb Total Space | 98,33 Gb Free Space | 71,92% Space Free | Partition Type: NTFS
Drive E: | 136,72 Gb Total Space | 39,94 Gb Free Space | 29,22% Space Free | Partition Type: NTFS
Drive F: | 93,42 Gb Total Space | 25,39 Gb Free Space | 27,18% Space Free | Partition Type: NTFS
Drive G: | 48,83 Gb Total Space | 47,03 Gb Free Space | 96,31% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: 
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_USERS\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- D:\Prorgamme aktuell\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- D:\Prorgamme aktuell\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\ROEd.exe" = D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\ROEd.exe:*:Enabled:RedOrchestra SDK Beta -- ()
"D:\Prorgamme aktuell\SteamApps\nvaler\half-life 2 deathmatch\hl2.exe" = D:\Prorgamme aktuell\SteamApps\nvaler\half-life 2 deathmatch\hl2.exe:*:Disabled:hl2 -- ()
"D:\Prorgamme aktuell\Steam.exe" = D:\Prorgamme aktuell\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\RedOrchestra.exe" = D:\Prorgamme aktuell\SteamApps\common\red orchestra\System\RedOrchestra.exe:*:Enabled:Darkest Hour: Europe '44-'45 -- ()
"D:\Prorgamme aktuell\SteamApps\nvaler\counter-strike source\hl2.exe" = D:\Prorgamme aktuell\SteamApps\nvaler\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0893078B-8A9A-84D6-D393-119B9B0B033A}" = CCC Help French
"{0E2A60F7-2907-5718-FF16-7D8FAF70051E}" = CCC Help Chinese Standard
"{14FAE013-AE19-4FC9-B5BF-E56ADC01ECE6}" = CCC Help Turkish
"{17BB2784-6EE4-D7FF-FE63-58A3AD2B3708}" = CCC Help Russian
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{20DFB114-5520-4BEE-B276-4A4204E1FBB4}" = PureHD
"{233588CF-96D5-46AF-EF74-7EC382662791}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{2DD9C2F1-CC6E-449D-935B-4111396EF19F}" = MLE
"{3260ECBC-9DDF-E7A3-0863-449473BC7BD5}" = CCC Help Chinese Traditional
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39C6C229-CFFD-639E-229A-E463FCD87478}" = CCC Help German
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F11FC80-CE8C-1BD4-5C39-EBE5744E5135}" = CCC Help Portuguese
"{4FAB2BA7-E16C-95D2-F326-60A68409373F}" = Catalyst Control Center HydraVision Full
"{529AA9A8-5020-6CFB-A809-BC5943C87077}" = CCC Help Thai
"{53604297-26FD-516D-6FF7-1063BA64A0A4}" = Catalyst Control Center Graphics Light
"{55BD3B0B-F054-9341-514F-295A5F7EA450}" = CCC Help Spanish
"{5A4FA9C8-ED56-08C3-153B-FC5C19256290}" = CCC Help Dutch
"{624885E1-2458-4F12-A975-EA368C3523FA}" = DeviceIO
"{652BCEE6-463A-4A8E-A6E3-FCFED88345E0}" = VDS10
"{6BCD1560-6292-4A70-A808-C0FE414A7DB4}" = Contents
"{6C390D51-E5F0-4FCD-24C4-731ACAF34571}" = CCC Help Japanese
"{72327FA3-281D-4BC6-AB4C-FA24BDF352D5}" = IPM_V
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7AA8FA9A-1656-7DBD-633B-FE7A62BBED0C}" = CCC Help Czech
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C22131B-8634-CECF-F0D1-A2ECC160B450}" = CCC Help Norwegian
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90FBE4D0-2ACA-A8A8-2CC4-CFFBAE528504}" = CCC Help Finnish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D74375E-3012-E7D2-9229-B220C91F326A}" = Catalyst Control Center Core Implementation
"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9
"{9EE8BDCA-7505-4895-D91E-8108DD16292E}" = CCC Help English
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8AF8BD3-61B5-7945-4D1B-217421F604FC}" = CCC Help Hungarian
"{AA46E1C5-A709-6D9B-D99D-92E4C6E042A9}" = CCC Help Korean
"{AA62A33C-9E5E-3913-7D88-7E58A8CB1493}" = CCC Help Greek
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{B653F643-A1B4-9936-2DB6-FEA9A3110D8D}" = ccc-core-preinstall
"{B71C4637-0247-78CE-6A3D-D61645CB8921}" = ccc-utility
"{BC2E7C0B-1AC6-5F6C-F31D-E1E72D8E0B5C}" = CCC Help Danish
"{BF8C7DA7-2DE6-ED67-6C82-6BE82F8BA8D3}" = Catalyst Control Center Graphics Full New
"{C08317D2-9E63-470F-A058-71595DDFF5C8}" = Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1A77CEE-B8A4-42D9-AF49-E728E8F10D45}" = ICA
"{C409F338-BB20-6C4A-F40D-20CA07AF714C}" = CCC Help Polish
"{CB0EAA54-406C-4119-9A63-EDD0DC1B2B47}" = Sony Ericsson PC Suite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D176D00E-4408-48FB-9D86-ADCFB384FD08}" = Nva
"{D4B7B2DC-E688-A9D6-6EC0-56AE540E074C}" = Catalyst Control Center Localization All
"{D9CD701B-3F04-FC69-D974-F3A7F5E9BA30}" = CCC Help Swedish
"{D9D93D74-107D-4BD3-87D0-AABCF7C98BD5}" = Catalyst Control Center - Branding
"{E0B7F981-EA26-491A-A975-E3AB4748E9FA}" = Share
"{E213321B-1E88-B38D-DAB2-D8CB9355984A}" = Skins
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{F3FA8952-2C42-452A-BA22-2F7BDEC8D310}" = VIO
"{F4148D8F-ED3A-3097-509C-04D5560220F9}" = ccc-core-static
"{F7E68997-E626-952B-A7BF-F72066CD5D77}" = Catalyst Control Center Graphics Previews Common
"{FA36C82B-464D-51F2-A6A1-0BC9140BE067}" = CCC Help Italian
"13860389BCE916343D6A5C65169C6F0C6BF6E3EA" = Windows Driver Package - Cypress (CyUsb) USB 
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4
"AVS Video Recorder_is1" = AVS Video Recorder 2.4
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"C-Media Card Reader Driver" = C-Media USB Mass Storage Driver
"DA73216D935E3CBA996AFD6E6513ECC587E0C3C1" = Windows Driver Package - Razer (HidUsb) HIDClass  (02/02/2007 1.0.5.0)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Free CD Ripper_is1" = Free CD Ripper V 1.8
"Free Studio_is1" = Free Studio version 4.3
"Free Video Converter_is1" = Free Video Converter V 2.7
"HijackThis" = HijackThis 2.0.2
"Hollywood FX" = Pinnacle Hollywood FX
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"MAGIX Slideshow Maker D" = MAGIX Slideshow Maker 1.0.1.3 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = NetShow Tools 3.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeGXViewer" = NeGXViewer
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 1200" = Red Orchestra: Ostfront 41-45
"Steam App 1220" = RedOrchestra SDK Beta
"Steam App 1280" = Darkest Hour: Europe '44-'45
"Steam App 240" = Counter-Strike: Source
"Steam App 300" = Day of Defeat: Source
"Steam App 340" = Half-Life 2: Lost Coast
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.8a
"WIC" = Windows Imaging Component
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.1.8.4
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1957994488-839522115-112850627-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"538e2a4af313161a" = FasterPing
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.04.2010 05:28:33 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.04.2010 06:27:22 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 19.04.2010 15:11:30 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.04.2010 04:06:30 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 20.04.2010 04:13:33 | Computer Name = LACHMANN-DDF883 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung jaucheck.exe, Version 2.0.1.2, fehlgeschlagenes
 Modul jaucheck.exe, Version 2.0.1.2, Fehleradresse 0x0000c8d0.
 
Error - 22.04.2010 14:14:50 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 24.04.2010 04:08:30 | Computer Name = LACHMANN-DDF883 | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 24.04.2010 04:08:33 | Computer Name = LACHMANN-DDF883 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 24.04.2010 04:08:35 | Computer Name = LACHMANN-DDF883 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
Error - 24.04.2010 04:08:35 | Computer Name = LACHMANN-DDF883 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Die Daten sind unzulässig.  .
 
[ System Events ]
Error - 26.07.2010 05:45:09 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 26.07.2010 05:45:22 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.07.2010 05:45:51 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist 
bereits 1 Mal passiert.
 
Error - 26.07.2010 05:46:14 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 26.07.2010 05:46:29 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7034
Description = Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 29.07.2010 15:17:07 | Computer Name = LACHMANN-DDF883 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.101 für die Netzwerkkarte mit der Netzwerkadresse
 001617EDBD59 wurde durch  den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server 
hat eine DHCPNACK-Meldung gesendet).
 
Error - 25.08.2010 23:58:40 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst JavaQuickStarterService.
 
Error - 29.08.2010 06:26:18 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 30.08.2010 08:38:03 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 30.08.2010 10:55:09 | Computer Name = LACHMANN-DDF883 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
[ TuneUp Events ]
Error - 09.01.2010 08:01:12 | Computer Name = LACHMANN-DDF883 | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.01.2010 08:02:02 | Computer Name = LACHMANN-DDF883 | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
Error - 09.01.2010 08:03:12 | Computer Name = LACHMANN-DDF883 | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >

oder soll ich snoch mal laufen lassen?