OTL Extras logfile created on: 03.06.2010 11:22:15 - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\Thomas\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 50,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 26,90 Gb Free Space | 36,14% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: THOMAS-PC Current User Name: Thomas Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{422691F3-3CFA-6607-06D6-CA579E6B35AD}" = ATI Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A6265E62-D56F-E3D9-8C7C-BC2E0A6FA1B1}" = ccc-utility64 "{AEEE3540-F708-453C-910E-0CE78AF433CA}" = Symantec Endpoint Protection "{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID-Anmelde-Assistent "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "Creative OA001" = Integrated Webcam Driver (1.06.03.0309) "Redirection Port Monitor" = RedMon - Redirection Port Monitor [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00D8A43D-4FE6-7AF1-FE10-05B87B07831E}" = CCC Help English "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{17DB2BEE-2FD6-456F-5E5D-C38DB1ABC8B5}" = ccc-core-static "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{471D55BB-00D1-F4C9-DDC5-BD8B848E204C}" = Catalyst Control Center InstallProxy "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5 "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8CBD3538-4A61-7040-A989-D5CAEEABB12C}" = Catalyst Control Center Localization All "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DB192F7-BABD-9205-4F47-69BFC5CE12AB}" = Catalyst Control Center Graphics Previews Vista "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{D02A3DBC-6A86-2FB3-699F-6F95BD7A811E}" = Catalyst Control Center Graphics Full New "{D79B34A7-658C-4406-B4A5-6C982E07D57F}" = Steganos Password Manager 11 "{DF0D3C2E-11B5-7937-7929-06EC35FF760D}" = Catalyst Control Center Core Implementation "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E81BE8F9-E988-4531-08C5-4D03FE2F774F}" = Catalyst Control Center Graphics Full Existing "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FD14A51B-2206-D07A-A610-8EBCA8D611A3}" = Catalyst Control Center Graphics Light "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX Setup "ENTERPRISE" = Microsoft Office Enterprise 2007 "Free FLV Converter_is1" = Free FLV Converter V 6.7.8 "FreePDF_XP" = FreePDF (Remove only) "GPL Ghostscript 8.70" = GPL Ghostscript 8.70 "GPL Ghostscript 8.71" = GPL Ghostscript 8.71 "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "ST6UNST #1" = Recorder "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "WinLiveSuite_Wave3" = Windows Live Essentials "XMind" = XMind [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "090215de958f1060" = Curse Client [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 30.05.2010 15:53:27 | Computer Name = Thomas-PC | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Bloodhound.SONAR.1 in File: c:\windows\659.exe by: PTS Scan scan. Action: Process or service must be halted. Action Description: Error - 30.05.2010 16:37:49 | Computer Name = Thomas-PC | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Bloodhound.SONAR.1 in File: c:\windows\659.exe by: PTS Scan scan. Action: Quarantine failed. Action Description: The file was left unchanged. Error - 30.05.2010 16:37:49 | Computer Name = Thomas-PC | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Bloodhound.SONAR.1 in File: c:\windows\659.exe by: PTS Scan scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully. Error - 31.05.2010 09:01:34 | Computer Name = Thomas-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xcd8 Startzeit der fehlerhaften Anwendung: 0x01cb0029693de032 Pfad der fehlerhaften Anwendung: C:\Windows\SysWOW64\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: a32b83e7-6cb4-11df-851b-002219e296a5 Error - 01.06.2010 01:25:45 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714 Description = Error - 01.06.2010 01:26:00 | Computer Name = Thomas-PC | Source = MsiInstaller | ID = 11714 Description = Error - 01.06.2010 01:28:32 | Computer Name = Thomas-PC | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Trojan.Gen in File: C:\Windows\SysWOW64\zfgrjtwh.uuq by: Auto-Protect scan. Action: Delete failed : Quarantine failed. Action Description: The file was left unchanged. Error - 01.06.2010 01:28:33 | Computer Name = Thomas-PC | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Windows\SysWOW64\zfgrjtwh.uuq by: Auto-Protect scan. Action: Delete failed : Quarantine failed : Access denied. Action Description: The file was left unchanged. Error - 01.06.2010 01:28:34 | Computer Name = Thomas-PC | Source = Symantec AntiVirus | ID = 16711726 Description = Security Risk Found!Trojan.Gen in File: C:\Windows\SysWOW64\zfgrjtwh.uuq by: Auto-Protect scan. Action: Delete succeeded. Action Description: The file was deleted successfully. Error - 01.06.2010 01:28:36 | Computer Name = Thomas-PC | Source = Symantec AntiVirus | ID = 16711731 Description = Security Risk Found!Trojan.Gen in File: C:\Windows\SysWOW64\zfgrjtwh.uuq by: Auto-Protect scan. Action: Delete succeeded : Access denied. Action Description: The file was deleted successfully. [ Media Center Events ] Error - 25.02.2010 15:16:28 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0 Description = 20:16:28 - Directory konnte nicht abgerufen werden (Fehler: Der Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com') Error - 25.02.2010 17:53:31 | Computer Name = Thomas-PC | Source = MCUpdate | ID = 0 Description = 22:53:06 - Fehler beim Herstellen der Internetverbindung. 22:53:06 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 02.06.2010 00:06:20 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COH_Mon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 02.06.2010 01:06:24 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COH_Mon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 02.06.2010 11:18:39 | Computer Name = Thomas-PC | Source = Application Popup | ID = 875 Description = Treiber COH_Mon.sys konnte nicht geladen werden. Error - 02.06.2010 11:18:39 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COH_Mon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 02.06.2010 13:54:42 | Computer Name = Thomas-PC | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. Error - 02.06.2010 14:55:05 | Computer Name = Thomas-PC | Source = Application Popup | ID = 875 Description = Treiber COH_Mon.sys konnte nicht geladen werden. Error - 02.06.2010 14:55:05 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COH_Mon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 02.06.2010 15:55:16 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COH_Mon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 02.06.2010 16:55:22 | Computer Name = Thomas-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "COH_Mon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1275 Error - 03.06.2010 04:41:40 | Computer Name = Thomas-PC | Source = ACPI | ID = 327693 Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft. < End of report >