| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Kritischer Fehler Festplatte - Daten weg - Nichts geht mehrWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.06.2011, 11:15
| #1 |
 |  Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr Hallo liebe Forengemeinde, ich hatte plötzlich das Problem dass mein Laptop einen kritischen Fehler der Festplatte meldete und irgendsoein Diagnoseprogramm von Windows XP startete. Nichts ging mehr und mein Desktop war leer, meine Schnellstartleiste weg und im Explorer gab es keine Dateien mehr. Auch die Programme unter "Start" waren leer gefegt. Habe ein bisschen im Internet recherchiert und bin auf dieses Forum gestoßen. Ich habe bereits etwas vorbereitet: Vollscan Nr. 1 mit Malwarebytes in einem schon lange bestehenden anderen Benutzerkonto, das gar nicht benutzt wurde (hab leider immer im Adminkonto gearbeitet). Konnte nicht mehr im Adminbereich scannen, da er dann abstürzte: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6842 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 12.06.2011 22:43:31 mbam-log-2011-06-12 (22-43-31).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 257202 Time elapsed: 55 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 1 Files Infected: 5 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: c:\osidfjklsdw (Trojan.SpyEyes) -> Quarantined and deleted successfully. Files Infected: c:\dokumente und einstellungen\all users\anwendungsdaten\15654692.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\all users\anwendungsdaten\swpgvtldjxov.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\system volume information\_restore{391197e0-8c57-4c06-9c98-32e013c26e86}\RP141\A0079682.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully. c:\osidfjklsdw\config.bin (Trojan.SpyEyes) -> Quarantined and deleted successfully. Im Anschluss daran habe ich ins Adminkonto gewechselt und hab einen 2. Durchlauf durchgeführt: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 6842 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 13.06.2011 10:27:35 mbam-log-2011-06-13 (10-27-35).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 257360 Laufzeit: 55 Minute(n), 47 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 3 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\osidfjklsdw.exe (Trojan.SpyEyes) -> Value: osidfjklsdw.exe -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Danach habe ich mit OTL wie hier schon zigfach beschrieben gescannt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2011 10:40:12 - Run 1 OTL by OldTimer - Version 3.2.24.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,20% Memory free 4,84 Gb Paging File | 4,39 Gb Available in Paging File | 90,53% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 148,80 Gb Total Space | 90,16 Gb Free Space | 60,59% Space Free | Partition Type: NTFS Drive E: | 3,84 Gb Total Space | 1,94 Gb Free Space | 50,40% Space Free | Partition Type: FAT32 Computer Name: CHRIS | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.06 18:15:20 | 000,532,320 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe PRC - [2011.05.06 17:33:00 | 000,393,112 | -H-- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2010.09.07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe PRC - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe PRC - [2010.04.13 00:46:36 | 001,135,912 | -H-- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.03.04 16:08:22 | 000,099,720 | -H-- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.09.11 12:34:22 | 002,403,840 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2009.09.11 12:33:54 | 000,009,216 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2009.03.12 16:37:12 | 000,380,928 | -H-- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.08.25 13:47:12 | 000,356,352 | -H-- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe PRC - [2006.08.02 00:38:30 | 000,802,816 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe PRC - [2006.08.02 00:32:44 | 000,696,320 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe PRC - [2006.08.02 00:27:54 | 000,479,232 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe PRC - [2006.06.29 10:30:34 | 000,184,320 | -H-- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe PRC - [2006.03.16 22:58:50 | 000,974,848 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe PRC - [2006.03.03 00:50:52 | 000,151,552 | -H-- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\Toshiba.exe PRC - [2006.02.07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe PRC - [2006.02.02 13:11:38 | 000,073,728 | -H-- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe PRC - [2005.10.06 05:20:00 | 000,122,940 | -H-- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE PRC - [2005.08.03 16:16:04 | 000,266,240 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe PRC - [2005.08.03 16:15:50 | 000,040,960 | -H-- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe PRC - [2005.04.12 10:05:26 | 000,065,536 | -H-- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe PRC - [2005.01.18 01:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | -H-- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (SafeList) ========== MOD - [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2006.05.01 22:04:00 | 001,466,368 | -H-- | M] () -- C:\WINDOWS\system32\nview.dll MOD - [2006.05.01 22:04:00 | 000,311,296 | -H-- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsde.dll MOD - [2006.05.01 22:04:00 | 000,081,920 | -H-- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll ========== Win32 Services (SafeList) ========== SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.06 17:33:00 | 000,393,112 | -H-- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner) SRV - [2010.09.07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus) SRV - [2010.03.04 16:08:22 | 002,106,760 | -H-- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate) SRV - [2010.03.04 16:08:22 | 000,099,720 | -H-- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler) SRV - [2009.09.11 12:33:54 | 000,009,216 | -H-- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2008.11.09 22:48:14 | 000,602,392 | -H-- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.02.07 16:30:40 | 000,035,840 | -H-- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV) SRV - [2005.01.18 01:38:38 | 000,040,960 | -H-- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs) SRV - [2004.10.22 03:24:18 | 000,073,728 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2001.11.12 13:31:48 | 000,020,480 | -H-- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.05.29 09:11:20 | 000,022,712 | -H-- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.09.07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2010.09.07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2010.09.07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2010.09.07 16:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2010.09.07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2010.09.07 16:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2009.06.29 18:00:50 | 000,112,640 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet) DRV - [2009.06.29 18:00:50 | 000,102,656 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake) DRV - [2009.04.09 13:38:30 | 000,102,400 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.10.09 13:50:04 | 000,018,816 | -H-- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2006.08.02 01:27:48 | 000,012,544 | -H-- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2006.05.30 16:42:52 | 000,045,696 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs) DRV - [2006.05.05 16:13:52 | 004,271,616 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.03.22 08:56:24 | 001,522,688 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.12.13 18:08:44 | 001,124,097 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.11.30 19:12:00 | 000,162,560 | -H-- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.11.28 10:45:16 | 000,007,040 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid) DRV - [2005.10.20 14:03:42 | 000,006,144 | -H-- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD) DRV - [2005.10.06 05:20:00 | 000,094,332 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM) DRV - [2005.10.06 05:20:00 | 000,087,036 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M) DRV - [2005.10.06 05:20:00 | 000,086,524 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M) DRV - [2005.10.06 05:20:00 | 000,025,628 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM) DRV - [2005.10.06 05:20:00 | 000,014,684 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM) DRV - [2005.10.06 05:20:00 | 000,006,364 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM) DRV - [2005.10.06 05:20:00 | 000,002,496 | -H-- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN) DRV - [2005.09.09 14:47:10 | 000,009,344 | -H-- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec) DRV - [2005.08.25 12:16:52 | 000,005,628 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM) DRV - [2005.08.25 12:16:16 | 000,022,684 | -H-- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N) DRV - [2003.09.19 01:47:00 | 000,010,368 | -H-- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc) DRV - [2003.01.29 23:35:00 | 000,012,032 | -H-- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15003&l=dis IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=SPC2&o=15000&locale=de_DE&apn_uid=697EF5D6-20F0-44C3-B0C6-5426A8E69AF0&apn_ptnrs=PV&apn_sauid=3BA00EFB-29C0-47B9-A571-814EE90EECC3&apn_dtid=YYYYYYYYDE&q=" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=827316&p=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316" FF - HKLM\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.12 09:39:48 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.02 16:31:13 | 000,000,000 | -H-D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.30 23:23:32 | 000,000,000 | -H-D | M] [2010.06.05 18:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2010.06.05 18:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.06.12 15:37:07 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions [2010.09.17 23:04:24 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2010.05.31 16:03:11 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.21 21:50:32 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.13 18:33:46 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.30 17:49:02 | 000,002,396 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\askcom.xml [2010.12.22 18:07:49 | 000,000,873 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\conduit.xml [2011.02.20 21:40:56 | 000,001,583 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\web-search.xml [2010.09.17 23:22:45 | 000,001,196 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Firefox\Profiles\cp8opfqx.default\searchplugins\winamp-search.xml [2011.06.12 16:05:15 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.02 14:59:56 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.06.12 16:05:12 | 000,000,000 | -H-D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2011.06.02 14:59:39 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.06.12 16:05:15 | 000,000,000 | -H-D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2011.06.02 14:59:39 | 000,423,656 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.07.12 18:33:56 | 000,012,800 | -H-- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2010.07.31 15:26:41 | 000,001,392 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.31 15:26:41 | 000,002,344 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.31 15:26:41 | 000,006,805 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.31 15:26:41 | 000,001,178 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.31 15:26:41 | 000,001,105 | -H-- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programme\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software) O4 - HKLM..\Run: [CFSServ.exe] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions) O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [NDSTray.exe] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVRotateSysTray] C:\WINDOWS\System32\nvsysrot.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SearchSettings] C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TFncKy] File not found O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA) O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation) O4 - HKCU..\Run: [SwPGvtLdJxoV] File not found O4 - HKCU..\Run: [TOSCDSPD] C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\haufereader - No CLSID value found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.13 16:57:22 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{51b2492c-f401-11df-867c-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9f50ce0-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell - "" = AutoRun O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c9f50ce1-d5d3-11df-864b-00a0d1623765}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: IS CfgWiz - hkey= - key= - File not found MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2011.06.12 20:44:17 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2011.06.12 16:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2011.06.12 16:23:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.06.12 16:23:30 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.06.12 16:23:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.06.12 16:23:23 | 000,022,712 | -H-- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.06.12 16:23:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.06.12 16:21:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.06.12 16:21:45 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.12 16:05:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings [2011.06.12 16:05:08 | 000,000,000 | -H-D | C] -- C:\Programme\Application Updater [2011.06.12 16:05:07 | 000,000,000 | -H-D | C] -- C:\Programme\pdfforge Toolbar [2011.06.12 15:46:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows XP Restore [2011.06.12 15:32:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2011.06.10 17:53:17 | 000,000,000 | -H-D | C] -- C:\Programme\mp3DirectCut [2011.06.03 10:30:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Yahoo [2011.06.03 10:22:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion [2011.06.03 10:22:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yahoo! [2011.06.03 10:22:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Yahoo! Messenger [2011.06.03 10:22:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! [2011.06.03 10:19:20 | 000,000,000 | -H-D | C] -- C:\Programme\Yahoo! [2011.06.02 15:06:00 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2011.06.02 15:04:52 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer [2011.06.02 15:04:08 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Haufe [2011.06.02 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steuer 2010 [2011.06.02 15:03:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lexware [2011.06.02 15:02:11 | 000,000,000 | -H-D | C] -- C:\Programme\Lexware [2011.06.02 15:02:11 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.06.02 15:00:26 | 000,000,000 | -H-D | C] -- C:\Programme\Haufe [2011.06.02 15:00:24 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.06.02 14:57:11 | 000,000,000 | -H-D | C] -- C:\Programme\Gemeinsame Dateien\Lexware [2011.06.02 14:57:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Lexware [2011.06.02 13:43:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Foxit Reader 5.0 [2011.06.02 13:43:05 | 000,000,000 | -H-D | C] -- C:\Programme\Foxit Software [2011.06.02 11:43:47 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Steuererklärung2010 [2011.06.02 11:24:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Adobe [2011.05.31 16:19:03 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Recuva [2011.05.31 16:19:02 | 000,000,000 | -H-D | C] -- C:\Programme\Recuva [2011.05.31 16:18:28 | 002,451,576 | -H-- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Admin\Desktop\rcsetup1.40.525.exe [2011.05.22 14:43:01 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2006.09.14 11:48:14 | 000,053,248 | -H-- | C] ( ) -- C:\WINDOWS\System32\DLLVGA.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.06.13 10:30:07 | 000,001,086 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.06.13 10:29:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.06.13 10:29:48 | 3219,181,568 | -HS- | M] () -- C:\hiberfil.sys [2011.06.13 10:01:00 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011.06.13 09:54:00 | 000,001,090 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.06.12 16:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.06.12 16:14:06 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Admin\Desktop\mbam-setup-1.51.0.1200.exe [2011.06.12 15:46:18 | 000,000,128 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r [2011.06.12 15:46:18 | 000,000,112 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692 [2011.06.12 15:46:17 | 000,000,827 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk [2011.06.12 15:46:15 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692 [2011.06.12 15:26:27 | 000,045,378 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.06.12 15:23:20 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.06.10 17:53:18 | 000,000,702 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\mp3DirectCut.lnk [2011.06.02 14:58:58 | 000,459,340 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.06.02 14:58:58 | 000,441,458 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.06.02 14:58:58 | 000,084,676 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.06.02 14:58:58 | 000,071,394 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.06.02 11:25:55 | 000,046,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.31 16:18:36 | 002,451,576 | -H-- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Admin\Desktop\rcsetup1.40.525.exe [2011.05.30 13:35:35 | 000,086,280 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Whiskybestellung_Spanien_300511.pdf [2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.05.29 09:11:20 | 000,022,712 | -H-- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.05.24 20:48:18 | 000,185,016 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.05.24 19:00:12 | 000,121,346 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf [2011.05.16 21:19:04 | 000,039,007 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\NichtLustig_PU.jpg [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.06.12 15:46:18 | 000,000,128 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692r [2011.06.12 15:46:18 | 000,000,112 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15654692 [2011.06.12 15:46:17 | 000,000,827 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows XP Restore.lnk [2011.06.12 15:46:15 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15654692 [2011.06.10 17:53:18 | 000,000,702 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\mp3DirectCut.lnk [2011.05.30 13:35:32 | 000,086,280 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Whiskybestellung_Spanien_300511.pdf [2011.05.24 19:00:10 | 000,121,346 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Empfangsbestätigung - IDEV - Internet Datenerhebung im Statistischen Verbund.pdf [2011.05.16 21:19:20 | 000,039,007 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Eigene Dateien\NichtLustig_PU.jpg [2011.02.20 19:55:31 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.09.11 17:41:31 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\System32\wsodsini.dll [2010.08.29 19:23:57 | 000,000,530 | -H-- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2010.05.29 19:13:36 | 000,046,592 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.05.29 14:36:17 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.05.25 21:11:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat [2010.05.21 19:10:37 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.06.16 13:25:02 | 000,121,512 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2006.09.14 18:34:45 | 001,519,616 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe [2006.09.14 18:34:44 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.09.14 18:34:43 | 001,662,976 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.09.14 18:34:43 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.09.14 18:34:41 | 001,466,368 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2006.09.14 18:34:41 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2006.09.14 18:34:38 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2006.09.14 18:34:38 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.09.14 18:34:37 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.09.14 18:34:26 | 000,121,995 | -H-- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2006.09.14 14:30:22 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.14 14:14:50 | 000,000,562 | -H-- | C] () -- C:\WINDOWS\TBTdetect.ini [2006.09.14 13:54:01 | 000,000,400 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2006.09.14 13:50:38 | 000,127,184 | -H-- | C] () -- C:\WINDOWS\Unwise.exe [2006.09.14 12:18:00 | 000,000,222 | -H-- | C] () -- C:\WINDOWS\wininit.ini [2006.09.14 12:10:35 | 000,204,800 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.09.14 12:10:34 | 000,200,704 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.09.14 12:10:34 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.09.14 12:10:34 | 000,192,512 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.09.14 12:10:34 | 000,188,416 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.09.14 12:10:34 | 000,020,480 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.09.14 11:57:09 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\NDSTray.INI [2006.09.14 11:56:57 | 000,036,736 | -H-- | C] () -- C:\WINDOWS\System32\drivers\CSIIDecoder_kern_i386.sys [2006.09.14 11:56:57 | 000,029,184 | -H-- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys [2006.09.14 11:48:14 | 000,118,784 | -H-- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll [2006.09.14 11:40:34 | 000,010,161 | -H-- | C] () -- C:\WINDOWS\System32\tosmreg.ini [2006.09.14 11:40:34 | 000,007,671 | -H-- | C] () -- C:\WINDOWS\System32\cseltbl.ini [2006.09.14 11:40:33 | 000,128,113 | -H-- | C] () -- C:\WINDOWS\System32\csellang.ini [2006.09.14 11:40:33 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\csellang.dll [2006.09.14 11:38:34 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ1.dat [2006.09.14 11:38:34 | 000,000,176 | -H-- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat [2006.09.14 11:38:32 | 000,135,168 | -H-- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.09.14 11:38:32 | 000,040,960 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2006.09.13 17:48:16 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.09.13 17:47:28 | 000,185,016 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.09.13 17:00:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.09.13 16:53:35 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.09.13 16:41:43 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\MakeMrk.exe [2006.09.13 16:41:43 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll [2006.09.13 16:41:43 | 000,000,083 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2006.09.13 16:41:31 | 000,459,340 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.09.13 16:41:31 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.09.13 16:41:31 | 000,084,676 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.09.13 16:41:31 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.09.13 16:40:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.09.13 16:40:53 | 000,441,458 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.09.13 16:40:53 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.09.13 16:40:53 | 000,071,394 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.09.13 16:40:53 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.09.13 16:40:52 | 000,004,631 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.09.13 16:40:50 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.09.13 16:40:47 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2006.09.13 16:40:42 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.09.13 16:40:42 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2006.09.13 16:40:37 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.09.13 16:40:28 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.01.30 23:15:42 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\px.ini [2005.09.02 14:44:00 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 14:26:04 | 000,235,008 | -H-- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 21:30:00 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 17:04:00 | 000,094,208 | -H-- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 14:43:00 | 000,114,688 | -H-- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll ========== LOP Check ========== [2010.11.01 17:08:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2011.04.14 21:42:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.11.08 16:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2011.06.12 15:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2010.11.26 18:06:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2011.05.29 22:01:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ [2010.11.07 23:28:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo [2011.06.03 21:15:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2011.05.22 14:43:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2010.09.12 11:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2011.02.20 21:44:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge [2010.09.06 21:19:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.05.12 21:30:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong [2011.06.12 16:05:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings [2010.06.05 18:43:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba [2010.10.12 09:40:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vodafone [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search [2010.10.21 16:59:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\XnView [2010.07.19 17:35:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2010.06.11 17:55:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.06.02 15:01:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe [2011.06.03 21:20:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2011.05.31 15:46:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.10.12 09:39:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.06.13 10:01:00 | 000,000,226 | -H-- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.11.01 17:08:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ACD Systems [2010.05.27 23:22:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Adobe [2010.07.04 21:32:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\AdobeUM [2006.09.20 10:11:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ATI [2010.05.29 23:25:14 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DivX [2010.07.05 12:29:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\dvdcss [2011.04.14 21:42:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\DVDVideoSoftIEHelpers [2010.11.08 16:28:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FileZilla [2010.10.12 21:07:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\FLEXnet [2011.06.12 15:32:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Foxit Software [2010.08.18 21:38:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Google [2010.11.26 18:06:51 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\gtk-2.0 [2011.05.29 22:01:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQ [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Identities [2010.05.21 19:12:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Intel [2010.11.07 23:28:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\InterVideo [2011.06.03 21:15:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Lexware [2010.05.25 21:10:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Macromedia [2011.06.12 16:23:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Malwarebytes [2010.10.09 17:56:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Microsoft [2010.05.25 21:11:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla [2011.05.22 14:43:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller [2010.09.12 11:21:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\OpenOffice.org [2011.02.20 21:44:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\pdfforge [2010.09.06 21:19:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PhotoScape [2011.05.12 21:30:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\PriceGong [2011.06.12 16:05:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Search Settings [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sonic [2010.05.28 19:35:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Sun [2010.06.05 18:43:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Thunderbird [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\toshiba [2011.06.02 11:26:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\vlc [2010.10.12 09:40:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Vodafone [2010.09.18 08:17:25 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Winamp [2010.05.22 03:19:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Windows Desktop Search [2010.10.21 16:59:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\XnView [2011.06.03 10:23:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2011.05.22 14:43:06 | 000,827,368 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\MSNInstaller\msnauins.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys [2004.08.10 14:00:00 | 017,006,491 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2010.10.05 12:33:15 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.10 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.10 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.09.13 18:46:55 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.09.13 18:46:55 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.09.13 18:46:54 | 000,434,176 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:63238B95 < End of report > Dazu gab es noch diese Datei ("Extras"):OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.06.2011 10:40:12 - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Dokumente und Einstellungen\Admin\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,20% Memory free
4,84 Gb Paging File | 4,39 Gb Available in Paging File | 90,53% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,80 Gb Total Space | 90,16 Gb Free Space | 60,59% Space Free | Partition Type: NTFS
Drive E: | 3,84 Gb Total Space | 1,94 Gb Free Space | 50,40% Space Free | Partition Type: FAT32
Computer Name: CHRIS | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.1\ICQ.exe" = C:\Programme\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Programme\ICQ7.1\aolload.exe" = C:\Programme\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300" = Canon iP3300
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}" = Vodafone Mobile Connect Lite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{90CC4231-94AC-45CD-991A-0253BFAC0650}" = mDrWiFi
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{BCB52F35-4C56-49F2-A3D6-FDED54B01847}" = pdfforge Toolbar v4.4
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD Secure Module
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast5" = avast! Free Antivirus
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"DivX Setup.divx.com" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"FileZilla Client" = FileZilla Client 3.2.7.1
"Foxit Reader_is1" = Foxit Reader 5.0
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC-Diagnose-Tool
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"IrfanView" = IrfanView (remove only)
"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"PROSet" = Intel(R) PRO Network Connections Drivers
"Recover My Files_is1" = Recover My Files
"Recuva" = Recuva
"SopCast" = SopCast 3.3.2
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Tournament Director" = The Tournament Director
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.06.2011 16:44:04 | Computer Name = CHRIS | Source = nview_info | ID = 11141121
Description =
Error - 12.06.2011 16:45:47 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 12.06.2011 16:45:48 | Computer Name = CHRIS | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 12.06.2011 16:46:15 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 12.06.2011 16:53:22 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 12.06.2011 16:53:23 | Computer Name = CHRIS | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.06.2011 04:28:28 | Computer Name = CHRIS | Source = nview_info | ID = 11141121
Description =
Error - 13.06.2011 04:30:05 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
Error - 13.06.2011 04:30:09 | Computer Name = CHRIS | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 13.06.2011 04:30:44 | Computer Name = CHRIS | Source = Media Center Scheduler | ID = 0
Description =
[ OSession Events ]
Error - 03.11.2010 09:22:35 | Computer Name = CHRIS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1533
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 12.06.2011 14:52:07 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 12.06.2011 14:52:18 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 12.06.2011 16:45:45 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 12.06.2011 16:45:49 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 12.06.2011 16:53:20 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 12.06.2011 16:53:24 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 13.06.2011 04:30:06 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 13.06.2011 04:30:09 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
Error - 13.06.2011 04:41:32 | Computer Name = CHRIS | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 13.06.2011 04:41:32 | Computer Name = CHRIS | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%5
< End of report >
Könnt Ihr mir helfen und ggf. Tipps geben? Vielen Dank Christian |
| Themen zu Kritischer Fehler Festplatte - Daten weg - Nichts geht mehr |
| 0x00000001, 4d36e972-e325-11ce-bfc1-08002be10318, 7-zip, adware.widgitoolbar, alternate, c:\windows\system32\rundll32.exe, canon, converter, desktop, disabletaskmgr, excel, festplatte, firefox, google earth, keine dateien, microsoft office word, office 2007, pdfforge toolbar, plug-in, pum.hidden.desktop, pum.hijack.displayproperties, pum.hijack.taskmanager, searchplugins, security update, spigot, symantec, trojan.fakealert, trojan.spyeyes, vodafone, windows, windows xp, wrapper |
Baum-Darstellung