Nach BKA/Bundespolizei Virus : keine Taskleiste & keine Icons !!

jc36206 · 06.11.2011, 00:55

Hallo liebe Helfer vom trojaner-board.

Ich wurde kürzlich Opfer des BKA Virus und habe folgendes gemacht:
- über abgesicherten WIN XP Modus früheren Systemwiederherstellungspunkt gewählt
dann kam ich problemlos wieder ins System
- habe dann McAffee ANtiVir, Spybot S&D , Malwarebytes laufen lassen (wurde auch was gefunden)
- ich kann das System problemlos via Taskmanager vollständig bedienen, z.B. explorer.exe starten etc.
- ABER : KEINE TASKLEISTE / KEINE ICONS sichtbar-

Was kann ich tun um die Taskleiste/Icons wieder zu bekommen ?

Anbei der Log für OTl.txt (im Anhang ist gmer.txt/extras.txt)
=============================================OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.11.2011 23:43:01 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 66,09% Memory free
2,86 Gb Paging File | 2,33 Gb Available in Paging File | 81,44% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,22 Gb Total Space | 36,01 Gb Free Space | 48,52% Space Free | Partition Type: NTFS
Drive D: | 71,90 Gb Total Space | 20,93 Gb Free Space | 29,11% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 0,46 Gb Free Space | 15,80% Space Free | Partition Type: FAT32
Drive K: | 232,83 Gb Total Space | 181,04 Gb Free Space | 77,76% Space Free | Partition Type: FAT32
 
Computer Name: JUMBO-C4R7Q18KI | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.03 23:41:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Software\OTL.exe
PRC - [2011.10.06 15:41:16 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
PRC - [2011.09.16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.19 14:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011.08.19 14:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
PRC - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.06.23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcods.exe
PRC - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006.07.03 15:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2004.02.25 15:15:50 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.13 12:44:56 | 000,071,696 | ---- | M] () -- c:\Programme\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009.02.13 12:44:52 | 000,207,376 | ---- | M] () -- c:\Programme\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009.02.13 12:44:52 | 000,117,264 | ---- | M] () -- c:\Programme\McAfee\SiteAdvisor\apengine.dll
MOD - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.10.06 15:41:16 | 000,166,024 | ---- | M] () [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.19 14:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011.08.19 14:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.06.23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.06.14 12:58:58 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.07.03 15:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Running] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.15 09:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.08.15 09:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.08.15 09:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.08.15 09:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.08.15 09:00:06 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011.08.15 09:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.08.15 09:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011.08.15 09:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011.08.15 09:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.08.15 09:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2009.09.07 12:22:58 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.05.25 12:39:51 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2008.05.12 17:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.05.02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007.05.02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007.05.02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2006.04.28 15:34:00 | 000,882,688 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.05.12 13:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004.06.29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.02.14 05:04:48 | 000,469,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2003.06.12 08:47:42 | 000,024,704 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2003.06.05 08:04:22 | 000,350,752 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programme\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.17 08:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programme\McAfee\SiteAdvisor [2011.11.03 22:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Programme\Gemeinsame Dateien\McAfee\SystemCore [2011.11.03 23:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.11 21:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.19 21:37:21 | 000,000,000 | ---D | M]
 
[2008.06.30 23:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Extensions
[2011.10.23 13:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions
[2009.06.27 07:28:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.02 13:46:32 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.09.12 21:10:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.01 22:04:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\engine@conduit.com
[2010.09.17 18:47:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\vshare@toolbar
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.23 00:00:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.19 21:17:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 06:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:16:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.27 20:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.11.03 23:36:47 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAMME\GEMEINSAME DATEIEN\MCAFEE\SYSTEMCORE
[2008.12.04 20:01:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.11.03 22:03:00 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAMME\MCAFEE\SITEADVISOR
[2011.10.11 21:42:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 21:42:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 21:42:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.11 21:42:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 21:42:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 13:46:46 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.11 21:42:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 21:42:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
 
O1 HOSTS File: ([2008.05.25 12:55:13 | 000,243,497 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 8502 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20111011231041.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8775472E-D5DE-4FE4-A94A-5D523A0EAB26}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E85D54-6BF3-405A-A963-B433B1B63BF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1C2489-8422-46C1-941C-3F265884FEF7}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mahmud.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.25 00:56:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BCFE1251-F17C-1FCC-AD1D-03AF6216FA6E} - Browseranpassungen
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.03 23:37:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee
[2011.11.03 22:51:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.03 22:51:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:36:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.11.03 22:06:20 | 000,000,000 | ---D | C] -- C:\PCWELT
[2011.10.28 11:36:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\ADMIN\Recent
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.03 23:45:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{472C7982-5779-466D-9D34-F757B334FFDB}.job
[2011.11.03 23:37:59 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011.11.03 23:33:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.03 23:33:52 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011.11.03 23:33:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.03 23:33:50 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-1284227242-725345543-1004.job
[2011.11.03 23:33:03 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{EB1C2489-8422-46C1-941C-3F265884FEF7}
[2011.11.03 23:32:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.03 23:29:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:49:03 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.03 22:36:21 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.11.03 22:00:41 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.03 22:00:40 | 000,477,232 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.03 22:00:40 | 000,091,348 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.03 22:00:40 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.28 23:14:42 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011.10.28 15:58:00 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011.10.28 13:30:48 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2011.10.23 07:51:08 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.03 23:29:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:36:21 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.01.21 23:29:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011.01.21 23:29:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011.01.21 23:29:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011.01.21 23:15:03 | 000,033,359 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.02.18 00:11:25 | 000,122,254 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mdbu.bin
[2010.02.17 23:34:46 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.11.17 19:29:15 | 000,012,989 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.11.13 19:37:56 | 000,056,180 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.10.20 13:51:56 | 000,038,464 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009.10.02 08:29:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.08.23 17:20:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009.06.15 19:30:15 | 000,170,439 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009.02.26 21:27:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.02.26 21:20:19 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.02.09 22:40:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2009.02.09 22:39:36 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2008.12.31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008.12.31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008.09.26 18:05:06 | 000,048,396 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008.09.23 20:33:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.09.23 20:33:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.09.23 20:33:44 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.09.23 20:33:44 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.09.23 20:33:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.23 20:33:42 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.09.13 23:34:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.09.02 18:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.07.19 23:08:59 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2008.07.19 23:08:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008.07.19 23:08:45 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.07.19 23:08:44 | 000,469,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008.07.19 23:08:18 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008.07.19 23:07:42 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2008.07.14 14:37:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.07.08 20:31:14 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2008.06.14 13:25:36 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008.06.14 13:25:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.06.11 20:42:24 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008.06.08 10:24:19 | 000,166,628 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008.06.08 10:24:18 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2008.06.07 09:20:29 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.05.25 19:16:34 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.25 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.05.25 11:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.05.25 11:25:48 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008.05.25 01:50:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.25 01:49:49 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.25 01:00:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.25 00:54:32 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.05.12 16:22:31 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2006.11.02 19:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006.02.13 12:29:26 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.16 14:04:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.27 16:18:30 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin
[2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.02 13:00:00 | 000,477,232 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.04.02 13:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.02 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003.04.02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.02 13:00:00 | 000,091,348 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.04.02 13:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.02 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003.04.02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.02.18 17:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999.01.27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.05.25 13:03:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\ACD Systems
[2009.09.01 11:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\AidMaker
[2011.08.01 22:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Ashampoo
[2009.08.31 12:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Auslogics
[2008.09.13 23:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Backup MyPC Deluxe
[2011.01.30 01:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Broken Sword 2.5
[2010.03.28 20:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Dropbox
[2010.09.12 21:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.05.14 20:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\FOG Downloader
[2008.07.19 23:10:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\FotoWire
[2011.10.28 11:41:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\GoodSync
[2008.08.17 12:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\KC Softwares
[2010.02.17 23:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\MAGIX
[2010.11.23 22:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\MyVideoDownloader
[2010.11.23 22:12:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\MyVideoDownloaderHD
[2008.12.31 11:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\OfficeUpdate12
[2009.08.23 17:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\ppstream
[2009.02.26 21:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Samsung
[2008.09.09 22:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\SipDiscount
[2008.09.09 22:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\SparVoip
[2008.07.24 23:42:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\VoipCheapCom
[2008.12.11 19:26:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Windows Desktop Search
[2008.12.11 19:38:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Windows Search
[2008.05.25 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010.02.17 23:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2011.08.01 22:04:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2008.10.20 20:02:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoodSync
[2010.02.17 23:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.04.19 16:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2009.09.03 11:24:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.10.04 18:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.09.17 15:11:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.04 11:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.05.22 11:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011.10.28 23:14:42 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2011.11.03 23:33:52 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2008.09.15 20:18:53 | 000,001,062 | -H-- | M] () -- C:\WINDOWS\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145632256~29957364.job
[2011.11.03 23:45:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{472C7982-5779-466D-9D34-F757B334FFDB}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.09.28 09:32:54 | 000,000,000 | ---D | M] -- C:\ATI
[2008.09.20 20:31:06 | 000,000,000 | ---D | M] -- C:\Call of Duty 4
[2011.10.23 07:49:54 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.05.15 22:20:14 | 000,000,000 | ---D | M] -- C:\CrashReport
[2011.10.28 19:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.06.15 21:03:51 | 000,000,000 | ---D | M] -- C:\Medion
[2008.05.25 13:33:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.03 22:06:20 | 000,000,000 | ---D | M] -- C:\PCWELT
[2009.03.09 23:44:35 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.03 23:35:46 | 000,000,000 | R--D | M] -- C:\Programme
[2008.05.25 12:30:35 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.08.05 17:05:20 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2008.07.19 23:09:50 | 000,000,000 | ---D | M] -- C:\SXS
[2010.11.02 22:58:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.23 19:10:23 | 000,000,000 | ---D | M] -- C:\VLCPortable
[2011.10.28 19:28:53 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004.08.03 23:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-17 11:17:41
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9638A27E
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9

< End of report >

--- --- ---

kira · 06.11.2011, 17:31

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.

Zitat:

Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:

Lade Dir Unhide.exe (Windows 7 und Vista mit Rechtsklick als Administrator ausführen

Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld

<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:

Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!

2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:

per Doppelklick starten.
gleich mal die Datenbanken zu aktualisieren - online updaten
Vollständiger Suchlauf wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung

3.
erneut einen Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

jc36206 · 07.11.2011, 20:23

Hallo Kira,

vielen Dank für die angebotene Hilfe und die Informationen!

Also:
1. Ich habe Unhide.exe laufen lassen - leider keine Änderung, d.h. Taskleiste und alle Icons sind nicht sichtbar.

2. Habe dann Malwarebytes entsprechend der Anleitung noch mal laufen lassen, 2 Viren wurden gefunden:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07.11.2011 07:56:39
mbam-log-2011-11-07 (07-56-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|)
Durchsuchte Objekte: 304034
Laufzeit: 5 Stunde(n), 10 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{af93262c-9aa5-427b-8ce0-ee1f8dfe734a}\RP595\A0165132.dll (Adware.RelevantKnowledge) -> No action taken.
d:\system volume information\_restore{179d2562-567b-4acd-8997-ac111399bb49}\RP185\A0036165.exe (Riskware.Tool.CK) -> No action taken.

3. Jetzt die OTL Logs:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.11.2011 08:58:54 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 69,20% Memory free
2,86 Gb Paging File | 2,51 Gb Available in Paging File | 88,02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,22 Gb Total Space | 36,83 Gb Free Space | 49,62% Space Free | Partition Type: NTFS
Drive D: | 71,90 Gb Total Space | 17,69 Gb Free Space | 24,60% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 0,46 Gb Free Space | 15,81% Space Free | Partition Type: FAT32
Drive K: | 232,83 Gb Total Space | 181,04 Gb Free Space | 77,76% Space Free | Partition Type: FAT32
 
Computer Name: JUMBO-C4R7Q18KI | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Software\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\OGAVerify.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\McAfee\SiteAdvisor\apengine.dll ()
MOD - C:\WINDOWS\system32\OGACheckControl.dll ()
MOD - C:\WINDOWS\system32\OGAVerify.exe ()
MOD - C:\WINDOWS\system32\PSIService.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors)
DRV - (Cap7134) MEDION (7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programme\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.17 08:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programme\McAfee\SiteAdvisor [2011.11.03 22:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Programme\Gemeinsame Dateien\McAfee\SystemCore [2011.11.07 08:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.11 21:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.19 21:37:21 | 000,000,000 | ---D | M]
 
[2008.06.30 23:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Extensions
[2011.11.06 01:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions
[2009.06.27 07:28:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.02 13:46:32 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.09.12 21:10:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.01 22:04:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\engine@conduit.com
[2010.09.17 18:47:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\vshare@toolbar
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.23 00:00:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.19 21:17:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 06:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:16:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.27 20:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.11.07 08:04:08 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAMME\GEMEINSAME DATEIEN\MCAFEE\SYSTEMCORE
[2008.12.04 20:01:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.11.03 22:03:00 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAMME\MCAFEE\SITEADVISOR
[2011.10.11 21:42:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 21:42:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 21:42:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.11 21:42:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 21:42:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 13:46:46 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.11 21:42:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 21:42:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: SiteAdvisor = C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2008.05.25 12:55:13 | 000,243,497 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 8502 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20111011231041.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8775472E-D5DE-4FE4-A94A-5D523A0EAB26}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E85D54-6BF3-405A-A963-B433B1B63BF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1C2489-8422-46C1-941C-3F265884FEF7}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mahmud.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.25 00:56:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.07 09:01:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee
[2011.11.06 20:25:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\ADMIN\Recent
[2011.11.06 19:51:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011.11.06 19:51:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2011.11.06 00:30:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2011.11.06 00:30:23 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.11.03 22:51:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.03 22:51:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:36:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.11.03 22:28:14 | 001,036,800 | ---- | C] (Microsoft Corporation) -- C:\abc.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.07 09:01:36 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011.11.07 08:59:12 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011.11.07 08:59:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.07 08:57:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.07 08:57:03 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-1284227242-725345543-1004.job
[2011.11.07 08:55:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.07 08:49:23 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.07 07:59:43 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{EB1C2489-8422-46C1-941C-3F265884FEF7}
[2011.11.07 07:56:53 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{472C7982-5779-466D-9D34-F757B334FFDB}.job
[2011.11.07 00:00:02 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011.11.06 19:51:27 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.11.06 19:51:10 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2011.11.06 14:52:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-1284227242-725345543-1004.job
[2011.11.03 23:29:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:36:21 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.11.03 22:00:41 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.03 22:00:40 | 000,477,232 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.03 22:00:40 | 000,091,348 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.03 22:00:40 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.28 15:58:00 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011.10.28 13:30:48 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2011.10.23 07:51:08 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.06 19:51:27 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.11.06 19:51:10 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2011.11.03 23:29:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:36:21 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.01.21 23:29:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011.01.21 23:29:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011.01.21 23:29:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011.01.21 23:15:03 | 000,033,359 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.02.18 00:11:25 | 000,122,254 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mdbu.bin
[2010.02.17 23:34:46 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.11.17 19:29:15 | 000,012,989 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.11.13 19:37:56 | 000,056,180 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.10.20 13:51:56 | 000,038,464 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009.10.02 08:29:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.08.23 17:20:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009.06.15 19:30:15 | 000,170,439 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009.02.26 21:27:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.02.26 21:20:19 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.02.09 22:40:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2009.02.09 22:39:36 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2008.12.31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008.12.31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008.09.26 18:05:06 | 000,048,396 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008.09.23 20:33:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.09.23 20:33:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.09.23 20:33:44 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.09.23 20:33:44 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.09.23 20:33:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.23 20:33:42 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.09.13 23:34:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.09.02 18:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.07.19 23:08:59 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2008.07.19 23:08:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008.07.19 23:08:45 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.07.19 23:08:44 | 000,469,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008.07.19 23:08:18 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008.07.19 23:07:42 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2008.07.14 14:37:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.07.08 20:31:14 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2008.06.14 13:25:36 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008.06.14 13:25:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.06.11 20:42:24 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008.06.08 10:24:19 | 000,166,628 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008.06.08 10:24:18 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2008.06.07 09:20:29 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.05.25 19:16:34 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.25 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.05.25 11:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.05.25 11:25:48 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008.05.25 01:50:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.25 01:49:49 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.25 01:00:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.25 00:54:32 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.05.12 16:22:31 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2006.11.02 19:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006.02.13 12:29:26 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.16 14:04:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.27 16:18:30 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin
[2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.02 13:00:00 | 000,477,232 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.04.02 13:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.02 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003.04.02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.02 13:00:00 | 000,091,348 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.04.02 13:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.02 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003.04.02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.02.18 17:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999.01.27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9638A27E
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 07.11.2011 08:58:54 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 69,20% Memory free
2,86 Gb Paging File | 2,51 Gb Available in Paging File | 88,02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,22 Gb Total Space | 36,83 Gb Free Space | 49,62% Space Free | Partition Type: NTFS
Drive D: | 71,90 Gb Total Space | 17,69 Gb Free Space | 24,60% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 0,46 Gb Free Space | 15,81% Space Free | Partition Type: FAT32
Drive K: | 232,83 Gb Total Space | 181,04 Gb Free Space | 77,76% Space Free | Partition Type: FAT32
 
Computer Name: JUMBO-C4R7Q18KI | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\VoipCheapCom\VoipCheapCom.exe" = C:\Programme\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom -- (VoipCheapCom)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood
"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled: 
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- ()
"C:\Programme\SipDiscount.com\SipDiscount\SipDiscount.exe" = C:\Programme\SipDiscount.com\SipDiscount\SipDiscount.exe:*:Enabled:SipDiscount
"C:\Programme\SparVoip\SparVoip.exe" = C:\Programme\SparVoip\SparVoip.exe:*:Enabled:SparVoip
"C:\Programme\sina\SAP\SAPlatform.exe" = C:\Programme\sina\SAP\SAPlatform.exe:*:Enabled:SAPlatform.exe -- (北京新浪网络技术服务有限公司)
"C:\Programme\uusee\UUSeePlayer.exe" = C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
"C:\Programme\PPStream\PPStream.exe" = C:\Programme\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream.com)
"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Facebook\facebook.exe" = C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"D:\Software\Facemoods.exe" = D:\Software\Facemoods.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies         )
"C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{106B839C-DBA9-0AA9-07E9-9A2597151FF6}" = Catalyst Control Center Graphics Full Existing
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3389299C-9F50-D0C4-197C-A8804303B79F}" = Catalyst Control Center Graphics Light
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37A17F53-D058-267B-C256-19FB6DDF3843}" = ccc-core-preinstall
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D4B1570-C236-42B3-B24F-B3AAB422C983}" = XING-Plugin
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{466B21EE-2858-4845-B2B3-056FC544DAA3}" = Logitech QuickCam
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5106480F-2039-420F-B315-213472966ED6}" = Samsung PC Studio 3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{559BA5B3-E3E1-C8A0-E301-5F50531BD44C}" = ccc-utility
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79E88160-A5E4-F7D2-1314-DEB8AADD9C29}" = ccc-core-static
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83735930-0FB1-D871-8832-B5A9E27C93CA}" = CCC Help English
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53A1A49-C3EA-406c-B87C-8E02B622D605}" = C7200_doccd
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B55EF832-4613-A19B-A222-DDB8B6CE1B52}" = Catalyst Control Center Core Implementation
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4832B53-2E80-47B9-930A-313BDFCB74DB}" = OGA Notifier 1.7.0105.35.0
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CED5BB5B-2A24-2F7F-61B1-2B557484084B}" = Catalyst Control Center Graphics Previews Common
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1268F56-DE79-19A8-C8EC-961D48FFD2FE}" = Skins
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB6C5B9-D5BB-D8AC-20F7-F1E0F8A67D5A}" = Catalyst Control Center Graphics Full New
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}" = ACDSee 6.0 Standard
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"conduitEngine" = Conduit Engine
"Diablo II" = Diablo II
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0, build 24
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Full)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ÓÆÊÓÓ°Òô²¥·ÅÆ÷(UUSEE)_is1" = UUSEE 4.2.21 °æ
"PPStream_is1" = PPStream
"QcDrv" = Logitech® Camera-Treiber
"RealPlayer 12.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SopCast" = SopCast 3.2.9
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.4.1
"Veetle TV Player" = Veetle TV Player 0.9.11
"VLC media player" = VLC media player 1.1.4
"VoipCheapCom_is1" = VoipCheapCom
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2011 14:52:35 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3029
Description = Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext:
 Windows Anwendung, SystemIndex Katalog  Details:  Der Inhaltsindex kann nicht gelesen
 werden.   (0xc0041800) 
 
Error - 28.10.2011 14:52:35 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3028
Description = Das Gatherer-Objekt kann nicht initialisiert werden.  Kontext: Windows
 Anwendung, SystemIndex Katalog  Details:  Der Inhaltsindex kann nicht gelesen werden.
   (0xc0041800) 
 
Error - 28.10.2011 14:52:35 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3058
Description = Die Anwendung kann nicht initialisiert werden.  Kontext: Windows Anwendung

Details:
	Der
 Inhaltsindex kann nicht gelesen werden.   (0xc0041800) 
 
Error - 28.10.2011 14:59:22 | Computer Name = JUMBO-C4R7Q18KI | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während 
der internen Verarbeitung erkannt. HRESULT war 80070005 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
 Wenden Sie sich an den Microsoft-Produktsuppor
 
Error - 28.10.2011 14:59:22 | Computer Name = JUMBO-C4R7Q18KI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät 
funktioniert nicht.   (0x8007001f) 
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät 
funktioniert nicht.   (0x8007001f) 
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät 
funktioniert nicht.   (0x8007001f) 
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät 
funktioniert nicht.   (0x8007001f) 
 
Error - 06.11.2011 05:42:27 | Computer Name = JUMBO-C4R7Q18KI | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2696 (0xa88)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.374
 / 5400.1158   Object being scanned = \Device\HarddiskVolume1\Programme\Java\jre6\bin\deploy.dll

 by C:\Programme\Java\jre6\bin\jqs.exe   4(0)(0)   4(0)(0)   7200(0)(0)   7595(0)(0)   7005(0)(0)

 7004(0)(0)   5006(0)(0)   5004(0)(0)  
 
[ OSession Events ]
Error - 10.11.2009 13:16:59 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7639
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
Error - 16.11.2009 12:49:13 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5632
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2009 11:31:17 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23016
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2009 13:14:14 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 787
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2009 14:37:40 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4989
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.05.2010 05:26:27 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 1988 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 16.10.2010 15:35:23 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9211
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 12.11.2010 16:22:46 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 348
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 18.12.2010 16:21:22 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application 
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session 
lasted 595 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 05.06.2011 15:35:54 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 426
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.11.2011 18:34:41 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 05.11.2011 16:31:49 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 05.11.2011 18:20:18 | Computer Name = JUMBO-C4R7Q18KI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk7\D.
 
Error - 06.11.2011 05:35:23 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 06.11.2011 05:42:28 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
Error - 06.11.2011 14:49:52 | Computer Name = JUMBO-C4R7Q18KI | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 06.11.2011 15:48:22 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 07.11.2011 03:01:38 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 07.11.2011 03:03:38 | Computer Name = JUMBO-C4R7Q18KI | Source = DCOM | ID = 10010
Description = Der Server "{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 07.11.2011 03:59:08 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
 
< End of report >

--- --- ---

4. CC Cleaner - Installierte Programme:

Code:

ATTFilter

7-Zip 9.20		06.11.2011		
ACDSee 6.0 Standard	ACD Systems Ltd.	25.05.2008	29,4MB	6.0.0
Adobe Acrobat 7.1.0 Professional	Adobe Systems	01.01.1970		7.1.0
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	06.11.2011		10.0.12.36
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	07.11.2011		10.3.181.26
Adobe Shockwave Player 11	Adobe Systems, Inc.	06.11.2011		11
Agere Systems PCI Soft Modem				
AirPlus G	D-Link	09.02.2009		
ANIO Service				
ANIWZCS2 Service		06.11.2011		
Apple Application Support	Apple Inc.	17.09.2010	44,5MB	1.3.2
Apple Mobile Device Support	Apple Inc.	17.09.2010	20,1MB	3.2.0.47
Apple Software Update	Apple Inc.	17.08.2008	2,16MB	2.1.1.116
Ashampoo Burning Studio Elements 10.0.9	Ashampoo GmbH & Co. KG	01.08.2011		3.1.1
ATI - Software Uninstall Utility		06.11.2011		6.14.10.1022
ATI Catalyst Control Center				2.008.0512.1132
ATI Display Driver		06.11.2011		8.493-080512a-063030C-ATI
Audible Download Manager	Audible, Inc.	06.11.2011		6.6.0.15
Auslogics Disk Defrag	Auslogics Software Pty Ltd	31.08.2009		version 2.1
C-Media High Definition Audio Driver		06.11.2011		
CCleaner	Piriform	07.11.2011		3.12
Conduit Engine	Conduit Ltd.	06.11.2011		
Diablo II		06.11.2011		
FLV Player 2.0, build 24	Martijn de Visser	06.11.2011		2.0, build 24
Free Audio CD Burner version 1.4	DVDVideoSoft Limited.	17.09.2010		
GoodSync	Siber Systems	06.11.2011		8.6.9.9
Google Chrome	Google Inc.	06.11.2011		15.0.874.106
Google Toolbar for Internet Explorer	Google Inc.	19.05.2009		7.1.2003.1856
HP Customer Participation Program 9.0	HP	06.11.2011		9.0
HP Imaging Device Functions 9.0	HP	06.11.2011		9.0
HP OCR Software 9.0	HP	06.11.2011		9.0
HP Photosmart All-In-One Software 9.0	HP	06.11.2011		9.0
HP Photosmart Essential 2.01	HP	06.11.2011		2.01
HP Smart Web Printing	Ihr Firmenname	08.06.2008	7,58MB	2.15.7.0
HP Solution Center 9.0	HP	06.11.2011		9.0
HP Update	Hewlett-Packard	07.09.2008	3,71MB	4.000.011.006
HPSSupply	Ihr Firmenname	08.06.2008	0,96MB	2.2.0.0000
iTunes	Apple Inc.	17.09.2010	135,9MB	10.0.0.68
Java(TM) 6 Update 26	Sun Microsystems, Inc.	04.12.2008	90,5MB	6.0.260
Java(TM) 6 Update 6	Sun Microsystems, Inc.	11.06.2008	114,3MB	1.6.0.60
Java(TM) 6 Update 7	Sun Microsystems, Inc.	10.08.2008	114,3MB	1.6.0.70
K-Lite Codec Pack 4.1.4 (Full)		23.09.2008		4.1.4
Logitech Desktop Messenger		06.11.2011		
Logitech Print Service		06.11.2011		
Logitech QuickCam	Logitech, Inc.	20.07.2008	229MB	8.20.0000
Logitech® Camera-Treiber		06.11.2011		
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	03.11.2011		1.51.2.1300
McAfee AntiVirus Plus	McAfee, Inc.	07.11.2011		11.0.623
McAfee Security Scan Plus	McAfee, Inc.	06.11.2011		2.0.181.2
Microsoft .NET Framework 2.0 Service Pack 2	Microsoft Corporation	17.10.2011	184,4MB	2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	16.02.2009	6,30MB	2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2	Microsoft Corporation	22.06.2010	207MB	3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU	Microsoft Corporation	16.02.2009	37,5MB	3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU	Microsoft Corporation	06.11.2011		
Microsoft .NET Framework 3.5 SP1	Microsoft Corporation	16.10.2010		
Microsoft Compression Client Pack 1.0 for Windows XP	Microsoft Corporation	30.06.2008		1
Microsoft Office Enterprise 2007	Microsoft Corporation	17.10.2011		12.0.6425.1000
Microsoft Office File Validation Add-In	Microsoft Corporation	17.10.2011	11,2MB	14.0.5130.5003
Microsoft Silverlight	Microsoft Corporation	17.10.2011	207MB	4.0.60831.0
Microsoft SQL Server Compact 3.5 SP1 English	Microsoft Corporation	19.04.2011	2,60MB	3.5.5692.0
Microsoft User-Mode Driver Framework Feature Pack 1.0	Microsoft Corporation	30.06.2008		
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053	Microsoft Corporation	10.08.2009	0,11MB	8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	17.06.2011	5,28MB	8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570	Microsoft Corporation	14.05.2011	10,2MB	9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	19.04.2011	10,2MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	17.06.2011	10,2MB	9.0.30729.6161
MobileMe Control Panel	Apple Inc.	04.10.2009	7,33MB	2.6.0.29
Mozilla Firefox 7.0.1 (x86 de)	Mozilla	07.11.2011		7.0.1
MSXML 4.0 SP2 (KB936181)	Microsoft Corporation	27.06.2008	2,62MB	4.20.9848.0
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	12.11.2008	2,67MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	04.12.2009	2,77MB	4.20.9876.0
MyAshampoo Toolbar	MyAshampoo	06.11.2011		6.3.2.90
Nero Suite		06.11.2011		
PowerDVD		06.11.2011		
PPStream	PPStream.com	23.08.2009		
QuickTime	Apple Inc.	17.09.2010	73,7MB	7.67.75.0
RealPlayer	RealNetworks	06.11.2011		
Recover My Files	GetData Pty Ltd	31.08.2009		3.9.8.6472
Runes of Magic	Frogster Interactive Pictures	15.05.2009		2.0.0.1821
SAMSUNG Mobile Composite Device Software		06.11.2011		
SAMSUNG Mobile Modem Driver Set		06.11.2011		
Samsung Mobile phone USB driver Software		06.11.2011		
SAMSUNG Mobile USB Modem 1.0 Software		06.11.2011		
SAMSUNG Mobile USB Modem Software		06.11.2011		
Samsung PC Studio 3	Samsung Electronics Co., Ltd.	26.02.2009		3.2.3.90502
Samsung PC Studio 3 USB Driver Installer	Samsung Electronics Co., Ltd.	26.02.2009		3.2.0.70701
Security Update for Windows Search 4 - KB963093	Microsoft Corporation	09.06.2009		
Skype™ 4.2	Skype Technologies S.A.	29.06.2010	31,7MB	4.2.169
SopCast 3.2.9	www.sopcast.com	06.11.2011		3.2.9
Spybot - Search & Destroy	Safer Networking Limited	03.11.2011		1.6.2
TVAnts 1.0		06.11.2011		
TVUPlayer 2.3.4.1	TVU networks	06.11.2011		2.3.4.1
UUSEE 4.2.21 °æ	ÓÆÊÓÍø	06.11.2011		
Veetle TV Player 0.9.11	Veetle, Inc	06.11.2011		0.9.11
VLC media player 1.1.4	VideoLAN	06.11.2011		1.1.4
VoipCheapCom	Finarea S.A. Switzerland	06.11.2011		3.02 build 424
Windows Internet Explorer 8	Microsoft Corporation	28.05.2009		20090308.140743
Windows Live Anmelde-Assistent	Microsoft Corporation	19.02.2009	1,93MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	19.02.2009		14.0.8064.0206
Windows Live-Uploadtool	Microsoft Corporation	19.02.2009	0,22MB	14.0.8014.1029
Windows Media Format 11 runtime		07.11.2011		
Windows Media Player 11		07.11.2011		
Windows Search 4.0	Microsoft Corporation	11.12.2008		04.00.6001.503
Windows XP Service Pack 3	Microsoft Corporation	25.05.2008		20080414.031514
Windows-Sicherungsprogramm	Microsoft Corporation	16.09.2008	1,24MB	5.1
WinFuture xp-Iso-Builder 3.0.7	Tobias Schiek	29.05.2009		
WinZip 11.2	WinZip Computing, S.L. 	08.06.2008	11,7MB	11.2.8094
X10 Hardware(TM)		06.11.2011		
XING-Plugin	(c) XING AG	28.09.2009	6,40MB	3.4.0

kira · 08.11.2011, 07:57

Zitat:

Zitat von jc36206

1. Ich habe Unhide.exe laufen lassen - leider keine Änderung, d.h. Taskleiste und alle Icons sind nicht sichtbar.

sind die entfernten oder verlorenen Daten (verschoben oder gelöscht durch Trojaner) zu wiederherstellen nicht mehr möglich
außerdem:

die Ursachen für die Verseuchung mit Malware wurden bereits gefunden, also Du wirst wohl dein System neu aufsetzen müssen...

Zitat:

(Riskware.Tool.CK)

Das Installieren von "nicht legal erworbene Software" ist eine ziemlich sichere Methode, ein Rechner zu infizieren:
Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, da durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, wir dürfen Dir nicht weiter helfen. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:-> Forumregel!
Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...

jc36206 · 08.11.2011, 22:13

ja dann "danke" (zur info:...bewusst habe ich keine illegale software eingesetzt...)

Nach BKA/Bundespolizei Virus : keine Taskleiste & keine Icons !!

Plagegeister aller Art und deren Bekämpfung: Nach BKA/Bundespolizei Virus : keine Taskleiste & keine Icons !!