Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: regedit und hijackthis sich lassen sich nicht öffnen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 09.12.2011, 12:07   #1
eichhorn
 
regedit und hijackthis sich lassen sich nicht öffnen - Standard

regedit und hijackthis sich lassen sich nicht öffnen



Hallo zusammen,

irgendwas ist komisch...
Angefangen hat´s damit, das ich über "Ausführen-regedit" die Registry öffnen wollte. Es erschien eine Zehntelsekunde die Sanduhr, dann geschah nichts weiter. Reg öffnete sich nicht, alles lief aber normal weiter. Auch über den Explorer war ein Öffnen von regedit.exe nicht möglich. Als nächstes hab ich HijackThis runtergeladen und installiert. Das hat geklappt, ein Öffnen von hijack (über Startmenü bzw. Explorer) war aber auch nicht möglich. Ich habe hijack.exe dann umbenannt (in pruef.com) und -juchuu-, er hat sich geöffnet. Hier das log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:25:42, on 09.12.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\AVG\AVG10\avgwdsvc.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Programme\AVG\AVG10\avgnsx.exe
C:\Programme\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\FreePDF_XP\fpassist.exe
C:\Programme\TOSHIBA\Tvs\TvsTray.exe
C:\Programme\TOSHIBA\TouchPad\TPTray.exe
C:\Programme\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\QuickTime\QTTask.exe
C:\Programme\AVG\AVG10\avgtray.exe
C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Programme\Messenger\msmsgs.exe
C:\Programme\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Programme\AVG\AVG10\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Programme\AVG\AVG10\avgcsrvx.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Mozilla Firefox\plugin-container.exe
C:\Programme\Trend Micro\HijackThis\pruef.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: 790151 helper - {22186AA4-E2A6-45E8-BF4F-5C103C0458B0} - C:\WINDOWS\system32\790151\790151.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Programme\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Tvs] C:\Programme\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TPNF] C:\Programme\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [PPort11reminder] "C:\Programme\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [routcnf] C:\Programme\DeTeWe\TA 33 USB\routcnf.exe /capiactive
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SYSDLL] SYSDLL
O4 - HKCU\..\Run: [SYS32DLL] SYS32DLL
O4 - HKCU\..\Run: [MSMSGS] "C:\Programme\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {D7783732-69C6-4A28-BE53-618CC4609617} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O10 - Unknown file in Winsock LSP: bmnet.dll
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/mail_upload_11213.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Programme\AVG\AVG10\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Ablagemappe ClipSrvALG (ClipSrvALG) - Unknown owner - C:\WINDOWS\system32\activedsn.exe (file missing)
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Update Service (gupdate1c9abbdc0535468) (gupdate1c9abbdc0535468) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe

--
End of file - 8671 bytes

Nun habe ich auch regedit.exe umbenannt in regeditpruef.com und -juchuu- konnt´s auch öffnen.

Ach ja: ich hab gestern mit AVG das System gescannt: kein Problem, kein Fehler, keine Infektion festgestellt.

Aber irgendwas ist doch faul!? Könnt ihr bitte helfen?
Vielen Dank!

Beste Grüße

eichhorn

Alt 11.12.2011, 11:11   #2
eichhorn
 
regedit und hijackthis sich lassen sich nicht öffnen - Standard

regedit und hijackthis sich lassen sich nicht öffnen



Hallo zusammen,

ich glaube, mein thread wurde übersehen...mag nochmal jemand sich mein Problem anschauen?

Beste Grüße

Eichhorn
__________________


Alt 12.12.2011, 17:40   #3
eichhorn
 
regedit und hijackthis sich lassen sich nicht öffnen - Standard

regedit und hijackthis sich lassen sich nicht öffnen



Aha, habe meinen Fehler erkannt. Nun hab´ich hoffentlich alle nötigen Schritte durchgeführt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.12.2011 17:05:02 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = d:\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014,42 Mb Total Physical Memory | 501,23 Mb Available Physical Memory | 49,41% Memory free
2,39 Gb Paging File | 1,95 Gb Available in Paging File | 81,87% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 50,15 Gb Total Space | 32,00 Gb Free Space | 63,82% Space Free | Partition Type: NTFS
Drive D: | 43,01 Gb Total Space | 5,82 Gb Free Space | 13,54% Space Free | Partition Type: NTFS
 
Computer Name: DEEPBLACK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.12 17:03:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- d:\***\Desktop\OTL.exe
PRC - [2011.12.07 12:44:48 | 000,220,744 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2011.09.10 05:28:50 | 002,338,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgtray.exe
PRC - [2011.09.09 02:10:56 | 001,082,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgnsx.exe
PRC - [2011.08.18 00:33:26 | 000,659,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgrsx.exe
PRC - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.05.23 13:13:04 | 000,657,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgchsvx.exe
PRC - [2011.03.16 15:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgemcx.exe
PRC - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG10\avgwdsvc.exe
PRC - [2009.09.22 20:47:19 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe
PRC - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.09.06 13:04:52 | 000,671,744 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Programme\Toshiba\E-KEY\CeEKey.exe
PRC - [2005.08.30 11:34:14 | 001,077,328 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\Touch and Launch\PadExe.exe
PRC - [2005.08.25 18:11:58 | 000,053,248 | ---- | M] (COMPAL ELECTRONIC INC.) -- C:\Programme\Toshiba\TouchPad\TPTray.exe
PRC - [2005.08.22 15:49:28 | 000,028,672 | ---- | M] (TOSHIBA) -- C:\WINDOWS\system32\TCtrlIOHook.exe
PRC - [2005.08.12 10:34:18 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005.08.06 10:18:38 | 000,978,944 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\NDSTray.exe
PRC - [2005.05.27 11:24:52 | 000,310,272 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2005.05.17 15:02:30 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2005.04.05 15:25:34 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe
PRC - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004.08.28 08:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.15 10:39:19 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MOD - [2011.10.15 10:39:03 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll
MOD - [2011.10.15 10:31:35 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\36c12de583ee81e9c99acb72b09d77ac\System.Security.ni.dll
MOD - [2011.10.15 10:31:29 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll
MOD - [2011.10.13 14:33:41 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011.10.13 14:30:43 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011.10.13 14:09:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011.02.10 06:55:18 | 001,148,256 | ---- | M] () -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2011.01.07 23:02:15 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.01.07 23:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2005.06.13 08:11:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005.06.06 08:51:24 | 000,024,576 | ---- | M] () -- C:\Programme\Toshiba\TouchPad\TPECioctl.dll
MOD - [2005.06.06 08:39:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\EKECioCtl.dll
MOD - [2005.06.03 18:32:00 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\EBLib.DLL
MOD - [2005.01.06 18:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2004.07.20 16:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002.11.26 13:43:18 | 000,106,496 | ---- | M] () -- C:\WINDOWS\system32\BrMuSNMP.dll
MOD - [2001.10.28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [Auto | Stopped] --  -- (ClipSrvALG)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.09.01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.08.18 00:33:06 | 007,390,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.02.08 04:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009.09.11 11:33:54 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService)
SRV - [2008.10.24 14:17:52 | 000,145,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.01.18 00:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2004.08.28 08:33:00 | 000,110,592 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.27 18:05:44 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.04 23:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 15:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 13:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 07:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 06:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 06:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 05:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.06.29 17:00:50 | 000,112,640 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 17:00:50 | 000,102,656 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 12:38:30 | 000,102,400 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.03.25 16:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009.03.25 16:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009.03.25 16:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009.03.25 16:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009.03.25 16:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009.03.25 16:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009.03.25 16:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008.10.09 12:50:04 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2005.07.29 08:55:46 | 000,030,592 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2005.06.23 17:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.06.21 06:08:44 | 002,324,480 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.06.03 18:49:42 | 000,009,600 | ---- | M] (TOSHIBA ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPwSav.sys -- (TPwSav)
DRV - [2005.06.02 11:33:00 | 000,102,384 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2005.04.30 15:01:56 | 003,281,408 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R)
DRV - [2005.03.24 15:36:54 | 000,008,192 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2005.03.05 13:02:20 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.03.04 19:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.11.16 00:22:08 | 000,101,874 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.07.30 14:05:08 | 000,006,400 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSIOMngr.sys -- (SrvcSSIOMngr)
DRV - [2003.09.19 00:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.01.29 22:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1319
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: C:\Programme\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.08.04 21:27:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.09.19 21:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG10\Firefox4\ [2011.12.08 21:15:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.24 21:18:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.12 09:20:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.29 12:32:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mail@gutscheinrausch.de: d:\***\Anwendungsdaten\Mozilla\Firefox\Profiles\2zfr6kfm.default\extensions\mail@gutscheinrausch.de [2011.12.04 17:14:30 | 000,000,000 | ---D | M]
 
[2010.10.27 08:47:19 | 000,000,000 | ---D | M] (No name found) -- d:\***\Anwendungsdaten\Mozilla\Extensions
[2010.10.27 08:47:19 | 000,000,000 | ---D | M] (No name found) -- d:\***\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.12.04 17:14:22 | 000,000,000 | ---D | M] (No name found) -- d:\***\Anwendungsdaten\Mozilla\Firefox\Profiles\2zfr6kfm.default\extensions
[2011.03.03 10:53:27 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- d:\***\Anwendungsdaten\Mozilla\Firefox\Profiles\2zfr6kfm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.12.04 17:14:30 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- d:\***\Anwendungsdaten\Mozilla\Firefox\Profiles\2zfr6kfm.default\extensions\mail@gutscheinrausch.de
[2011.11.24 21:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.24 21:18:04 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.07.04 23:22:19 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2006.10.27 20:43:57 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\mozilla firefox\plugins\npgcplug.dll
[2005.04.27 21:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\mozilla firefox\plugins\npracplug.dll
[2011.10.21 15:30:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.21 15:30:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.21 15:30:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.21 15:30:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.21 15:30:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.21 15:30:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (790151 Class) - {22186AA4-E2A6-45E8-BF4F-5C103C0458B0} - C:\WINDOWS\system32\790151\790151.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CeEKEY] C:\Programme\Toshiba\E-KEY\CeEKey.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HWSetup] C:\Programme\TOSHIBA\TOSHIBA Applet\HWSetup.exe (TOSHIBA CO.,LTD.)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [PadTouch] C:\Programme\Toshiba\Touch and Launch\PadExe.exe (TOSHIBA)
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [routcnf] C:\Programme\DeTeWe\TA 33 USB\routcnf.exe /capiactive File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SVPWUTIL] C:\Programme\Toshiba\Windows Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [TCtryIOHook] C:\WINDOWS\System32\TCtrlIOHook.exe (TOSHIBA)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TPNF] C:\Programme\Toshiba\TouchPad\TPTray.exe (COMPAL ELECTRONIC INC.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKCU..\Run: [SYS32DLL] SYS32DLL File not found
O4 - HKCU..\Run: [SYSDLL] SYSDLL File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\mswsock.dll File not found
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{33D4FF01-8C52-4073-A503-E7A77075AA7E}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: d:\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: d:\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\a2service.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\autoruns.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\AvMonitor.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\AVP32.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\CCenter.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\ekrn.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\HijackThis.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KASMain.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KASTask.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KAV32.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KAVDX.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KAVPFW.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KAVStart.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\KPFW32X.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Navapsvc.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Navapw32.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\NAVNT.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\NAVW32.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\NAVWNT.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\outpost.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\regedit.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.09.12 12:08:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.01.26 17:19:58 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{9fafc9f0-a006-11df-a789-0016d429526f}\Shell - "" = AutoRun
O33 - MountPoints2\{9fafc9f0-a006-11df-a789-0016d429526f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fafc9f0-a006-11df-a789-0016d429526f}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9fafc9f1-a006-11df-a789-0016d429526f}\Shell - "" = AutoRun
O33 - MountPoints2\{9fafc9f1-a006-11df-a789-0016d429526f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9fafc9f1-a006-11df-a789-0016d429526f}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: BrMfcWnd - hkey= - key= - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: ccApp - hkey= - key= -  File not found
MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: NapsterShell - hkey= - key= -  File not found
MsConfig - StartUpReg: NeroCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SmoothView - hkey= - key= - C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: sysldtray - hkey= - key= -  File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: TOSCDSPD - hkey= - key= - C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
MsConfig - StartUpReg: Zooming - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.12 17:03:21 | 000,584,192 | ---- | C] (OldTimer Tools) -- d:\***\Desktop\OTL.exe
[2011.12.10 21:48:43 | 000,000,000 | ---D | C] -- d:\***\Lokale Einstellungen\Anwendungsdaten\PDF24
[2011.12.10 21:48:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PDF24
[2011.12.10 21:47:55 | 000,000,000 | ---D | C] -- C:\Programme\PDF24
[2011.12.05 10:37:35 | 000,000,000 | ---D | C] -- d:\***\Startmenü\Programme\Axialis Software
[2011.12.05 10:37:18 | 000,000,000 | R--D | C] -- d:\***\Eigene Dateien\Axialis Librarian
[2011.12.05 10:37:17 | 000,000,000 | ---D | C] -- d:\***\Anwendungsdaten\Axialis
[2011.12.05 10:37:05 | 000,000,000 | ---D | C] -- C:\Programme\Axialis
[2011.12.05 10:36:54 | 000,000,000 | ---D | C] -- d:\***\Lokale Einstellungen\Anwendungsdaten\Axialis
[2011.12.04 17:14:49 | 000,000,000 | ---D | C] -- C:\Programme\forgesoft
[2011.12.04 17:14:22 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\WINDOWS\System32\dhRichClient3.dll
[2011.11.20 09:42:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2011.10.31 10:48:19 | 001,382,304 | ---- | C] (DownVision                                                  ) -- d:\***\Lokale Einstellungen\Anwendungsdaten\setup.exe
[2006.10.27 20:44:01 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.12 17:03:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- d:\***\Desktop\OTL.exe
[2011.12.12 17:01:43 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.12 17:01:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.12 17:01:12 | 1063,768,064 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.12 16:57:57 | 000,000,000 | ---- | M] () -- d:\***\defogger_reenable
[2011.12.12 16:57:02 | 000,050,477 | ---- | M] () -- d:\***\Desktop\Defogger.exe
[2011.12.12 10:10:07 | 090,524,189 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.12.12 10:10:07 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjw.avm
[2011.12.10 21:56:54 | 000,635,029 | ---- | M] () -- d:\***\Desktop\Bewerbung Reischstrasse - ***.pdf
[2011.12.10 21:48:05 | 000,001,495 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk
[2011.12.10 21:31:31 | 000,007,547 | ---- | M] () -- d:\***\Desktop\Anschreiben ***.pdf
[2011.12.09 11:43:34 | 000,002,855 | ---- | M] () -- C:\WINDOWS\Verknüpfung mit regeditpruef.com.pif
[2011.12.08 21:35:57 | 000,037,354 | ---- | M] () -- d:\***\Desktop\Selbstauskunft.pdf
[2011.12.08 21:15:10 | 000,000,686 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2011.lnk
[2011.12.05 10:37:50 | 000,000,740 | ---- | M] () -- d:\***\Desktop\Axialis IconWorkshop.lnk
[2011.12.04 17:14:51 | 000,000,702 | ---- | M] () -- d:\***\Desktop\InstallForge.lnk
[2011.11.20 09:42:43 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011.11.17 20:58:04 | 000,002,401 | ---- | M] () -- d:\***\Desktop\Vodafone Mobile Connect.lnk
[2011.11.14 21:21:49 | 000,012,352 | ---- | M] () -- d:\***\Desktop\Bestellung Geburtsurkunde.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.12 16:57:57 | 000,000,000 | ---- | C] () -- d:\***\defogger_reenable
[2011.12.12 16:57:01 | 000,050,477 | ---- | C] () -- d:\***\Desktop\Defogger.exe
[2011.12.10 21:56:54 | 000,635,029 | ---- | C] () -- d:\***\Desktop\Bewerbung Reischstrasse - ***.pdf
[2011.12.10 21:48:05 | 000,001,495 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk
[2011.12.10 21:15:32 | 000,007,547 | ---- | C] () -- d:\***\Desktop\Anschreiben ***.pdf
[2011.12.09 11:43:34 | 000,002,855 | ---- | C] () -- C:\WINDOWS\Verknüpfung mit regeditpruef.com.pif
[2011.12.08 21:35:57 | 000,037,354 | ---- | C] () -- d:\***\Desktop\Selbstauskunft.pdf
[2011.12.05 10:37:50 | 000,000,740 | ---- | C] () -- d:\***\Desktop\Axialis IconWorkshop.lnk
[2011.12.04 17:14:51 | 000,000,702 | ---- | C] () -- d:\***\Desktop\InstallForge.lnk
[2011.12.04 17:14:22 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2011.11.20 09:42:43 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2011.11.14 21:21:49 | 000,012,352 | ---- | C] () -- d:\***\Desktop\Bestellung Geburtsurkunde.pdf
[2011.10.31 10:47:45 | 000,459,088 | ---- | C] () -- d:\***\Lokale Einstellungen\Anwendungsdaten\promo.exe
[2011.08.13 11:27:07 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\READER_SL.EXE
[2011.05.22 23:15:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TPTray.INI
[2010.11.24 20:24:16 | 000,000,487 | ---- | C] () -- C:\WINDOWS\Capictrl.INI
[2010.11.24 20:16:55 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2010.11.11 00:29:43 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010.11.11 00:29:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2010.11.10 22:03:22 | 000,000,236 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010.11.10 22:03:22 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010.11.10 22:03:01 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.11.10 22:03:01 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010.11.10 22:02:19 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat
[2010.11.10 22:02:11 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010.11.10 21:57:14 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010.06.10 10:45:30 | 000,146,668 | ---- | C] () -- C:\WINDOWS\hpoins44.dat
[2010.06.10 10:45:29 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hpomdl44.dat
[2010.02.17 22:46:46 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.06.16 12:25:02 | 000,121,512 | R--- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4
[2009.05.30 09:39:05 | 000,000,946 | ---- | C] () -- d:\***\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html
[2009.05.26 22:32:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009.05.26 16:09:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\st_1243365435.exe
[2009.05.26 16:09:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\st_1243361828.exe
[2009.05.20 17:42:00 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\sto452730.dat
[2009.05.19 23:17:56 | 000,000,393 | ---- | C] () -- C:\WINDOWS\st_1242773472.exe
[2009.05.19 23:17:56 | 000,000,392 | ---- | C] () -- C:\WINDOWS\st_1242780988.exe
[2009.05.19 21:54:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\st_1242774371.exe
[2009.05.19 21:54:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\st_1242781136.exe
[2009.05.19 20:05:28 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\sto453250.dat
[2009.05.19 15:33:12 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\sto453143.dat
[2009.05.19 15:33:11 | 000,005,437 | ---- | C] () -- C:\WINDOWS\st_1242745356.exe
[2009.05.19 15:33:10 | 000,005,445 | ---- | C] () -- C:\WINDOWS\st_1242754088.exe
[2009.05.18 18:22:43 | 000,000,002 | -H-- | C] () -- C:\WINDOWS\sto453190.dat
[2009.01.19 14:13:56 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2007.09.29 09:24:25 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.09.01 20:35:05 | 000,000,743 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007.07.24 09:41:09 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.07.08 10:47:41 | 004,215,160 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007.07.05 08:38:43 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.03.18 14:12:28 | 000,000,253 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.11.18 13:42:31 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2006.11.18 13:42:31 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2006.10.22 22:19:34 | 000,020,532 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2006.10.13 18:14:19 | 000,000,173 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2006.10.13 18:13:56 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006.10.12 19:48:21 | 000,138,752 | ---- | C] () -- d:\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.12 11:58:48 | 000,000,110 | ---- | C] () -- d:\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006.10.09 18:48:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006.10.09 18:48:47 | 000,003,392 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2005.09.15 08:34:22 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.09.15 08:17:04 | 000,000,466 | ---- | C] () -- C:\WINDOWS\TBTdetect.ini
[2005.09.15 07:02:27 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.09.14 15:26:44 | 000,000,257 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.09.14 15:24:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2005.09.14 15:24:18 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005.09.14 15:24:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005.09.14 15:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005.09.14 15:24:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005.09.14 15:24:18 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005.09.14 15:24:18 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005.09.14 15:16:49 | 000,051,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\WOWXT_kern_i386.sys
[2005.09.14 15:16:49 | 000,029,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSXT_kern_i386.sys
[2005.09.14 14:34:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CeEKey.INI
[2005.09.14 14:28:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\EBLib.DLL
[2005.09.14 10:36:50 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.09.14 10:36:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005.09.14 10:36:42 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005.09.14 10:36:42 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005.09.14 10:36:42 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxeq.dat
[2005.09.14 10:35:11 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2005.09.14 10:35:11 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2005.09.14 10:35:11 | 000,010,161 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2005.09.14 10:35:11 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2005.09.12 13:00:28 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.09.12 12:59:35 | 000,247,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.09.12 12:17:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005.09.12 12:10:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.09.12 12:05:40 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.09.12 10:36:46 | 000,159,744 | ---- | C] () -- C:\WINDOWS\MakeMrk.exe
[2005.09.12 10:36:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ToshBIOS.dll
[2005.09.12 10:36:46 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.09.12 10:36:34 | 000,457,596 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2005.09.12 10:36:34 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2005.09.12 10:36:34 | 000,084,026 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2005.09.12 10:36:34 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2005.09.12 10:36:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005.09.12 10:36:16 | 000,439,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005.09.12 10:36:16 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005.09.12 10:36:16 | 000,070,698 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005.09.12 10:36:16 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005.09.12 10:36:15 | 000,004,631 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005.09.12 10:36:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005.09.12 10:36:12 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.09.12 10:36:09 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005.09.12 10:36:09 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005.09.12 10:36:06 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005.09.12 10:35:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005.08.11 03:02:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005.08.02 09:39:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\HWS_Ctrl.dll
[2005.06.20 09:24:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2005.06.13 08:11:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\TCtrlIO.dll
[2005.06.06 08:44:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SPCtl.dll
[2005.06.06 08:39:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\EKECioCtl.dll
[2004.12.02 14:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2004.09.22 09:09:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004.07.20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004.01.15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003.07.29 14:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
 
========== LOP Check ==========
 
[2010.11.13 21:51:55 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\AVG10
[2011.12.05 10:37:17 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\Axialis
[2011.02.15 20:59:05 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\GetRightToGo
[2011.05.18 11:02:41 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\Imaxel
[2006.10.12 11:58:55 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\InterVideo
[2008.01.05 12:50:43 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\iScreensaver
[2011.02.15 21:01:19 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\KeePass
[2007.06.17 10:09:46 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\Leadertech
[2011.07.04 23:18:08 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\MyPhoneExplorer
[2011.09.02 22:14:53 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\MZTools Software
[2011.07.04 22:21:40 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\OpenCandy
[2010.09.27 09:33:45 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\OpenOffice.org
[2007.07.27 16:46:36 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\Thunderbird
[2006.10.12 11:58:53 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\toshiba
[2009.05.05 08:59:26 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\Transcend
[2010.08.04 21:28:21 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\Vodafone
[2010.08.05 23:03:21 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\Vodafone Mobile Connect
[2008.06.26 15:07:36 | 000,000,000 | ---D | M] -- d:\***\Anwendungsdaten\WEBDE
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.03.11 21:34:26 | 000,000,000 | -H-D | M] -- C:\$AVG
[2010.06.16 16:08:36 | 000,000,000 | ---D | M] -- C:\b0226bc7daad4e94c8
[2011.12.08 21:16:23 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2007.01.08 23:56:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2006.12.08 12:23:00 | 000,000,000 | ---D | M] -- C:\Haufe
[2006.04.11 01:21:22 | 000,000,000 | ---D | M] -- C:\I386
[2007.02.14 12:33:07 | 000,000,000 | ---D | M] -- C:\***
[2010.01.27 20:24:18 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.10.14 13:39:46 | 000,000,000 | ---D | M] -- C:\My Music
[2009.03.23 14:47:54 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.12.12 16:56:22 | 000,000,000 | R--D | M] -- C:\Programme
[2006.10.09 18:53:58 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.05.26 22:14:48 | 000,000,000 | ---D | M] -- C:\SAV32CLI
[2009.05.26 15:57:21 | 000,000,000 | ---D | M] -- C:\savwsa
[2006.04.11 01:28:08 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2006.10.09 18:41:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.10.16 21:46:34 | 000,000,000 | ---D | M] -- C:\Temp
[2006.10.09 18:40:58 | 000,000,000 | ---D | M] -- C:\TOOLSCD
[2011.12.12 13:57:58 | 000,000,000 | ---D | M] -- C:\unzipped
[2006.04.11 01:33:15 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2011.12.10 22:01:21 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2004.08.04 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.09.06 15:10:01 | 001,859,072 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-10 22:17:42

< End of report >
         
--- --- ---


Gleich kommt hoffentlich auch noch der gmer-Bericht...

Grüße

eichhorn
__________________

Alt 12.12.2011, 20:03   #4
eichhorn
 
regedit und hijackthis sich lassen sich nicht öffnen - Standard

regedit und hijackthis sich lassen sich nicht öffnen



...nun sollte alles da sein...

Könnte sich dies jemand anschauen?

Vielen Dank und beste Grüße

eichhorn

Antwort

Themen zu regedit und hijackthis sich lassen sich nicht öffnen
adobe, avg, avg security toolbar, bho, ebay, einstellungen, excel, explorer, fehler, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, launch, log file, mozilla, nicht öffnen, plug-in, problem, registry, sanduhr, security, software, system, usb, vodafone, windows, windows xp




Ähnliche Themen: regedit und hijackthis sich lassen sich nicht öffnen


  1. Avira Antivir lässt sich nicht mehr installieren/ Programme lassen sich nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2015 (10)
  2. Browser lassen sich nicht öffnen..
    Log-Analyse und Auswertung - 03.07.2012 (1)
  3. Programme lassen sich nicht mehr öffnen -> löschen sich bei Öffnungsversuch
    Plagegeister aller Art und deren Bekämpfung - 01.12.2011 (29)
  4. Ordner auf Externer WD HDMI Festplatte lassen sich nicht mehr öffnen, PC hängt sich auf
    Netzwerk und Hardware - 17.11.2011 (14)
  5. Antivirenprogramme lassen sich nicht öffnen und Werbeantivirenprogramme melden sich ständig
    Plagegeister aller Art und deren Bekämpfung - 11.07.2011 (3)
  6. Fenster verkleinern/verstecken sich, lassen sich nicht mehr öffnen
    Plagegeister aller Art und deren Bekämpfung - 28.12.2010 (2)
  7. Task-Manager und regedit lassen sich nicht öffnen
    Log-Analyse und Auswertung - 22.10.2010 (5)
  8. SECURITY TOOL WARNUNG öffnet sich andauernd! Malwarebytes und HiJackThis lassen sich nicht posten!
    Plagegeister aller Art und deren Bekämpfung - 04.10.2010 (1)
  9. Browser lassen sich nicht öffnen!
    Log-Analyse und Auswertung - 09.09.2010 (17)
  10. HijackThis logfile - Taskmanager und regedit lässt sich nicht aktivieren!
    Log-Analyse und Auswertung - 30.07.2009 (3)
  11. Taskmanager und Regedit lassen sich nicht mehr ausführen
    Log-Analyse und Auswertung - 22.03.2009 (0)
  12. msconfig, regedit, task manager etc. lassen sich nicht starten
    Log-Analyse und Auswertung - 17.03.2009 (3)
  13. Einstellungen lassen sich nciht mehr ändern, div. webseiten lassen sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 23.02.2009 (82)
  14. Taskmanager und Regedit lässt sich nicht öffnen
    Plagegeister aller Art und deren Bekämpfung - 21.02.2009 (20)
  15. Taskmanager und regedit lassen sich nicht öffnen
    Log-Analyse und Auswertung - 04.10.2008 (4)
  16. Links lassen sich nicht öffnen!
    Alles rund um Windows - 17.02.2007 (5)
  17. Dateien lassen sich nicht öffnen
    Log-Analyse und Auswertung - 01.09.2006 (3)

Zum Thema regedit und hijackthis sich lassen sich nicht öffnen - Hallo zusammen, irgendwas ist komisch... Angefangen hat´s damit, das ich über "Ausführen-regedit" die Registry öffnen wollte. Es erschien eine Zehntelsekunde die Sanduhr, dann geschah nichts weiter. Reg öffnete sich nicht, - regedit und hijackthis sich lassen sich nicht öffnen...
Archiv
Du betrachtest: regedit und hijackthis sich lassen sich nicht öffnen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.