Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows - Delayed Write Failed/Windows detected a hard disk problem

Windows - Delayed Write Failed/Windows detected a hard disk problem


Log-Analyse und Auswertung: Windows - Delayed Write Failed/Windows detected a hard disk problem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 11.12.2011, 00:56   #1
Jilrain
 
Windows - Delayed Write Failed/Windows detected a hard disk problem - Standard

Windows - Delayed Write Failed/Windows detected a hard disk problem


Guten Abend,

vor etwa einer Stunde gab mir Avira die Meldung ein Virus entdeckt zu haben.
Daraufhin verschob ich diesen in Quaratäne und ab da fing der ärger an:

Es tauchten zig Pop-Ups auf mit dem Text:
"Windows - Delayed Write Failed: Failed to save all components for file..."

kurz danach dann das Pop-Ups:
"Windows detected a hard disk problem - A potential disk failure may cause"


sämtliche Icons vom Desktop sind verschwunden ebenso wie im Startmenü.
Kann auf nichts Zugreiffen: zb. Bilder, Musik und Videos sind nicht auffindbar.

Wäre es möglich die Datein wieder auffindbar zu machen und diesen unliebsamen Mitbewohner wieder loszuwerden?

Ich hätte ehrlich gesagt auch kein Problem das System neuaufzusetzen aber es wäre doch schön vorher ein paar Daten retten zu können.


Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:12 on 11/12/2011 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
OTL

Code:
ATTFilter
OTL logfile created on: 11.12.2011 00:35:04 - Run 6
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,49 Mb Total Physical Memory | 823,34 Mb Available Physical Memory | 80,44% Memory free
1,65 Gb Paging File | 1,60 Gb Available in Paging File | 96,46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 153,38 Gb Total Space | 59,28 Gb Free Space | 38,65% Space Free | Partition Type: NTFS
Drive E: | 7,53 Gb Total Space | 7,47 Gb Free Space | 99,13% Space Free | Partition Type: FAT32
 
Computer Name: BESITZER-1903BA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (osppsvc) --  File not found
SRV - (ose) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (WinTabService) -- C:\WINDOWS\System32\Drivers\WTSRV.EXE (Tablet Driver)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe ()
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ss_bmdm) -- C:\WINDOWS\system32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\WINDOWS\system32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (UCTblHid) -- C:\WINDOWS\system32\drivers\UCTblHid.sys (Tablet Driver)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (tapvpn) -- C:\WINDOWS\system32\drivers\tapvpn.sys (The OpenVPN Project)
DRV - (motccgp) -- C:\WINDOWS\system32\drivers\motccgp.sys (Motorola)
DRV - (MotDev) -- C:\WINDOWS\system32\drivers\motodrv.sys (Motorola Inc)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (PTSimBus) -- C:\WINDOWS\system32\drivers\PTSimBus.sys (PenTablet Driver)
DRV - (TClass2k) -- C:\WINDOWS\system32\drivers\TClass2k.sys (Tablet Driver)
DRV - (PTSimHid) -- C:\WINDOWS\system32\drivers\PTSimHid.sys (PenTablet Driver)
DRV - (motccgpfl) -- C:\WINDOWS\system32\drivers\motccgpfl.sys (Motorola)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (nvnforce) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) Service for NVIDIA(R) nForce(TM) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Programme\TVUPlayer\npTVUAx.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.11 02:40:44 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.12 11:53:41 | 000,000,000 | -H-D | M]
 
[2011.11.11 02:41:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.21 12:32:13 | 000,000,000 | -H-D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.11.11 02:40:43 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2007.12.19 13:57:38 | 000,310,272 | -H-- | M] () -- C:\Programme\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2011.10.14 21:54:31 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.14 21:54:31 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.14 21:54:31 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.14 21:54:31 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.14 21:54:31 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.14 21:54:31 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.10 22:31:40 | 000,000,818 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [TaRwjfMMKY.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TaRwjfMMKY.exe ()
O4 - HKCU..\RunOnce: [NeroHomeFirstStart] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMFirstStart.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\IMVU\Run IMVU.lnk ()
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196429522281 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196508630062 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E1D59843-C136-4079-AB45-FC9CD0C905E7}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - C:\Programme\Gemeinsame Dateien\Stardock\MCPCore.dll (Stardock)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.11.28 09:45:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2CD1B14D-DB2B-62D4-9FFE-557B7F6947C0} - Browser Customizations
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {49353D2A-BE01-E073-4654-17188E942F1A} - Vektorgrafik-Rendering (VML)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {FE2F098D-5AAA-44BA-FF11-359ADD854371} - Outlook Express
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{3614C4B5-F86C-4D95-8C30-15840EEAF6F7} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Gamma Loader.lnk -  - File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AOLDialer - hkey= - key= -  File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= -  File not found
MsConfig - StartUpReg: EPSON Stylus CX3600 Series - hkey= - key= -  File not found
MsConfig - StartUpReg: HostManager - hkey= - key= -  File not found
MsConfig - StartUpReg: ICQ Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: NVMixerTray - hkey= - key= - C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found
MsConfig - StartUpReg: TkBellExe - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.10 20:32:31 | 000,584,192 | -H-- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.11.21 14:18:22 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nem's Tools
[2011.11.21 14:18:22 | 000,000,000 | ---D | C] -- C:\Programme\Nem's Tools
[2011.11.18 21:28:52 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2011.11.18 18:41:17 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.11 00:33:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.11 00:31:34 | 000,000,498 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.12.11 00:31:29 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-789336058-616249376-1801674531-1003.job
[2011.12.10 22:49:22 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EDA1E831-79E7-4BFA-9AB9-E86D160F3DF7}.job
[2011.12.10 22:31:40 | 000,000,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.12.10 20:33:02 | 000,000,000 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.12.10 15:51:21 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.10 15:08:34 | 000,584,192 | -H-- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.12.10 13:57:13 | 000,441,480 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TaRwjfMMKY.exe
[2011.12.10 04:13:02 | 000,001,222 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-616249376-1801674531-1003UA.job
[2011.12.08 15:13:01 | 000,001,170 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-616249376-1801674531-1003Core.job
[2011.12.04 15:50:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-789336058-616249376-1801674531-1003.job
[2011.11.12 15:53:14 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.10 20:33:02 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.12.10 14:00:15 | 000,441,480 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TaRwjfMMKY.exe
[2011.11.29 15:08:32 | 000,001,222 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-616249376-1801674531-1003UA.job
[2011.11.29 15:08:32 | 000,001,170 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-616249376-1801674531-1003Core.job
[2011.11.10 13:13:44 | 000,146,296 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.09.29 14:33:52 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2011.08.30 03:08:29 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011.07.08 19:05:00 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011.02.06 17:44:14 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\XSIChooser.exe
[2010.12.23 15:31:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.12.23 15:31:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.12.23 15:31:42 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.09.15 14:56:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.09.15 14:56:08 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.06.06 13:35:26 | 000,001,832 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2010.05.29 13:10:30 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.05.29 12:23:13 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2010.05.29 12:23:13 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2010.05.24 21:33:20 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010.04.29 22:52:52 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DeskTopBird_K.ini
[2010.01.14 20:18:58 | 000,005,018 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.01.14 20:18:58 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CD490CFFA2.sys
[2010.01.10 06:32:11 | 000,003,843 | ---- | C] () -- C:\WINDOWS\Tablet8000x6000.ini
[2009.12.19 19:57:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009.10.23 01:27:56 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL
[2009.09.18 17:19:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\GOTSCHI.INI
[2009.09.15 12:53:50 | 000,025,809 | ---- | C] () -- C:\WINDOWS\Sysvxd.exe
[2009.08.06 03:16:51 | 000,062,976 | ---- | C] () -- C:\WINDOWS\DTDraw.dll
[2009.07.29 15:42:51 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2009.07.28 15:08:29 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2009.07.17 14:31:06 | 000,000,673 | ---- | C] () -- C:\WINDOWS\VAMPIRE.INI
[2009.06.12 09:04:18 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\WinTab32.dll
[2009.05.17 20:55:02 | 000,000,114 | ---- | C] () -- C:\WINDOWS\winzipme.ini
[2009.05.17 20:54:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\addurl41.DLL
[2009.05.17 20:54:32 | 000,018,432 | ---- | C] () -- C:\WINDOWS\System32\winwatch.DLL
[2009.04.21 23:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.03.25 15:53:33 | 000,000,045 | ---- | C] () -- C:\WINDOWS\dsez3265.dat
[2009.03.13 11:04:44 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\UCMfg.exe
[2009.01.14 05:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2009.01.14 05:05:09 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.01.14 05:05:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008.12.20 03:48:03 | 000,472,576 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v4.8.442 Uninstall.exe
[2008.10.29 23:13:33 | 000,180,720 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008.10.18 01:04:44 | 000,120,286 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat
[2008.10.16 01:45:24 | 000,000,023 | -HS- | C] () -- C:\WINDOWS\System32\bfefaefddbd_z.dll
[2008.09.15 20:19:59 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\wk32.dll
[2008.09.15 20:19:59 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\ic32.dll
[2008.09.12 19:42:46 | 000,155,632 | ---- | C] () -- C:\WINDOWS\HPHins15.dat
[2008.09.12 19:42:46 | 000,002,828 | ---- | C] () -- C:\WINDOWS\hphmdl15.dat
[2008.09.10 13:03:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008.09.05 22:33:11 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2008.09.03 14:23:21 | 000,028,076 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008.08.31 21:39:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WB.ini
[2008.08.30 19:40:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008.08.30 17:09:58 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.08.23 02:01:16 | 000,000,678 | ---- | C] () -- C:\WINDOWS\nvrph.ini
[2008.08.23 01:58:18 | 000,000,229 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2008.08.23 01:56:51 | 000,000,923 | ---- | C] () -- C:\WINDOWS\nvrbm.ini
[2008.08.23 01:53:50 | 000,035,328 | ---- | C] () -- C:\WINDOWS\INETWH32.DLL
[2008.08.23 01:53:50 | 000,009,136 | ---- | C] () -- C:\WINDOWS\INETWH16.DLL
[2008.08.23 01:53:50 | 000,004,528 | ---- | C] () -- C:\WINDOWS\SETBROWS.EXE
[2008.08.22 21:18:06 | 000,000,848 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008.08.22 18:22:05 | 000,147,456 | ---- | C] () -- C:\WINDOWS\AVUNTOOL.EXE
[2008.08.01 03:45:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2008.08.01 03:43:45 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2008.08.01 03:42:14 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.08.01 03:41:53 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.05.06 13:42:57 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2008.05.06 13:42:57 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2008.05.06 13:42:56 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008.05.06 13:41:58 | 000,172,544 | ---- | C] () -- C:\WINDOWS\Mgxclean.exe
[2008.03.19 22:05:14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008.03.13 18:17:19 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.03.12 15:11:10 | 000,059,056 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll
[2008.03.12 02:49:10 | 000,000,499 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008.02.29 22:51:27 | 000,000,142 | ---- | C] () -- C:\WINDOWS\ktel.ini
[2008.02.26 15:40:16 | 000,823,808 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2008.02.26 15:40:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008.02.26 15:40:16 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2008.02.26 15:40:16 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2008.02.26 15:40:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lexazdll32.dll
[2007.12.31 01:25:43 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.12.23 01:41:26 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007.12.23 00:57:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2007.12.23 00:54:12 | 000,451,072 | ---- | C] () -- C:\WINDOWS\Radeon Omega Drivers v3.8.421 Uninstall.exe
[2007.12.13 21:30:43 | 000,000,053 | ---- | C] () -- C:\WINDOWS\hw.ini
[2007.12.12 22:59:46 | 000,001,030 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2007.12.04 15:51:14 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007.12.04 15:51:14 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2007.12.04 15:51:14 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007.12.04 15:50:54 | 000,030,605 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007.12.04 15:50:54 | 000,027,030 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007.12.04 15:50:54 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007.12.04 15:48:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE CX3600FGD.ini
[2007.11.30 19:27:36 | 000,003,260 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.11.30 19:27:34 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.11.30 15:02:57 | 000,002,811 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007.11.30 14:14:49 | 000,000,305 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007.11.30 13:41:58 | 000,000,725 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk
[2007.11.30 13:40:00 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007.11.28 09:48:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.11.28 09:42:55 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007.11.07 16:24:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\dzwrapper.dll
[2007.11.07 16:20:24 | 008,704,000 | ---- | C] () -- C:\WINDOWS\System32\dzcore.dll
[2007.11.07 16:06:26 | 006,131,712 | ---- | C] () -- C:\WINDOWS\System32\daz-qt-mt.dll
[2007.11.07 16:06:26 | 001,785,856 | ---- | C] () -- C:\WINDOWS\System32\daz-qsa.dll
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2007.06.05 12:20:32 | 000,177,704 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2007.04.24 18:31:12 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\ucinst32.dll
[2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.02.28 13:00:00 | 000,495,158 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.02.28 13:00:00 | 000,471,608 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.02.28 13:00:00 | 000,100,538 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.02.28 13:00:00 | 000,084,054 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.09.15 23:40:22 | 000,160,768 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2004.05.10 14:33:46 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lhtool.exe
[2002.01.01 00:18:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002.01.01 00:17:38 | 002,110,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.05.26 01:47:48 | 000,000,000 | ---D | M] -- C:\0a598f5da1d8919483587e
[2011.08.30 02:52:09 | 000,000,000 | ---D | M] -- C:\ATI
[2011.11.18 21:28:52 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2010.04.19 02:49:37 | 000,000,000 | ---D | M] -- C:\DarkShot
[2010.11.14 22:28:10 | 000,000,000 | ---D | M] -- C:\Documents
[2010.06.13 00:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2011.01.22 21:14:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.06.03 12:12:57 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.12.28 17:57:03 | 000,000,000 | ---D | M] -- C:\Fraps
[2007.11.30 13:41:07 | 000,000,000 | ---D | M] -- C:\My Music
[2011.01.11 19:37:16 | 000,000,000 | ---D | M] -- C:\Neuer Ordner
[2007.11.28 18:01:47 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.02.06 23:10:40 | 000,000,000 | ---D | M] -- C:\Program Files
[2008.09.11 21:06:44 | 000,000,000 | ---D | M] -- C:\ProgramData
[2011.12.10 23:55:40 | 000,000,000 | ---D | M] -- C:\Programme
[2010.01.27 23:23:06 | 000,000,000 | ---D | M] -- C:\Razorworks
[2011.01.22 21:16:34 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.02.06 17:59:57 | 000,000,000 | ---D | M] -- C:\Softimage
[2008.12.20 04:17:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.08.16 22:58:26 | 000,000,000 | ---D | M] -- C:\TEMP
[2011.02.06 17:50:47 | 000,000,000 | ---D | M] -- C:\users
[2011.11.11 19:59:38 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[8 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: AFD.SYS  >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.13 20:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2006.02.28 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtUninstallKB951748_0$\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\$NtUninstallKB956803_0$\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2006.02.28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: IPSEC.SYS  >
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 20:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006.02.28 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
< MD5 for: REGEDIT.EXE  >
[2006.02.28 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 03:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.06.06 12:35:26 | 001,859,072 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-08-31 03:55:42
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:70F32378
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C8B8CEBD

< End of report >

Extra:
Code:
ATTFilter
OTL Extras logfile created on: 11.12.2011 00:35:04 - Run 6
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,49 Mb Total Physical Memory | 823,34 Mb Available Physical Memory | 80,44% Memory free
1,65 Gb Paging File | 1,60 Gb Available in Paging File | 96,46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 153,38 Gb Total Space | 59,28 Gb Free Space | 38,65% Space Free | Partition Type: NTFS
Drive E: | 7,53 Gb Total Space | 7,47 Gb Free Space | 99,13% Space Free | Partition Type: FAT32
 
Computer Name: BESITZER-1903BA | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Betrachten mit XnView] -- "C:\Programme\XnView\xnview.exe" "%1" (XnView, hxxp://www.xnview.com)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Disabled:Adobe CSI CS4
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.0\ICQ.exe" = C:\Programme\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"C:\Programme\ICQ7.0\aolload.exe" = C:\Programme\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5 -- (ICQ, LLC.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Disabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Disabled:KTF MUSIC VoD Server -- (PeeringPortal)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Disabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\ICQ7.5\ICQ.exe" = C:\Programme\ICQ7.5\ICQ.exe:*:Disabled:ICQ7.5 -- (ICQ, LLC.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Disabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8-Server -- (Microsoft Corporation)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Programme\Samsung\Samsung New PC Studio\NPSDMPPlayer.exe" = C:\Programme\Samsung\Samsung New PC Studio\NPSDMPPlayer.exe:*:Disabled:Samsung DM Player -- (Samsung Electronics Co., Ltd)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\DVD-START.EXE" = D:\DVD-START.EXE:*:Enabled:Schnellstart-DVD
"C:\Programme\Steam\SteamApps\*****\condition zero deleted scenes\hl.exe" = C:\Programme\Steam\SteamApps\*****\condition zero deleted scenes\hl.exe:*:Disabled:Half-Life Launcher -- (Valve)
"C:\Programme\Steam\SteamApps\*****\source sdk base\hl2.exe" = C:\Programme\Steam\SteamApps\*****\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Programme\Steam\SteamApps\*****\counter-strike\hl.exe" = C:\Programme\Steam\SteamApps\*****\counter-strike\hl.exe:*:Enabled:Counter-Strike -- (Valve)
"C:\Programme\Steam\SteamApps\*****\half-life\hl.exe" = C:\Programme\Steam\SteamApps\*****\half-life\hl.exe:*:Enabled:Half-Life -- (Valve)
"C:\Programme\Steam\SteamApps\*****\condition zero\hl.exe" = C:\Programme\Steam\SteamApps\*****\condition zero\hl.exe:*:Enabled:Counter-Strike: Condition Zero -- (Valve)
"C:\Programme\Steam\SteamApps\*****\counter-strike source\hl2.exe" = C:\Programme\Steam\SteamApps\*****\counter-strike source\hl2.exe:*:Enabled:Counter-Strike: Source -- ()
"C:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe" = C:\Programme\Steam\SteamApps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Programme\Steam\SteamApps\*****\garrysmod\hl2.exe" = C:\Programme\Steam\SteamApps\*****\garrysmod\hl2.exe:*:Enabled:Garry's Mod -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02548730-180A-487e-A726-A75CB6650AF7}" = D1400
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A06D517-BEE7-2D03-9792-CF1A30E29A70}" = Skins
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{11E94FDB-C895-45F1-B756-1C9B8C36C8F1}" = Microsoft IntelliType Pro 7.1
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1481D8E3-EA17-7697-3738-F5AA7784C902}" = ccc-utility
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428102E6-8A39-48B9-8389-847F5A44A600}" = MSXML 4.0
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0F15CA-2032-5D72-F209-A89E02A5FE0F}" = CCC Help English
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE 
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54BB0384-1C33-488F-A95B-877E480D3EDC}" = MSXML 4.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{59A67AEF-CABF-32CA-5407-55049E899A11}" = Catalyst Control Center Graphics Light
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87885939-F824-42bf-B790-231B1E8EF2BB}" = dj_sf_software
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{901A5511-070B-20DF-2F5A-5FA29C302C2A}" = Catalyst Control Center Graphics Full Existing
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{93F54611-2701-454e-94AB-623F458D9E6B}" = DeviceDiscovery
"{943803CB-20FA-F4EB-E4A6-A3B055A1DC2E}" = ccc-core-preinstall
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EE5A621-A673-37C4-E31A-A7D5696B6F29}" = Catalyst Control Center Graphics Previews Common
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F6B336-798D-77C2-21C9-392D4B0188F9}" = Catalyst Control Center Core Implementation
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B78EAA23-2D9B-CD91-6ABF-B96EC49BBA37}" = ccc-core-static
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D9758C4B-CDD0-536F-D90E-9D74AFC3A35E}" = Catalyst Control Center Graphics Full New
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{EFE673F6-688A-42ed-9C6C-9DD8CF5A9B89}" = D1400_Help
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F5936267-D467-4e7b-8940-A7D9F0398EF3}" = HP Deskjet Printer Driver Software 9.0
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF9AADE2-DA2A-4725-9806-EC46B5CB4CF2}" = Ludwig 2.0 SE
"69083DC58646DE46A09847A522A1CC487F918039" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA  (08/31/2007 5.7.0831.0)
"9722CA1E8F72F362E93CBEC75A707FDABFC8D880" = Windows-Treiberpaket - Advanced Micro Devices, Inc. (USB28xxBGA) Media  (08/31/2007 5.7.0831.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Color Efex Pro 3.0 Complete Stand-Alone" = Color Efex Pro 3.0 Complete
"DivX Setup.divx.com" = DivX-Setup
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps
"GCFScape_is1" = GCFScape 1.8.2
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JDownloader" = JDownloader
"MediaMonkey_is1" = MediaMonkey 3.2
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA nForce Treiber für Windows 2000/XP
"Opera 11.52.1100" = Opera 11.52
"RealPlayer 12.0" = RealPlayer
"Steam App 100" = Counter-Strike: Condition Zero Deleted Scenes
"Steam App 215" = Source SDK Base 2006
"Steam App 220" = Half-Life 2
"Steam App 240" = Counter-Strike: Source
"Steam App 4000" = Garry's Mod
"Steam App 500" = Left 4 Dead
"Steam App 70" = Half-Life
"Steam App 80" = Counter-Strike: Condition Zero
"The Hat_is1" = The Hat 2.4
"Unlocker" = Unlocker 1.8.7
"VLC media player" = VLC media player 1.1.4
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wonderland Online_is1" = Wonderland Online 2.0.3
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.96.5
"yWriter5_is1" = yWriter5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.12.2011 09:13:03 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 06.12.2011 12:28:47 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 07.12.2011 09:04:26 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 07.12.2011 13:47:45 | Computer Name = BESITZER-1903BA | Source = ESENT | ID = 490
Description = svchost (1184) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 07.12.2011 13:47:59 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 08.12.2011 09:44:24 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 08.12.2011 13:15:10 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 09.12.2011 10:48:36 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 09.12.2011 15:34:27 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
Error - 10.12.2011 08:33:59 | Computer Name = BESITZER-1903BA | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
 ist fehlgeschlagen mit dem Fehler: The server name or address could not be resolved
.
 
[ System Events ]
Error - 10.12.2011 19:30:03 | Computer Name = BESITZER-1903BA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 10.12.2011 19:31:28 | Computer Name = BESITZER-1903BA | Source = Service Control Manager | ID = 7000
Description = Der Dienst "npkcrypt" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 10.12.2011 19:31:40 | Computer Name = BESITZER-1903BA | Source = ParVdm | ID = 458754
Description = Zeiger für Geräteobjekt lässt sich nicht für Anschlussobjekt ermitteln.
 
Error - 10.12.2011 19:34:27 | Computer Name = BESITZER-1903BA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "netman"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error - 10.12.2011 19:34:39 | Computer Name = BESITZER-1903BA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 10.12.2011 19:34:40 | Computer Name = BESITZER-1903BA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error - 10.12.2011 19:35:23 | Computer Name = BESITZER-1903BA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "NetBios über TCP/IP" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 10.12.2011 19:35:23 | Computer Name = BESITZER-1903BA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "TCP/IP-Protokolltreiber" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 10.12.2011 19:35:23 | Computer Name = BESITZER-1903BA | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsprogramm" ist vom Dienst "AFD" abhängig,
 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%31
 
Error - 10.12.2011 19:35:23 | Computer Name = BESITZER-1903BA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  AmdK7  avgio  avipbb  Fips  IPSec  MRxSmb  NetBIOS  NetBT  RasAcd  Rdbss  ssmdrv  Tcpip  WS2IFSL
 
[ TuneUp Events ]
Error - 26.03.2009 09:54:38 | Computer Name = BESITZER-1903BA | Source = TuneUp Program Statistics | ID = 131840
Description = 
 
 
< End of report >

Alt 12.12.2011, 14:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windows - Delayed Write Failed/Windows detected a hard disk problem - Standard

Windows - Delayed Write Failed/Windows detected a hard disk problem


Zitat:
Ich hätte ehrlich gesagt auch kein Problem das System neuaufzusetzen aber es wäre doch schön vorher ein paar Daten retten zu können.
Daten sichern? Mach das über ne Live-CD wie Knoppix, Ubuntu (zweiter Link in meiner Signatur) oder über PartedMagic. Du brauchst natürlich auch ein Sicherungsmedium, am besten dürfte eine externe Platte sein.


Hier eine kurze Anleitung zu PartedMagic, funktioniert prinzipell so aber fast genauso mit allen anderen Live-Systemen auch.

1. Lade Dir das ISO-Image von PartedMagic herunter, müssten ca. 180 MB sein
2. Brenn es per Imagebrennfunktion auf CD, geht zB mit ImgBurn unter Windows
3. Boote von der gebrannten CD, im Bootmenü von Option 1 starten und warten bis der Linux-Desktop oben ist



4. Du müsstest ein Symbol "Mount Devices" finden, das doppelklicken
5. Mounte die Partitionen wo Windows installiert ist, meistens isses /dev/sda1 und natürlich noch etwaige andere Partitionen, wo noch Daten liegen und die gesichert werden müssen - natürlich auch die der externen Platte (du bekommmst nur Lese- und Schreibzugriffe auf die Dateisysteme, wenn diese gemountet sind)
6. Kopiere die Daten der internen Platte auf die externe Platte - kopiere nur persönliche Dateien, Musik, Videos, etc. auf die Backupplatte, KEINE ausführbaren Dateien wie Programme/Spiele/Setups!!
7. Wenn fertig, starte den Rechner neu, schalte die ext. Platte ab und boote von der Windows-DVD zur Neuinstallation (Anleitung beachten)
__________________

__________________
Antwort

Themen zu Windows - Delayed Write Failed/Windows detected a hard disk problem
0x00000001, alternate, avira, bho, browser, c:\windows\system32\rundll32.exe, counter-strike source, daten retten, desktop, dhcp-client, disabletaskmgr, einstellungen, error, failed, fehler, firefox, fontcache, format, hard disk, home, homepage, internet browser, jdownloader, locker, logfile, msvcrt, plug-in, problem, prozess, registry, required, rundll, scan, sched.exe, security, security update, software, studio, svchost, system, tablet, tcp/ip, udp, virus, win32k.sys, windows, windows - delayed write failed, windows detected a hard disk problem, windows internet


« Achtung aus sicherheitsgründen wurde ihr windowssystem blockiert | Win 7, Firewall läßt sich nicht starten, Wiederherstellungspunkte wirkungslos »


Ähnliche Themen: Windows - Delayed Write Failed/Windows detected a hard disk problem


  1. Dringend! Windows detected hard disk problem - alle Daten gehen verloren?
    Plagegeister aller Art und deren Bekämpfung - 08.11.2014 (10)
  2. Dringend! Windows detected hard disk problem - alle Daten gehen verloren?
    Lob, Kritik und Wünsche - 07.11.2014 (0)
  3. Virus: Windows detected a hard disk problem - WinXP
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (5)
  4. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (1)
  5. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (4)
  6. Windows detected a hard disk problem.
    Log-Analyse und Auswertung - 29.02.2012 (3)
  7. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (3)
  8. windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 06.02.2012 (3)
  9. Hard drive clusters are partly damaged / Windows - Delayed Write Failed / Critical Error und andere
    Plagegeister aller Art und deren Bekämpfung - 24.01.2012 (1)
  10. Windows detected a hard disk problem
    Plagegeister aller Art und deren Bekämpfung - 19.01.2012 (12)
  11. Windows detected a hard disk problem / Windows - Delayed Write Failed
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (8)
  12. WIN XP:Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 25.11.2011 (7)
  13. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 13.11.2011 (101)
  14. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 09.11.2011 (25)
  15. Windows - Delayed Write Failed .. Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 07.11.2011 (10)
  16. Windows - Delayed Write Failed. Failed to save all the components for the file \\System32\\
    Log-Analyse und Auswertung - 07.11.2011 (12)
  17. Windows detected a hard disk problem // critical error \\System32\\00005d03
    Log-Analyse und Auswertung - 05.11.2011 (38)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows - Delayed Write Failed/Windows detected a hard disk problem - Guten Abend, vor etwa einer Stunde gab mir Avira die Meldung ein Virus entdeckt zu haben. Daraufhin verschob ich diesen in Quaratäne und ab da fing der ärger an: Es - Windows - Delayed Write Failed/Windows detected a hard disk problem...
Archiv
Du betrachtest: Windows - Delayed Write Failed/Windows detected a hard disk problem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55