| |
| |||||||
Log-Analyse und Auswertung: Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
23.12.2011, 06:41
| #1 |
 |  Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. Hallo, Meldung wie in der Überschrift erscheint und ich kann nichts mehr arbeiten. Habe Malwarebytes Antiwir laufen lassen bevor ich in diesem Forum gelandet bin. Hat 6 Einträge gefunden, diese gelöscht, Meldung kommt immer noch. Dann habe ich die 3 Schritte befolgt. 1.Defogger: defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:07 on 23/12/2011 (mpkevin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Aufforderung zum Neustart kam nicht, habe selber neu gestartet. 2.OTL Am Schluss kam wieder die Meldung "Achtung...." OTL logfile created on: 23.12.2011 00:35:17 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\mpkevin\Eigene Dateien\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,14% Memory free 3,85 Gb Paging File | 3,19 Gb Available in Paging File | 83,06% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,14 Gb Total Space | 17,62 Gb Free Space | 18,92% Space Free | Partition Type: NTFS Drive D: | 85,25 Gb Total Space | 81,61 Gb Free Space | 95,73% Space Free | Partition Type: NTFS Computer Name: MP | User Name: mpkevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\mpkevin\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Programme\FormScapeSoftware\FormScape\Apache2\bin\Apache.exe (Apache Software Foundation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Opera\Opera\opera.exe () PRC - C:\Programme\NCP\SecureClient\NCPRWSNT.EXE (NCP Engineering GmbH) PRC - C:\Programme\NCP\SecureClient\RWSRSU.exe () PRC - C:\Programme\NCP\SecureClient\ncpclcfg.exe () PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) PRC - C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) PRC - C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) PRC - C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\NCP\SecureClient\NCPSEC.EXE () PRC - C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (America Online, Inc.) PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\WINDOWS\system32\fs3pm.dll () MOD - C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Opera\Opera\opera.exe () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\msjetoledb40.dll () MOD - C:\Programme\NCP\SecureClient\RWSRSU.exe () MOD - C:\Programme\NCP\SecureClient\ncpclcfg.exe () MOD - C:\Programme\NCP\SecureClient\ncpgacc.dll () MOD - C:\WINDOWS\system32\NCPMIF32.DLL () MOD - C:\WINDOWS\system32\sbe.dll () MOD - C:\Programme\NCP\SecureClient\BSDNTIF.DLL () MOD - C:\Programme\Sony\VAIO Camera Utility\VCULib.dll () MOD - C:\Programme\Intel\Wireless\Bin\Libeay32.dll () MOD - C:\Programme\Intel\Wireless\Bin\iWMSProv.dll () MOD - C:\Programme\Intel\Wireless\Bin\IntStngs.dll () MOD - C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () MOD - C:\Programme\Sony\VAIO Event Service\VESBasePS.dll () MOD - C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU () MOD - C:\WINDOWS\system32\TosBtHcrpAPI.dll () MOD - C:\Programme\NCP\SecureClient\NCPSEC.EXE () MOD - C:\WINDOWS\system32\redmonnt.dll () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- File not found SRV - (FormScape Storage Services) -- File not found SRV - (FormScape Server) -- File not found SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TomTomHOMEService) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (FormScapeWebServer) -- C:\Programme\FormScapeSoftware\FormScape\Apache2\bin\Apache.exe (Apache Software Foundation) SRV - (ncprwsnt) -- C:\Programme\NCP\SecureClient\NCPRWSNT.EXE (NCP Engineering GmbH) SRV - (rwsrsu) -- C:\Programme\NCP\SecureClient\RWSRSU.exe () SRV - (ncpclcfg) -- C:\Programme\NCP\SecureClient\ncpclcfg.exe () SRV - (VAIOMediaPlatform-IntegratedServer-AppServer) -- C:\Programme\Sony\VAIO Media Integrated Server\VMISrv.exe (Sony Corporation) SRV - (VAIOMediaPlatform-Mobile-Gateway) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation) SRV - (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP) -- C:\Programme\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation) SRV - (SSScsiSV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation) SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation) SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.) SRV - (VzFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe (Sony Corporation) SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation) SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (AdobeActiveFileMonitor4.0) -- C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe () SRV - (Image Converter video recording monitor for VAIO Entertainment) -- C:\Programme\Sony\Image Converter 2\IcVzMon.exe (Sony Corporation) SRV - (NcpSec) -- C:\Programme\NCP\SecureClient\NCPSEC.EXE () SRV - (AOL ACS) -- C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe (America Online, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (cfueaksc) -- C:\WINDOWS\System32\drivers\cfueaksc.sys () DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ncplentp) -- C:\WINDOWS\system32\drivers\NCPLENTP.SYS () DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider) DRV - (AVMUNET) -- C:\WINDOWS\system32\drivers\avmunet.sys (AVM GmbH) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.) DRV - (SonyImgF) -- C:\WINDOWS\system32\drivers\SonyImgF.sys (Sony Corporation) DRV - (ti21sony) -- C:\WINDOWS\system32\drivers\ti21sony.sys (Texas Instruments) DRV - (Tosrfhid) -- C:\WINDOWS\system32\drivers\tosrfhid.sys (TOSHIBA Corporation.) DRV - (Tosrfbd) -- C:\WINDOWS\system32\drivers\tosrfbd.sys (TOSHIBA CORPORATION) DRV - (Tosrfusb) -- C:\WINDOWS\system32\drivers\tosrfusb.sys (TOSHIBA CORPORATION) DRV - (usbvm321) -- C:\WINDOWS\system32\drivers\usbvm321.sys (Vimicro Corporation) DRV - (Tosrfbnp) -- C:\WINDOWS\system32\drivers\tosrfbnp.sys (TOSHIBA Corporation) DRV - (w39n51) Intel(R) -- C:\WINDOWS\system32\drivers\w39n51.sys (Intel® Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (tosporte) -- C:\WINDOWS\system32\drivers\tosporte.sys (TOSHIBA Corporation) DRV - (TosRfSnd) Bluetooth Audio Device (WDM) -- C:\WINDOWS\system32\drivers\tosrfsnd.sys (TOSHIBA Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\WINDOWS\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.) DRV - (Tosrfcom) -- C:\WINDOWS\system32\drivers\tosrfcom.sys (TOSHIBA Corporation) DRV - (toshidpt) -- C:\WINDOWS\system32\drivers\toshidpt.sys (TOSHIBA Corporation.) DRV - (NuVision) Hauppauge WinTV USB Pro (PAL B/G FM) -- C:\WINDOWS\system32\drivers\NUVision.sys (Hauppauge Computer Works) DRV - (tosrfnds) -- C:\WINDOWS\system32\drivers\tosrfnds.sys (TOSHIBA Corporation.) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (SymEvent) -- C:\Programme\Symantec\SYMEVENT.SYS (Symantec Corporation) DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation) DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.club-vaio.com/de/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {200FEA56-46B6-41E0-93EC-C4ADC751051A} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "" FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.67 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.51204.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.22 22:55:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.21 20:08:58 | 000,000,000 | ---D | M] [2009.03.05 22:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Mozilla\Extensions [2009.03.05 22:31:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2011.12.22 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Mozilla\Firefox\Profiles\hu1kjdfe.default\extensions [2011.11.16 12:53:44 | 000,000,000 | ---D | M] ("BetterPrivacy") -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Mozilla\Firefox\Profiles\hu1kjdfe.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} [2007.07.31 20:57:57 | 000,000,000 | ---D | M] ("VideoDownloader") -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Mozilla\Firefox\Profiles\hu1kjdfe.default\extensions\videodowloader@videodownloader.net [2011.12.22 18:32:25 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.04.06 10:40:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.07.18 13:36:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.04.06 10:40:20 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2005.12.05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npmozax.dll [2011.09.15 14:52:18 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.15 14:52:18 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.15 14:52:18 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.15 14:52:18 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.15 14:52:18 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.10 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (TBSB06128 Class) - {217AF1B3-52F0-4118-B5B4-A592B7EBDE20} - C:\Programme\IEToolbar\Geyik Toolbar\geyik.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll File not found O3 - HKLM\..\Toolbar: (Geyik Toolbar) - {0AA1C598-2D4D-4282-8A5C-3C48229C1E19} - C:\Programme\IEToolbar\Geyik Toolbar\geyik.dll () O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Geyik Toolbar) - {0AA1C598-2D4D-4282-8A5C-3C48229C1E19} - C:\Programme\IEToolbar\Geyik Toolbar\geyik.dll () O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar2.dll (Google Germany GmbH) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation) O4 - HKLM..\Run: [VAIOCameraUtility] C:\Programme\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [opera.exe] C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Opera\Opera\opera.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Bluetooth Manager.lnk = C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: RSS-Support-Site zu VAIO Information FLOW hinzufügen - C:\Programme\Sony\VAIO Information FLOW\aiesc.html () O8 - Extra context menu item: Übertragen mit Image Converter 2 Plus - C:\Programme\Sony\Image Converter 2\menu.htm () O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office2003\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: sony-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: sonystyle-europe.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: vaio-link.com ([]* in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD6CC216-ED20-47E0-A82C-AC0680FD101E}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EC2178B4-8EB7-4C77-93A2-96EEFBC5EE1B}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\mpkevin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\mpkevin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.07.27 10:07:00 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{04ed4c31-efa8-11dd-82aa-0002c7f9a8d7}\Shell - "" = AutoRun O33 - MountPoints2\{04ed4c31-efa8-11dd-82aa-0002c7f9a8d7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{04ed4c31-efa8-11dd-82aa-0002c7f9a8d7}\Shell\AutoRun\command - "" = G:\LxSetup.exe O33 - MountPoints2\{708c5a70-db3c-11dd-829b-0002c7f9a8d7}\Shell - "" = AutoRun O33 - MountPoints2\{708c5a70-db3c-11dd-829b-0002c7f9a8d7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{708c5a70-db3c-11dd-829b-0002c7f9a8d7}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{785a52fc-55d0-11de-8309-0002c7f9a8d7}\Shell - "" = AutoRun O33 - MountPoints2\{785a52fc-55d0-11de-8309-0002c7f9a8d7}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{785a52fc-55d0-11de-8309-0002c7f9a8d7}\Shell\AutoRun\command - "" = G:\LxSetup.exe O33 - MountPoints2\{b0e4861a-af01-11db-98d2-00038a000015}\Shell - "" = AutoRun O33 - MountPoints2\{b0e4861a-af01-11db-98d2-00038a000015}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b0e4861a-af01-11db-98d2-00038a000015}\Shell\AutoRun\command - "" = G:\preinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.23 00:29:59 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\mpkevin\Recent [2011.12.22 23:36:24 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.22 22:58:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Malwarebytes [2011.12.22 22:58:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.12.22 22:58:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.12.22 22:58:17 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.12.22 22:58:17 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.11.29 13:33:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mpkevin\Desktop\Maymunlu [2011.11.23 21:54:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\mpkevin\Desktop\Neuer Ordner [6 C:\Dokumente und Einstellungen\mpkevin\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\mpkevin\Eigene Dateien\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\mpkevin\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\mpkevin\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.23 00:32:00 | 000,001,014 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2011.12.23 00:10:33 | 000,050,868 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.12.23 00:10:30 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.12.23 00:10:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.23 00:10:24 | 2145,570,816 | -HS- | M] () -- C:\hiberfil.sys [2011.12.23 00:07:55 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\mpkevin\defogger_reenable [2011.12.22 23:55:11 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.12.22 23:41:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.22 23:36:24 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.12.22 22:58:22 | 000,000,760 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.22 20:45:09 | 000,002,675 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Lexware lohn+gehalt.lnk [2011.12.17 13:24:37 | 001,643,771 | ---- | M] () -- C:\LG1553_111217_132428.zip [2011.12.17 12:50:48 | 000,018,502 | ---- | M] () -- C:\Dokumente und Einstellungen\mpkevin\Desktop\c-ronaldo_43467.jpg [2011.12.15 17:36:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.12.08 15:47:05 | 000,038,217 | ---- | M] () -- C:\Dokumente und Einstellungen\mpkevin\Desktop\Kartal Türkiye TUINING.JPG [2011.12.08 15:43:16 | 000,037,821 | ---- | M] () -- C:\Dokumente und Einstellungen\mpkevin\Desktop\Kartal Türkiye.jpg [2011.12.01 18:47:18 | 000,016,110 | ---- | M] () -- C:\Dokumente und Einstellungen\mpkevin\Desktop\polls_156sr6ws_2202_682793_answer_3_xlarge.jpeg [2011.12.01 13:58:38 | 001,635,716 | ---- | M] () -- C:\LG1553_111201_135830.zip [2011.11.29 13:32:58 | 000,053,248 | ---- | M] () -- C:\Dokumente und Einstellungen\mpkevin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [6 C:\Dokumente und Einstellungen\mpkevin\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\mpkevin\Eigene Dateien\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\mpkevin\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\mpkevin\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.23 00:07:55 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\defogger_reenable [2011.12.22 22:58:22 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.17 13:24:31 | 001,643,771 | ---- | C] () -- C:\LG1553_111217_132428.zip [2011.12.17 12:50:47 | 000,018,502 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\Desktop\c-ronaldo_43467.jpg [2011.12.08 15:46:30 | 000,038,217 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\Desktop\Kartal Türkiye TUINING.JPG [2011.12.01 18:47:09 | 000,016,110 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\Desktop\polls_156sr6ws_2202_682793_answer_3_xlarge.jpeg [2011.12.01 13:58:32 | 001,635,716 | ---- | C] () -- C:\LG1553_111201_135830.zip [2011.05.13 09:04:16 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.05.13 09:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2011.05.13 09:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2011.05.13 09:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2011.04.18 19:15:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.02.16 16:14:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\buhl.ini [2011.02.16 16:13:24 | 000,181,672 | ---- | C] () -- C:\WINDOWS\System32\BpShellEx.dll [2009.12.19 23:02:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\cfueaksc.sys [2009.01.02 05:34:14 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2008.10.30 17:52:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2007.08.12 18:33:18 | 000,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI [2007.08.10 02:44:02 | 000,073,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\NCPLENTP.SYS [2007.08.10 02:43:59 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\NCPCFG.DLL [2007.08.10 02:43:59 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\NCPMIF32.DLL [2007.08.10 02:43:59 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\NCPVER.DLL [2007.08.09 10:52:59 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\fs3pm.dll [2007.08.09 10:52:59 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\fs3pm-old.dll [2007.06.04 19:44:12 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe [2007.06.04 19:44:12 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe [2007.06.04 19:44:12 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe [2007.06.04 19:44:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2007.06.04 19:44:11 | 000,471,552 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2007.06.04 19:44:11 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe [2007.05.03 19:28:35 | 000,109,481 | ---- | C] () -- C:\WINDOWS\hpoins08.dat [2007.05.03 19:28:35 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat [2007.05.03 19:28:19 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2007.04.21 18:26:54 | 000,001,997 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.04.13 08:26:55 | 000,263,390 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\fontlst2.opf [2007.02.22 11:29:52 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.02.19 18:14:47 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.02.19 13:31:52 | 000,626,688 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll [2007.02.11 19:54:41 | 000,004,880 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI [2007.02.09 22:22:22 | 000,116,736 | R--- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2007.02.09 22:22:22 | 000,045,568 | R--- | C] () -- C:\WINDOWS\System32\unredmon.exe [2007.02.09 21:25:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Developer.INI [2007.02.09 21:01:57 | 000,000,349 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2007.02.09 21:01:39 | 000,000,569 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2007.02.09 20:42:51 | 000,172,032 | ---- | C] () -- C:\WINDOWS\fssdkuis.exe [2007.01.30 11:23:06 | 000,003,376 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.01.28 20:02:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI [2007.01.28 00:39:09 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.01.28 00:34:04 | 000,000,729 | ---- | C] () -- C:\WINDOWS\aolback.exe.lnk [2007.01.27 20:43:58 | 000,000,460 | ---- | C] () -- C:\WINDOWS\awshkwv.ini [2007.01.27 20:38:11 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.01.27 20:19:10 | 000,561,152 | R--- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2007.01.27 20:14:16 | 000,000,081 | ---- | C] () -- C:\WINDOWS\loge.dat [2007.01.26 15:59:44 | 000,000,031 | ---- | C] () -- C:\WINDOWS\LxTrans.INI [2007.01.26 15:55:48 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\MMedia20VC7.dll [2006.11.06 21:27:55 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\wklnhst.dat [2006.10.24 22:42:30 | 000,053,248 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.10.22 14:27:20 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.10.22 14:19:25 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll [2006.10.22 14:16:31 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll [2006.10.22 14:14:43 | 000,000,058 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2006.10.22 14:09:04 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\mpkevin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.09.21 13:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll [2006.09.21 13:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll [2006.09.21 13:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll [2006.07.28 09:54:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.07.28 08:45:02 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2006.07.28 08:45:02 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2006.07.28 08:45:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2006.07.28 08:45:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2006.07.28 08:45:02 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2006.07.28 08:45:02 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2006.07.28 08:34:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI [2006.07.27 10:57:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2006.07.27 10:56:17 | 000,222,432 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2006.07.27 10:09:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2006.07.27 10:03:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2006.07.27 02:50:16 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll [2006.07.27 02:50:10 | 000,004,152 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.07.27 02:49:55 | 000,488,044 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.07.27 02:49:55 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.07.27 02:49:55 | 000,097,618 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.07.27 02:49:55 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.07.27 02:49:18 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.07.27 02:49:15 | 000,464,368 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.07.27 02:49:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.07.27 02:49:15 | 000,079,424 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.07.27 02:49:15 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.07.27 02:49:13 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.07.27 02:49:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.07.27 02:49:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2006.07.27 02:49:03 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.07.27 02:49:03 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.07.27 02:48:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.07.27 02:48:45 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.07.05 02:07:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2005.11.09 12:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll [2005.11.09 12:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll [2005.11.09 12:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll [2005.09.02 13:44:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll [2005.08.05 13:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll [2004.07.20 16:04:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll [2004.01.15 13:43:28 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll [2001.10.10 08:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll [2001.10.10 08:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll [2001.03.07 08:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll [2001.02.01 09:00:00 | 000,009,206 | ---- | C] () -- C:\WINDOWS\NTTuner.ini [1999.01.26 22:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL ========== LOP Check ========== [2007.01.26 16:01:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2011.02.16 16:16:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.01.16 20:51:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cornelsen [2010.07.10 15:43:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2007.06.18 23:49:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2007.08.09 09:52:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware [2011.12.19 22:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2010.11.22 13:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2009.03.05 22:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2007.01.28 00:33:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2011.05.19 15:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2007.01.27 20:37:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\.contentlauncher [2011.02.16 16:17:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Buhl Data Service [2007.01.27 20:38:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\contentlauncher [2010.07.10 15:59:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\elsterformular [2006.06.24 19:25:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\formscapesoftware [2011.05.15 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\FRITZ! [2006.12.13 15:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\InterVideo [2011.05.01 12:46:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Lexware [2007.08.06 23:03:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\LimeWire [2009.03.08 14:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\OpenOffice.org [2011.12.22 20:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\Opera [2010.11.22 13:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\sony [2009.03.05 22:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\TomTom ========== Purity Check ========== < End of report > 3. Extras OTL Extras logfile created on: 23.12.2011 00:35:17 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\mpkevin\Eigene Dateien\Downloads Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,14% Memory free 3,85 Gb Paging File | 3,19 Gb Available in Paging File | 83,06% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,14 Gb Total Space | 17,62 Gb Free Space | 18,92% Space Free | Partition Type: NTFS Drive D: | 85,25 Gb Total Space | 81,61 Gb Free Space | 95,73% Space Free | Partition Type: NTFS Computer Name: MP | User Name: mpkevin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc) "C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe" = C:\Programme\Adobe\Photoshop Elements 4.0\AdobePhotoshopElementsMediaServer.exe:*  isabled:Adobe Photoshop Elements Media Server -- ()"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- (America Online, Inc.) "C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- (America Online, Inc) "C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (America Online, Inc.) "C:\Programme\Symantec\pcAnywhere\winaw32.exe" = C:\Programme\Symantec\pcAnywhere\winaw32.exe:*:Enabled  cAnywhere Main Program -- (Symantec Corporation)"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire "C:\Programme\FormScapeSoftware\FormScape\Apache2\bin\Apache.exe" = C:\Programme\FormScapeSoftware\FormScape\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation) "C:\Dokumente und Einstellungen\mpkevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\05MNCXE7\DeskShareClient[1].exe" = C:\Dokumente und Einstellungen\mpkevin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\05MNCXE7\DeskShareClient[1].exe:*:Enabled eskShare//Client"C:\Programme\BearShare Applications\BearShare\BearShare.exe" = C:\Programme\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare "C:\WINDOWS\ncple\NCPMON.EXE" = C:\WINDOWS\ncple\NCPMON.EXE:*:Enabled:NCPMON "F:\fsetup.exe" = F:\fsetup.exe:*:Enabled:AVM FSetup Application "C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin) "C:\Dokumente und Einstellungen\mpkevin\Desktop\DeskShareClient.exe" = C:\Dokumente und Einstellungen\mpkevin\Desktop\DeskShareClient.exe:*:Enabled eskShare Client"C:\Programme\NCP\SecureClient\NCPMON.exe" = C:\Programme\NCP\SecureClient\NCPMON.exe:*:Enabled:ncpmon.exe -- (NCP engineering GmbH) "C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin) "C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVU Player Component "C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com) "C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\SopCast\adv\SopAdver.exe" = C:\Dokumente und Einstellungen\mpkevin\Anwendungsdaten\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver "C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com) "C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts "C:\Programme\Sony\Click to DVD 2\CtoDvd.exe" = C:\Programme\Sony\Click to DVD 2\CtoDvd.exe:*:Enabled:Click to DVD -- (Sony Corporation) "C:\Programme\Sony\Media Manager for WALKMAN\MediaManager.exe" = C:\Programme\Sony\Media Manager for WALKMAN\MediaManager.exe:*:Enabled:Media Manager for WALKMAN 1.2 -- (Sony Creative Software Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00F8608F-BA6A-4B32-843A-1A568ACD1198}" = VAIO Sea Wallpaper "{013E1BA8-C815-4E27-BCB9-D6B1B2E24094}" = SonicStage Mastering Studio Audio Filter Custom Preset "{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony MP4 Shared Library "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio DigitalMedia Data "{11C98E1A-EC91-4B38-B44C-C562292D8453}" = Adobe Premiere Elements 2.0 "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility "{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.4 "{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00 "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe "{24960AC2-C413-4A86-B1C1-E4CCADCA44D3}" = VAIO Information FLOW "{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26 "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter "{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility "{2E7A4C81-65EA-4B6B-AF98-030104582271}" = Lexware lohn + gehalt 2007 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41102DB9-776E-40FA-9085-4554C93A3719}" = Lexware Elster "{48820099-ED7D-424B-890C-9A82EF00656D}" = VAIO Update 2 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 5.0 "{572D4F5A-82AE-4B64-AB12-0ACB59F0A607}" = Lexware lohn + gehalt Juli 2008 "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 5.0 "{588DF486-DF7A-11D5-82B4-000374890932}" = Turnierplaner "{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series "{5958CAC6-373E-402F-84FE-0A699AA920B9}" = LAN Setting Utility "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2 "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5ED1454F-D313-43E5-BA76-9AA7F39BD7B4}" = Lexware lohn+gehalt Aktualisierung Februar 2008, Version 12.11 "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{61D6E4FB-1A62-4EB1-BE56-929B00C155CF}" = Wireless LAN Starter "{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins "{63B8FB69-A1B6-425D-B67D-5257B7A1F663}" = Image Converter 2 Plus "{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VOR "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus "{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform "{6B2715ED-7DBF-4BF1-9009-FE4D66421031}" = Nero 7 Ultra Edition "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 5.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7CB22EEE-A983-4BBA-B115-DCB14BB15A00}" = Lexware lohn + gehalt 2007 "{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0 "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr "{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FFC924C-ED06-44CB-8867-3CA778ECE903}" = Adobe Help Center 2.0 "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VPS "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for VAIO "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML "{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management "{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.03 Menu Data "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0 "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AB467B85-4F52-48C2-AEED-0673D00417B0}" = SonicStage Mastering Studio Audio Filter "{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio DigitalMedia Audio "{ABBD2A2E-2424-4078-966F-F319A88D5F21}" = VAIO Starfish Wallpaper "{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch "{AC76BA86-7AD7-1031-7B44-A70500000002}" = Adobe Reader 7.0.5 - Deutsch "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 5.0 "{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio DigitalMedia Copy "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008 "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.0 "{BE56FEF0-1A0F-4719-B3AD-34B5087AFA6D}" = Sony Video Shared Library "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 2.2 "{C27BF761-C499-488D-A964-A3718BC6EC3E}" = DSD Direct "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{C5F29C33-6BAA-44B9-9E33-1D5093F2E0ED}" = Lexware lohn+gehalt Aktualisierung Januar 2008, Version 12.10 "{C89EB8CD-675F-44F4-9729-4C9A8FAC2D4F}" = DSD Playback Plug-In 1.0 "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBBCBE04-EA5E-4201-A924-E7ED3E8686AE}" = ElsterFormular 2006/2007 "{CD26715F-AD1A-4F06-8C64-2650C917586B}" = Lexware lohn + gehalt 2007 "{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba "{D05E8183-866A-11D3-97DF-0000F8D8F2E9}" = pcAnywhere Nur Remote "{D95538C3-F470-47CD-A7D5-34DBAA995ECA}" = Lexware lohn+gehalt 2011 "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (VAIO_VEDB) "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{E4E3E62E-16D7-425E-009C-DCB5E64F5955}" = FIFA 2005 "{E5E6E687-1031-0000-0000-000000000002}" = Adobe Acrobat 7.0 Elements - Deutsch "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.5.30 "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore "{E8895A6B-1A5A-4754-AE70-70432DA6C6D6}" = Carnet d'activités À plus! 1 "{EBB7C1C1-D439-4D9B-9FDC-954C10F266B0}" = Adobe Photoshop Elements 4.0 "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins "{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse "{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service "{F0F89497-95EA-4F01-9F2A-1B6EBDF6A15B}" = Lexware lohn + gehalt 2008 "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{FB714F13-10C9-48DB-91C9-DDBCCCBF9370}" = VAIO Original Screen Saver VAIO Cozy Screen SD Wide Contents "{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe "{FF748561-FFFE-11D3-A06B-00E02939A7B1}" = dakota.ag "Adobe Acrobat 7.0 Elements - Deutsch" = Adobe Acrobat 7.0 Elements - Deutsch "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 4" = Adobe Photoshop Elements 4.0 "AFPL Ghostscript 8.50" = AFPL Ghostscript 8.50 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "America Online de" = AOL Deutschland "Anti-Twin 2008-07-24 22.43.40" = Anti-Twin (Installation 24.07.2008) "AOL Connectivity Services" = AOL Optimized Dial-In "AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner "AOLCoach de" = AOL Coach Version 1.0(Build:20040229.1 de) "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX "Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "CCleaner" = CCleaner (remove only) "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_20030003" = HDAUDIO SoftV92 Data Fax Modem with SmartCP "CSCLIB" = Canon Camera Support Core Library "DG834" = DG834 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "Easy Eraser V.1.2_is1" = Easy Eraser V.1.2 "ElsterFormular 11.5.0.4546" = ElsterFormular "EOS Utility" = Canon Utilities EOS Utility "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "FRITZ!DSL" = AVM FRITZ!DSL "fs-software-ltd (C:_Programme_FormScapeSoftware_FormScape)" = FormScape "Google Updater" = Google Updater "HijackThis" = HijackThis 1.99.1 "InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00 "InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "InstallShield_{668B1BD6-4593-4959-970E-249AFFE6F35C}" = VAIO-Online-Registrierung (Deutsch) "InstallShield_{9080C5D2-82FA-452A-87FA-CBB4B05D67A5}" = VAIO Product Survey "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "MouseSuite98" = Sony USB Mouse "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25) "MPEG4 Direct Maker" = MPEG4 Direct Maker "My Club VAIO Media Center Edition_is1" = My Club VAIO MCE (German) 1.0.1 "NCP RWS/GA" = NCP Secure Entry Client "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01 "PhotoStitch" = Canon Utilities PhotoStitch "Picasa 3" = Picasa 3 "PokerStars.net" = PokerStars.net "PremElem20" = Adobe Premiere Elements 2.0 "ProInst" = Intel(R) PROSet/Wireless Software "PROSet" = Intel(R) PRO Network Connections Drivers "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX "RealPlayer 6.0" = RealPlayer Basic "Redirection Port Monitor" = RedMon - Druckeranschluß-Umleitungsmonitor "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX "ShockwaveFlash" = Macromedia Flash Player 8 "SopCast" = SopCast 3.0.1 "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "SpywareBlaster_is1" = SpywareBlaster v3.5.1 "StreetPlugin" = Learn2 Player (Uninstall Only) "SUPER ©" = SUPER © Version 2007.bld.22 (Mar 14, 2007) "sv.net" = sv.net "TBSB06128.TBSB06128Toolbar" = Geyik Toolbar "TomTom HOME" = TomTom HOME 2.7.3.1894 "UltraEdit-32" = UltraEdit-32 Uninstall "ViewpointMediaPlayer" = Viewpoint Media Player "VLC media player" = VideoLAN VLC media player 0.8.6c "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "WGA" = Windows Genuine Advantage Validation Tool "Windows Lemmings" = Lemmings for Windows 95 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xbox_360_CC_Driver" = Xbox 360 Controller for Windows "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 23.11.2011 14:54:47 | Computer Name = MP | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 29.11.2011 08:33:02 | Computer Name = MP | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003d928. Error - 14.12.2011 17:24:50 | Computer Name = MP | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes Modul xvid.ax, Version 0.0.0.0, Fehleradresse 0x0003d928. Error - 19.12.2011 17:19:33 | Computer Name = MP | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung pica.exe, Version 0.0.0.0, fehlgeschlagenes Modul plugin_lstb_11.dll, Version 0.0.0.0, Fehleradresse 0x000e4adc. Error - 22.12.2011 15:44:30 | Computer Name = MP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung msiexec.exe, Version 3.1.4001.5512, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 22.12.2011 17:41:27 | Computer Name = MP | Source = VSS | ID = 5013 Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager" aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert in 0x800423f4) fehlgeschlagen. Error - 22.12.2011 19:21:24 | Computer Name = MP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.31.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 22.12.2011 19:23:36 | Computer Name = MP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.31.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 22.12.2011 19:25:37 | Computer Name = MP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.31.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. Error - 22.12.2011 19:29:32 | Computer Name = MP | Source = Application Hang | ID = 1002 Description = Stillstehende Anwendung OTL.exe, Version 3.2.31.0, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000. [ System Events ] Error - 22.12.2011 16:05:52 | Computer Name = MP | Source = DCOM | ID = 10010 Description = Der Server "{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 22.12.2011 17:39:58 | Computer Name = MP | Source = Print | ID = 19 Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker hplj3_mahnung_t, Freigabename hplj3_mahnung_t. Error - 22.12.2011 17:41:26 | Computer Name = MP | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "ntmssvc" mit den Argumenten "-Service" gestartet wurde, um den folgenden Server zu verwenden: {D61A27C6-8F53-11D0-BFA0-00A024151983} Error - 22.12.2011 17:51:59 | Computer Name = MP | Source = Print | ID = 19 Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker fs_ol_t, Freigabename fs_ol_t. Error - 22.12.2011 17:53:56 | Computer Name = MP | Source = DCOM | ID = 10010 Description = Der Server "{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 22.12.2011 17:55:56 | Computer Name = MP | Source = DCOM | ID = 10010 Description = Der Server "{7F6316B4-4D69-4765-B0A3-B2598F2FA80A}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error - 22.12.2011 18:27:50 | Computer Name = MP | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 22.12.2011 18:28:52 | Computer Name = MP | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: SI3132 Error - 22.12.2011 19:27:55 | Computer Name = MP | Source = Service Control Manager | ID = 7034 Description = Dienst "FormScape Server" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.12.2011 19:28:10 | Computer Name = MP | Source = Service Control Manager | ID = 7034 Description = Dienst "FormScape Storage Services" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. < End of report > 4.Gmer.txt GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2011-12-23 06:25:17 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHV2200BT rev.0000004F Running: 88tqykw4.exe; Driver: C:\DOKUME~1\mpkevin\LOKALE~1\Temp\ugldypow.sys ---- System - GMER 1.0.15 ---- SSDT BAF72D7C ZwClose SSDT BAF72D36 ZwCreateKey SSDT BAF72D86 ZwCreateSection SSDT BAF72D2C ZwCreateThread SSDT BAF72D3B ZwDeleteKey SSDT BAF72D45 ZwDeleteValueKey SSDT BAF72D77 ZwDuplicateObject SSDT BAF72D4A ZwLoadKey SSDT BAF72D18 ZwOpenProcess SSDT BAF72D1D ZwOpenThread SSDT BAF72D54 ZwReplaceKey SSDT BAF72D4F ZwRestoreKey SSDT BAF72D8B ZwSetContextThread SSDT BAF72D40 ZwSetValueKey SSDT BAF72D27 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9B77360, 0x22144D, 0xE8000020] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9EFBD50] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRequest] [B9EFBF60] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9EF9E40] \SystemRoot\system32\DRIVERS\ncplentp.sys IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9EFC060] \SystemRoot\system32\DRIVERS\ncplentp.sys ---- Files - GMER 1.0.15 ---- File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223 0 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system 0 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\CUPID-20111223000000-4324.log 82 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\DEPSVR-20111223000000-3524.log 83 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\DISP-20111223000001-4404.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FBD-20111223000000-3544.log 80 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FSD-20111223000003-508.log 80 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FSDDEL-20111223000000-4248.log 83 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FSDEM-20111223000002-4476.log 82 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FSDORCUPG-20111223000001-4816.log 86 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FSDREPRINTREQUESTS-20111223000002-4964.log 95 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FSDSUBS-20111223000003-5676.log 84 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\FSRVR-20111223000003-240.log 82 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\LOGSVR-20111223000003-3564.log 83 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\RBGW-20111223000003-5368.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\RBGW-20111223000003-5412.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\SYNC-20111223000001-5160.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\SYNC-20111223000001-5244.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\SYNC-20111223000004-4416.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\SYNC-20111223000004-4744.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\SYNC-20111223000004-5128.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\SYNC-20111223000004-5236.log 81 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FormScapeSoftware\data\logs\20111223\system\SYNC-20111223000004-5624.log 81 bytes ---- EOF - GMER 1.0.15 ----  |
| Themen zu Achtung! Aus Sicherheitsgründen wurde ihr Windowssystem blockiert. |
| 0x00000001, 0x8007042, 0xc0000001, achtung!, antivir, audiograbber, aus sicherheitsgründen wurde ihr windowssystem blockiert, avira, bho, blockiert, bonjour, canon, converter, desktop, dsl, eraser, error, excel, fehler, firefox, flash player, google earth, hijack, hijackthis, home, installation, intranet, logfile, mahnung, mbamservice.exe, mozilla, msiexec.exe, nt.dll, plug-in, registry, scan, sched.exe, security, server, stick, studio, super, symantec, version=1.0, visual studio, wurde ihr, youtube downloader |
Baum-Darstellung