| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Programm meldet HDD FEHLERWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.03.2012, 07:35
| #1 |
 |  Programm meldet HDD FEHLER .... Es werden zig von Fehlern gefunden. Dann kommt die Aufforderung eine reparaturprogramm zu kaufen. Sieht alles schon sehr verdächtig aus. Es läßt sich keine Systemsteuerung starten. Ich habe die Netzwerkverbindung und getrennt und den pC ausgeschaltet. Habe versucht auf einen alten Stand zurück zusetzen, war aber leider nicht möglich. Da ich nich allzu gute PC Kenntnisse habe würde ich mich auf kompetente Hilfe freuen.* Gruß Stefan |
|
01.03.2012, 18:51
| #2 |
| /// Malware-holic   | Programm meldet HDD FEHLER hi,
__________________neustart f8 drücken abgesicherter modus mit netzwerk wählen im betroffenen konto anmelden. falls es geht: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
01.03.2012, 23:15
| #3 |
| | Programm meldet HDD FEHLER otl:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 01.03.2012 22:53:05 - Run 1 OTL by OldTimer - Version 3.2.34.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 81,88% Memory free 3,35 Gb Paging File | 3,22 Gb Available in Paging File | 95,93% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,41 Gb Total Space | 8,43 Gb Free Space | 7,24% Space Free | Partition Type: NTFS Drive D: | 107,91 Gb Total Space | 18,57 Gb Free Space | 17,21% Space Free | Partition Type: NTFS Drive E: | 8,55 Gb Total Space | 2,09 Gb Free Space | 24,43% Space Free | Partition Type: FAT32 Drive G: | 6,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive H: | 121,85 Mb Total Space | 92,10 Mb Free Space | 75,58% Space Free | Partition Type: FAT Drive I: | 960,72 Mb Total Space | 959,30 Mb Free Space | 99,85% Space Free | Partition Type: FAT Computer Name: LEMMY30 | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.01 22:39:28 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2007.06.28 23:43:00 | 000,466,944 | -H-- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2005.10.19 10:56:28 | 000,125,952 | -H-- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2012.02.08 13:11:50 | 000,136,584 | -H-- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2012.02.08 13:11:37 | 000,374,152 | -H-- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011.04.22 13:21:10 | 000,092,592 | -H-- | M] (TomTom) [Auto | Stopped] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.02.18 15:37:16 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.01.28 20:34:52 | 000,032,336 | -H-- | M] (Sanford, L.P.) [Auto | Stopped] -- C:\Programme\DYMO\DYMO Label Software\DymoPnpService.exe -- (DymoPnpService) SRV - [2010.11.08 11:04:20 | 000,390,528 | -H-- | M] (LogMeIn, Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010.08.14 16:55:14 | 001,935,656 | -H-- | M] (Emsi Software GmbH) [Auto | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2010.03.18 11:19:26 | 000,113,152 | -H-- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.12.07 14:38:02 | 001,128,008 | -H-- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2009.11.26 12:50:52 | 000,302,152 | -H-- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\G DATA\GDScan\GDScan.exe -- (GDScan) SRV - [2009.11.25 02:07:32 | 001,251,488 | -H-- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\AntiVirus\AVK\AVKWCtl.exe -- (AVKWCtl) SRV - [2009.10.20 19:19:48 | 000,117,264 | -H-- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009.08.08 12:33:28 | 000,397,896 | -H-- | M] (G Data Software AG) [Auto | Stopped] -- C:\Programme\G Data\AntiVirus\AVK\AVKService.exe -- (AVKService) SRV - [2008.01.03 02:31:54 | 000,654,848 | -H-- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.10 23:45:04 | 000,124,832 | -H-- | M] () [Auto | Stopped] -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0) SRV - [2006.10.26 12:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.19 13:52:24 | 000,061,440 | -H-- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2006.09.28 18:20:00 | 000,049,152 | -H-- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2005.11.21 11:34:24 | 000,081,920 | -H-- | M] (AVM Berlin) [Auto | Stopped] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service) SRV - [2005.11.21 10:48:06 | 000,315,392 | -H-- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) SRV - [2005.10.21 20:42:04 | 000,114,784 | -H-- | M] () [Disabled | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2005.10.21 20:42:02 | 000,258,146 | -H-- | M] () [Disabled | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2005.10.21 20:41:02 | 001,081,344 | -H-- | M] (Cyberlink) [Auto | Stopped] -- C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service) SRV - [2005.08.24 01:29:52 | 000,118,272 | -H-- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2004.10.22 02:24:18 | 000,073,728 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.05.05 18:30:22 | 000,065,536 | -H-- | M] (Brother Industries, Ltd.) [Disabled | Stopped] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps) SRV - [2001.11.12 12:31:48 | 000,020,480 | -H-- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) SRV - [2001.10.09 10:20:54 | 000,032,256 | -H-- | M] (ProdEx Technologies) [Auto | Stopped] -- C:\WINDOWS\system32\slpservice.exe -- (SLPMONX) ========== Driver Services (SafeList) ========== DRV - [2012.02.08 13:11:39 | 000,083,360 | -H-- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2010.09.17 14:40:06 | 000,047,640 | -H-- | M] (LogMeIn, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2010.09.17 14:40:06 | 000,012,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | Auto | Stopped] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2010.08.25 14:47:16 | 000,041,816 | -H-- | M] (Emsi Software GmbH) [File_System | System | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2010.08.14 16:54:22 | 000,071,008 | -H-- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2010.05.05 08:40:32 | 000,011,776 | -H-- | M] (Emsi Software GmbH) [Kernel | System | Stopped] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2010.03.08 20:35:45 | 000,076,800 | -H-- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV84.sys -- (SSHDRV84) DRV - [2010.02.25 21:56:39 | 000,068,976 | -H-- | M] (G Data Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD) DRV - [2010.02.25 21:50:25 | 000,028,616 | -H-- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave) DRV - [2010.02.25 13:37:43 | 000,055,624 | -H-- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV - [2010.02.25 13:37:05 | 000,051,784 | -H-- | M] (G DATA Software AG) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor) DRV - [2010.02.25 13:37:02 | 000,034,632 | -H-- | M] (G Data Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre) DRV - [2009.10.20 19:19:44 | 000,050,704 | -H-- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2008.10.01 22:50:38 | 000,027,136 | -H-- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nchssvad.sys -- (NCHSSVAD) DRV - [2008.04.16 10:09:35 | 000,021,248 | -H-- | M] (AVIRA GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.04.13 20:40:58 | 000,008,192 | -H-- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer) DRV - [2008.04.13 20:40:26 | 000,034,688 | -H-- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008.04.13 19:46:22 | 000,015,232 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008.01.25 10:12:34 | 000,025,088 | -H-- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2007.02.16 01:57:04 | 000,034,760 | -H-- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006.08.24 13:44:14 | 000,477,696 | -H-- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zd1211bu.sys -- (ZD1211BU(Wireless)) 54M Wireless USB Adapter Driver(Wireless) DRV - [2005.11.21 10:41:50 | 000,367,104 | -H-- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netfwdsl.sys -- (NETFWDSL) DRV - [2005.11.21 10:41:50 | 000,011,264 | -H-- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netdsl.sys -- (NETDSL) DRV - [2005.10.17 14:52:58 | 000,826,112 | -H-- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2005.10.04 17:37:54 | 000,072,320 | -H-- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.sys -- (CMISTOR) DRV - [2005.08.18 23:35:04 | 003,856,896 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005.08.10 13:44:04 | 000,050,688 | -H-- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.07.14 19:58:38 | 000,241,536 | -H-- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2500usb.sys -- (RT2500USB) DRV - [2005.06.30 12:16:00 | 001,094,848 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2005.06.17 04:20:20 | 000,119,424 | -H-- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2005.05.27 08:31:28 | 000,022,016 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2005.05.16 14:20:39 | 000,006,656 | -H-- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.10.25 13:40:58 | 000,017,664 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zdpsp50.sys -- (ZDPSp50) DRV - [2004.10.08 10:59:12 | 000,326,656 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrl.sys -- (CamDrL) Logitech QuickCam Pro 3000(CamDrl) DRV - [2004.08.03 22:31:34 | 000,020,992 | -H-- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) DRV - [2004.03.02 16:37:50 | 000,125,184 | -H-- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv) DRV - [2004.03.02 16:37:48 | 000,005,504 | -H-- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv) DRV - [2004.01.16 12:02:58 | 000,017,408 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10ufx2.sys -- (XUIF) DRV - [2002.12.17 10:36:22 | 000,730,880 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys -- (WDMCAPI) DRV - [2002.12.09 10:21:28 | 000,026,112 | -H-- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP) DRV - [2002.05.24 13:50:20 | 000,024,092 | -H-- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CW100.sys -- (CW100) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Programme\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2027: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2088: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1040: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.26 16:42:23 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.12.03 06:14:51 | 000,000,000 | -H-D | M] [2011.12.03 06:15:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009.03.12 07:48:18 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.26 16:42:22 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.01.10 21:46:30 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.10 21:46:30 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.01.10 21:46:30 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.10 21:46:30 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.10 21:46:30 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.10 21:46:30 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Dokumente und Einstellungen\Lemmy\Anwendungsdaten\Complitly\Complitly.dll (SimplyGen) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\AntiVirus\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe () O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe () O4 - HKLM..\Run: [FRVFiPBNaNpfUDT.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FRVFiPBNaNpfUDT.exe (Lioft) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Programme\G Data\AntiVirus\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [iSaverCtrl] C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [MedionVFD] C:\Programme\Medion Info Display\MdionLCM.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [UVS10 Preload] C:\Programme\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe (Ulead Systems, Inc.) O4 - HKCU..\Run: [AOLMIcon] C:\Programme\Gemeinsame Dateien\AOLSHARE\AOLMIcon.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoEncryptOnMove = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Shell Hosting = C:\WINDOWS\system32\scvhost\scvhosts.exe O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Google-Suche - res://c:\programme\google\GoogleToolbar2.dll/cmsearch.html File not found O8 - Extra context menu item: &Ins Deutsche übersetzen - res://c:\programme\google\GoogleToolbar2.dll/cmwordtrans.html File not found O8 - Extra context menu item: Ähnliche Seiten - res://c:\programme\google\GoogleToolbar2.dll/cmsimilar.html File not found O8 - Extra context menu item: Im Cache gespeicherte Seite - res://c:\programme\google\GoogleToolbar2.dll/cmcache.html File not found O8 - Extra context menu item: Verweisseiten - res://c:\programme\google\GoogleToolbar2.dll/cmbacklinks.html File not found O9 - Extra Button: iOpus iMacros - {0483894E-2422-45E0-8384-021AFF1AF3CD} - C:\Programme\iMacros\imacros.dll (iOpus Software GmbH) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {98A52828-A5D6-11D3-82B8-00104B39A31D} hxxp://matool.mapfre-warranty.com/matool_ale/OnyxMaskEdit2Dual.cab (Onyx Masked Edit Control Class) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.69.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4BD06536-5690-441F-9B91-125C7799C051}: DhcpNameServer = 192.168.69.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MED_1024_768_AN.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MED_1024_768_AN.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - Unable to read "AutoRun" value or value not present! O32 - AutoRun File - [2005.10.09 13:46:45 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2007.11.25 19:34:04 | 000,000,152 | -H-- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010.10.18 09:13:14 | 000,000,074 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\zdata\cobi.exe -- [2011.06.29 15:33:03 | 004,292,096 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {1E0C080C-85CF-9A4B-CB35-39CA45EFD503} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {4495645F-93E4-AB78-6473-E34F6F238CBD} - Internet Explorer ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {49980417-CA5C-A518-B32F-46E30CA2E9AD} - Adobe Shockwave Director 11.0 ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {838ABA25-C2FD-2F04-5BBF-0277605A5FC9} - ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CBE039AE-2BAC-6071-D0B6-979FD53162D4} - ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "usnjsvc" MsConfig - Services: "TapiSrv" MsConfig - Services: "LightScribeService" MsConfig - Services: "iPod Service" MsConfig - Services: "ICQ Service" MsConfig - Services: "ERSvc" MsConfig - Services: "CLSched" MsConfig - Services: "CLCapSvc" MsConfig - Services: "Brother XP spl Service" MsConfig - Services: "brmfrmps" MsConfig - Services: "Bonjour Service" MsConfig - Services: "Apple Mobile Device" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader Synchronizer.lnk - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^CardMinder Viewer.lnk - C:\Programme\PFU\ScanSnap\CardMinder V3.2\CardLauncher.exe - (PFU Limited.) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^D-Info Schnellstarter.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^In PDF-Datei mit ScanSnap Organizer konvertieren.lnk - C:\Programme\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe - (PFU LIMITED) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ScanSnap Manager.lnk - C:\Programme\PFU\ScanSnap\Driver\PfuSsMon.exe - (PFU LIMITED) MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Status Monitor.lnk - C:\Programme\Brother\Brmfcmon\BrMfcWnd.exe - (Brother Industries, Ltd.) MsConfig - StartUpReg: ControlCenter2.0 - hkey= - key= - C:\Programme\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: FaxCenterServer - hkey= - key= - File not found MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: iSaverCtrl - hkey= - key= - C:\Programme\iSaver\iSaverCtrl.exe (infoMantis GmbH) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found MsConfig - StartUpReg: LogitechVideoRepair - hkey= - key= - C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.) MsConfig - StartUpReg: LogitechVideoTray - hkey= - key= - C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.) MsConfig - StartUpReg: LVCOMSX - hkey= - key= - File not found MsConfig - StartUpReg: lxdiamon - hkey= - key= - File not found MsConfig - StartUpReg: lxdimon.exe - hkey= - key= - File not found MsConfig - StartUpReg: MSPY2002 - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Programme\Home Cinema\PowerCinema\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) MsConfig - StartUpReg: StrobePro - hkey= - key= - C:\Programme\ScanSoft\PaperPort\viperusb.exe (Visioneer Inc) MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 2 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012.03.01 22:49:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\PrivacIE [2012.03.01 22:43:23 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.03.01 22:43:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zeon [2012.02.29 19:33:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\IETldCache [2012.02.29 18:18:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX [2012.02.29 18:18:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia [2012.02.29 18:18:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities [2012.02.29 18:18:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CyberLink [2012.02.29 18:18:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AOL [2012.02.29 18:18:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe [2012.02.29 18:18:58 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft [2012.02.29 18:18:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Videos [2012.02.29 18:18:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Tabellen [2012.02.29 18:18:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik [2012.02.29 18:18:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Dokumente [2012.02.29 18:18:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien [2012.02.29 18:18:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder [2012.02.29 18:18:58 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten [2012.02.29 18:18:58 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies [2012.02.29 18:18:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\You've Got Pictures Screensaver [2012.02.29 18:18:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype [2012.02.29 18:18:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Real [2012.02.29 18:18:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\My Skype Pictures [2012.02.29 18:18:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Mein Geld [2012.02.29 18:18:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung [2012.02.29 18:18:58 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop [2012.02.29 18:18:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten [2012.02.29 18:18:57 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe [2012.02.29 18:18:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\UserData [2012.02.29 18:18:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör [2012.02.29 18:18:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü [2012.02.29 18:18:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo [2012.02.29 18:18:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2012.02.29 18:18:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\WINDOWS [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\PowerCinema [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Ahead [2012.02.29 18:18:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\{3248F0A6-6813-11D6-A77B-00B0D0150040} [2012.02.29 10:10:21 | 000,356,864 | -H-- | C] (Lioft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\koBStol6HR6DsD.exe [2012.02.29 10:07:46 | 000,451,072 | -H-- | C] (Lioft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FRVFiPBNaNpfUDT.exe [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.01 22:42:54 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.03.01 22:41:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.03.01 22:39:28 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe [2012.02.29 17:48:11 | 000,001,210 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-603277611-3724542820-3745296837-1006UA.job [2012.02.29 17:26:11 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.02.29 10:47:42 | 000,000,304 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~koBStol6HR6DsD [2012.02.29 10:47:41 | 000,000,208 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~koBStol6HR6DsDr [2012.02.29 10:42:16 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.02.29 10:10:49 | 000,000,328 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\koBStol6HR6DsD [2012.02.29 10:10:22 | 000,356,864 | -H-- | M] (Lioft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\koBStol6HR6DsD.exe [2012.02.29 10:04:37 | 000,451,072 | -H-- | M] (Lioft) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FRVFiPBNaNpfUDT.exe [2012.02.28 23:48:00 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-603277611-3724542820-3745296837-1006Core.job [2012.02.27 01:43:19 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.02.25 08:23:03 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.02.24 17:21:53 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.02.18 14:37:27 | 000,430,184 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.02.18 12:50:53 | 000,591,530 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.02.18 12:50:53 | 000,533,872 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.02.18 12:50:53 | 000,131,848 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.02.18 12:50:53 | 000,099,778 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.02.18 12:39:32 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK [2012.02.14 11:09:13 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\iltwain.ini [2012.02.08 13:11:39 | 000,083,360 | -H-- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll [2012.02.08 13:11:37 | 000,087,424 | -H-- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll [2012.02.08 13:11:37 | 000,030,592 | -H-- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll [2012.02.05 14:12:06 | 000,001,411 | -H-- | M] () -- C:\WINDOWS\BRPfX04A.INI [2012.02.01 10:15:26 | 000,001,016 | -H-- | M] () -- C:\WINDOWS\WINCMD.INI [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [13 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.29 18:19:19 | 000,000,854 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\NVIDIA Demo Kiosk.lnk [2012.02.29 18:19:19 | 000,000,678 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Skype.lnk [2012.02.29 18:19:02 | 000,003,584 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.29 18:19:02 | 000,000,141 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2012.02.29 18:19:00 | 000,001,599 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Remoteunterstützung.lnk [2012.02.29 18:19:00 | 000,000,751 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk [2012.02.29 18:19:00 | 000,000,722 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Outlook Express.lnk [2012.02.29 10:10:58 | 000,000,304 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~koBStol6HR6DsD [2012.02.29 10:10:58 | 000,000,208 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~koBStol6HR6DsDr [2012.02.29 10:10:48 | 000,000,328 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\koBStol6HR6DsD [2012.02.15 02:23:11 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.15 02:23:11 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll [2011.12.02 08:30:03 | 000,000,143 | -H-- | C] () -- C:\WINDOWS\SCNDRVU.INI [2011.07.07 22:43:57 | 000,253,432 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.06.05 16:38:19 | 000,178,176 | -H-- | C] () -- C:\WINDOWS\System32\StellarProfile.dll [2011.06.05 16:38:19 | 000,000,070 | -H-- | C] () -- C:\WINDOWS\spwdrhag.INI [2011.01.24 20:36:14 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\muveeapp.INI [2010.12.06 19:19:19 | 000,000,144 | -H-- | C] () -- C:\WINDOWS\Pcfk32.INI [2010.11.30 09:23:34 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\Menu.INI [2010.10.21 14:19:42 | 000,208,896 | -H-- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2010.10.21 14:18:46 | 000,303,104 | -H-- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll [2010.10.21 14:16:58 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll [2010.10.21 14:16:34 | 000,086,016 | -H-- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll [2010.03.08 20:35:44 | 000,076,800 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV84.sys [2010.03.05 02:12:57 | 000,101,612 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat ========== LOP Check ========== [2005.10.12 10:47:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX [2012.03.01 22:43:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Zeon [2006.12.06 00:41:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2011.06.12 12:42:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AllDup [2010.04.26 09:14:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BIFAB [2010.11.29 16:22:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve [2011.07.01 20:59:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DYMO [2008.06.09 22:03:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay [2010.05.31 20:41:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2010.11.29 16:28:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exLexware [2005.10.09 13:49:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2010.04.15 08:27:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2009.03.12 07:48:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2009.07.09 22:54:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2006.12.05 21:37:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iOpus-i-M [2010.07.10 11:27:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jtl-software [2012.02.21 09:57:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware [2012.02.29 04:05:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LogMeIn [2011.03.25 23:39:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor [2005.10.09 13:46:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\muvee Technologies [2008.11.15 08:30:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound [2008.09.10 20:16:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2010.08.27 10:51:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2008.10.28 21:34:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2011.05.15 18:14:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sync App Settings [2011.06.12 12:37:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.09.05 22:11:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2008.08.23 14:20:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010.12.09 00:05:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2008.10.20 19:02:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk [2005.10.18 14:28:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings [2008.01.09 21:45:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zeon [2009.04.04 13:29:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2010.04.14 13:43:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.10.31 19:25:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009.04.21 05:47:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2012.02.24 17:21:53 | 000,000,392 | -H-- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2008.04.03 23:37:25 | 000,000,000 | -H-D | M] -- C:\Brother [2008.01.09 22:19:52 | 000,000,000 | -H-D | M] -- C:\CanoScan [2012.02.20 20:38:56 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2012.02.29 18:18:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen [2009.11.24 10:22:59 | 000,000,000 | -H-D | M] -- C:\eka-euro-norm [2011.05.31 07:55:56 | 000,000,000 | -H-D | M] -- C:\eka-euro-norm-v2 [2009.11.24 10:22:59 | 000,000,000 | -H-D | M] -- C:\eka-euro-norm2 [2007.08.03 16:22:18 | 000,000,000 | -H-D | M] -- C:\EPSON [2011.06.12 12:37:48 | 000,000,000 | -H-D | M] -- C:\Log [2009.01.29 23:43:08 | 000,000,000 | -H-D | M] -- C:\logs [2007.07.31 21:55:34 | 000,000,000 | -H-D | M] -- C:\NVIDIA [2006.09.04 21:44:59 | 000,000,000 | -H-D | M] -- C:\Program Files [2011.12.22 09:32:53 | 000,000,000 | -H-D | M] -- C:\Programme [2005.12.06 01:13:51 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2005.12.06 01:08:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.12.16 10:44:38 | 000,000,000 | -H-D | M] -- C:\Temp [2008.03.30 00:44:59 | 000,000,000 | -H-D | M] -- C:\Treiber [2012.02.29 18:18:10 | 000,000,000 | -H-D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2004.08.04 13:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.09.04 23:16:17 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2004.08.04 13:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2008.09.04 23:16:17 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.13 19:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\agp440.sys [2008.04.13 19:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 13:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.09.04 23:16:17 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2004.08.04 13:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008.09.04 23:16:17 | 023,898,261 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.13 19:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\7d084ddd2c07c476a226e31c4ef032ff\atapi.sys [2008.04.13 19:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.04 13:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys [2004.08.03 21:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 03:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 03:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 13:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2004.08.04 13:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 14:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 03:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 14:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 03:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 03:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 13:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 03:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 03:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 13:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 19:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2007.03.08 16:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 19:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 13:00:00 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2007.03.08 16:48:39 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 03:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 03:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 03:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 03:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 13:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 13:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 03:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 13:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 13:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.10.08 23:51:04 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\System32\config\default.sav [2005.10.08 23:51:04 | 000,638,976 | -H-- | M] () -- C:\WINDOWS\System32\config\software.sav [2005.10.08 23:51:04 | 000,442,368 | -H-- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [13 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2012.03.01 06:25:41 | 002,097,152 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\NTUSER.DAT [2012.03.01 23:01:25 | 000,491,520 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.dat.LOG [2012.03.01 06:25:41 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Administrator\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.01.12 18:20:28 | 001,860,096 | -H-- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C3AE45C9 < End of report > |
|
01.03.2012, 23:18
| #4 |
| | Programm meldet HDD FEHLER extras:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 01.03.2012 22:53:05 - Run 1
OTL by OldTimer - Version 3.2.34.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,64 Gb Available Physical Memory | 81,88% Memory free
3,35 Gb Paging File | 3,22 Gb Available in Paging File | 95,93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 116,41 Gb Total Space | 8,43 Gb Free Space | 7,24% Space Free | Partition Type: NTFS
Drive D: | 107,91 Gb Total Space | 18,57 Gb Free Space | 17,21% Space Free | Partition Type: NTFS
Drive E: | 8,55 Gb Total Space | 2,09 Gb Free Space | 24,43% Space Free | Partition Type: FAT32
Drive G: | 6,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 121,85 Mb Total Space | 92,10 Mb Free Space | 75,58% Space Free | Partition Type: FAT
Drive I: | 960,72 Mb Total Space | 959,30 Mb Free Space | 99,85% Space Free | Partition Type: FAT
Computer Name: LEMMY30 | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\8.0\ACDSee8.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bildübersicht mit PhotoLine...] -- "C:\Programme\PhotoLine\PhotoLine.exe" -browse "%L" (Computerinsel GmbH)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"13330:UDP" = 13330:UDP:LocalSubNet:Enabled:ISDN B1
"13331:UDP" = 13331:UDP:LocalSubNet:Enabled:ISDN B2
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"56565:TCP" = 56565:TCP:*:Enabled:toto
"56565:UDP" = 56565:UDP:*:Enabled:totu
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\AOL.exe" = %ProgramFiles%\AOL 9.0\AOL.exe:*:enabled:AOL 9.0
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
"%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:Enabled:AOL
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Programme\Lexmark 3500-4500 Series\app4r.exe" = C:\Programme\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%WinDir%\system32\fxsclnt.exe" = %WinDir%\system32\fxsclnt.exe:*:enabled:Microsoft Fax Console -- (Microsoft Corporation)
"%ProgramFiles%\CA\eTrust Antivirus\InocIT.exe" = %ProgramFiles%\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner
"%ProgramFiles%\CA\eTrust Antivirus\Realmon.exe" = %ProgramFiles%\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor
"%ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe" = %ProgramFiles%\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server
"C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe" = C:\Programme\Home Cinema\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\Home Cinema\PowerCinema\PCMService.exe" = C:\Programme\Home Cinema\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Lemmy\Eigene Dateien\dream\Totalcmd.exe" = C:\Dokumente und Einstellungen\Lemmy\Eigene Dateien\dream\Totalcmd.exe:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows
"C:\Dokumente und Einstellungen\Lemmy\Eigene Dateien\dream\DCC\DCC.exe" = C:\Dokumente und Einstellungen\Lemmy\Eigene Dateien\dream\DCC\DCC.exe:*:Enabled:Dreambox Control Center
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
"C:\Programme\Total.Commander.6.54a\TOTALCMD.EXE" = C:\Programme\Total.Commander.6.54a\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Programme\Java\jre1.5.0_04\bin\javaw.exe" = C:\Programme\Java\jre1.5.0_04\bin\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\USB Server\USBServer.exe" = C:\Programme\USB Server\USBServer.exe:*:Enabled:USBServer
"C:\Programme\T-Eumex KommunikationsCenter\Fax.exe" = C:\Programme\T-Eumex KommunikationsCenter\Fax.exe:*:Enabled:Fax
"C:\Programme\T-Eumex KommunikationsCenter\Wahlhilfe.exe" = C:\Programme\T-Eumex KommunikationsCenter\Wahlhilfe.exe:*:Enabled:Wahlhilfe
"C:\Programme\T-Eumex KommunikationsCenter\EuroFile.exe" = C:\Programme\T-Eumex KommunikationsCenter\EuroFile.exe:*:Enabled:Eurofile
"C:\Programme\TeamViewer3\TeamViewer.exe" = C:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"F:\fsetup.exe" = F:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Programme\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor
"C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Programme\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Device Monitor Application
"C:\WINDOWS\system32\lxdicfg.exe" = C:\WINDOWS\system32\lxdicfg.exe:*:Enabled:Printer Communication System
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:Printer Status Window Interface
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface
"C:\Programme\Lexmark 3500-4500 Series\App4R.exe" = C:\Programme\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Printing Application
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Free Dream TV\freedreamtv.exe" = C:\Programme\Free Dream TV\freedreamtv.exe:*:Enabled:free-dream-tv
"C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Disabled:3500-4500 Series Server
"C:\Programme\T-Eumex KommunikationsCenter\Anrufbeantworter.exe" = C:\Programme\T-Eumex KommunikationsCenter\Anrufbeantworter.exe:*:Disabled:Anrufbeantworter
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Disabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Disabled:Windows Live Messenger (Phone)
"C:\Programme\T-Eumex KommunikationsCenter\SMS.exe" = C:\Programme\T-Eumex KommunikationsCenter\SMS.exe:*:Disabled:sms
"C:\Dokumente und Einstellungen\Lemmy\Desktop\SS\DreamUP_1_3_3_5.exe" = C:\Dokumente und Einstellungen\Lemmy\Desktop\SS\DreamUP_1_3_3_5.exe:*:Enabled:DreamUP_1_3_3_5 -- (Dream Multimedia TV)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\uTorrent\utorrent.exe" = C:\Programme\uTorrent\utorrent.exe:*:Enabled:µTorrent -- ()
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Dokumente und Einstellungen\Lemmy\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Lemmy\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Seagate\BlackArmor Discovery\BlackArmor Discovery.exe" = C:\Programme\Seagate\BlackArmor Discovery\BlackArmor Discovery.exe:*:Enabled:BlackArmor Discovery Application -- ()
"C:\Dokumente und Einstellungen\Lemmy\Desktop\SS\DreamUP.exe" = C:\Dokumente und Einstellungen\Lemmy\Desktop\SS\DreamUP.exe:*:Enabled:DreamUP -- (Dream Multimedia TV)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (JTLWAWI)
"{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0FDB2D25-D880-4E10-868F-8C64EFE155F1}" = G Data AntiVirus
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7D6052-9A0A-449D-9DFA-93490AAB6627}" = AUTOHAUS iSaver
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{22B30A01-EAE6-42D4-A6D1-579CF89C6C33}" = CardMinder V3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{40A6C96D-808E-41DD-8716-617AB6B0F1F1}" = Brother MFL-Pro Suite
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4837718C-5B6E-4496-B283-FFFB5A937825}" = ABBYY PDF Transformer 1.0
"{4C4DC88C-1C41-457C-BB14-9FAE6E3CEFBD}" = Lexware faktura+auftrag 2011
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{4F288512-AD65-4699-AEA0-80DE9D3A5FC0}" = PureSync
"{5490B6EF-5A48-40B7-A9E0-D3B886D17A29}" = RT2500 USB Wireless LAN Card
"{573D322C-DC93-4D80-BBA1-F896EA47A6D4}" = VIGeo
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Foto 2006 Standard Edition Editor
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65179FD8-04C0-40A7-87FC-007F2CD5BF1E}" = LogMeIn
"{67EC0AB2-8CF7-4415-9F70-7FBC593C0D5E}" = ScanSoft PDF Create! 4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6B4DAD2F-38F5-4F2A-87BF-924B175A38F3}" = CD/DVD Label Printer LPCW-100
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DF7E5DC-76AC-4B3A-AD90-A19D60C9C195}" = i-Studio
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77077FFF-8831-470F-9627-E86F06A50CCD}" = Avery Wizard 3.1
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Pro Trial
"{80A97464-A741-44B0-8AD6-0C16B1FEF7F6}" = Norton Security Scan
"{83ED1E80-A1B7-4236-BCF1-AC4A88151A6B}" = Microsoft AutoRoute 2006
"{84713778-D9A9-4130-A811-DF3187827B05}" = LogMeIn
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B4AEA15-7FEB-45F8-A92D-12EC0D3985F7}" = ArcSoft BizScanner
"{8E79F5DD-4A0A-452B-B3F8-0651E4D24854}" = Media Player Utilities 5.22
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{916800EA-DDA2-4C5E-96F2-811F3F7C4258}" = Total Commander 6.54a
"{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"{93B104F0-1AFA-4BBD-B95E-9EA4F9F5AD41}" = DHL Versandhelfer
"{940E5FC0-CF77-4DDC-B3CA-D6A288775714}" = Brother Peer to Peer Print (NetBIOS) 1.16
"{97A4D873-47B9-454A-A567-8AFF41C07155}" = EasyRecovery DataRecovery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA2E6BFE-4351-481C-A720-47CB3506570B}" = ACDSee 8
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A80000000002}" = Adobe Reader 8 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B338EA45-9F18-4FE4-A079-89668D1F6519}" = USB Wireless Keyboard Driver
"{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition
"{BD60F72D-3F1F-4AE1-9C41-3CF75B2CA59A}" = DVR-Studio Pro
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam-Software
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C82185E8-C27B-4EF4-2009-2222BC2C2B6D}" = Microsoft MapPoint Europa 2009
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4F2AFD3-0167-4464-B92F-78AB6DA8A0AA}" = CardMinder V3.2
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.7
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9FC7AE6-75D3-4626-9362-763448C3DC1D}" = ScanSnap Organizer
"{EC1F15E1-F3CC-46EE-B7A5-849A08ED60DC}}_is1" = PantsOff 2.0
"{EDB48341-4AA8-48A6-941E-5B335C88FD85}" = BizCard P1 Series Driver
"{EDB96061-D42C-4782-A436-EC873B465CC5}" = COMPUTERBILD Scareware-Check
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F663C1B3-DF22-6ED0-542A-356360689781}" = Versandhelfer
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AllDup_is1" = AllDup 3.3.14
"Allway Sync_is1" = Allway Sync version 11.2.2
"AviSynth" = AviSynth 2.5
"AVMFBox" = AVM FRITZ!Box Dokumentation
"Biet-O-Matic v2.3.0" = Biet-O-Matic v2.3.0
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Windows-Treiberpaket - Nokia Modem (03/05/2008 3.7)
"CDN ebay Kostenkalkulator" = CDN ebay Kostenkalkulator 1.4.7
"CloneCD" = CloneCD
"C-Media Card Reader Driver USB2.0" = C-Media Card Reader Driver USB2.0
"C-Media USB2.0 Card Reader" = C-Media USB2.0 Card Reader
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Complitly_is1" = Complitly
"Core FTP LE 2.1" = Core FTP LE 2.1
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"Creatix V.92 Data Fax Modem" = Creatix V.92 Data Fax Modem
"DATA BECKER - Die große CD-Druckerei" = DATA BECKER - Die große CD-Druckerei
"dpdhl.versandhelfer" = Versandhelfer
"DreamBoxEdit" = DreamBoxEdit -- The one and only settings editor for your Dreambox
"DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5_is1" = DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.0.7.6
"DYMO Label Software" = DYMO Label Software
"DYMO Label v.8" = DYMO Label v.8
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Windows-Treiberpaket - Nokia Modem (03/13/2008 6.86.0.1)
"Easy Real Converter_is1" = Easy Real Converter V1.25
"EditPlus 3" = EditPlus 3
"ekaABS" = ekaABS
"ekaPLAN-Euro" = ekaPLAN-Euro
"Emsisoft Anti-Malware_is1" = Emsisoft Anti-Malware 5.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ExpressBurn" = Express Burn
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.8
"Free Monitor for Google_is1" = Free Monitor for Google 2.5
"Free YouTube Download_is1" = Free YouTube Download version 2.10.33.324
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.13.1123
"FRITZ!DSL" = AVM FRITZ!DSL
"Hardcopy(C__Programme_Hardcopy)" = Hardcopy (C:\Programme\Hardcopy)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IIM5_is1" = iMacros V5.21
"ImgBurn" = ImgBurn
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{91BF142C-E8C0-4279-A98D-A61A4404CF56}" = Duden Korrektor
"InstallShield_{97A4D873-47B9-454A-A567-8AFF41C07155}" = EasyRecovery DataRecovery
"InstallShield_{B52480BF-CCED-4DD4-8DC2-28BB750D703E}" = BlackArmor Discovery
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.4
"LetsTrade" = LetsTrade Komponenten
"Magic RM RAM to MP3 Converter_is1" = Magic RM RAM to MP3 Converter 3.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MedionVFD" = Medion Info Display
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mmswitch" = Morgan Stream Switcher
"Moo0 FontViewer" = Moo0 FontViewer 1.05
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"OggDS" = Direct Show Ogg Vorbis Filter (remove only)
"PhotoLine_is1" = PhotoLine, Version 14.51
"PhotoScape" = PhotoScape
"PictureItPrem_v11" = Microsoft Foto 2006 Standard Edition
"PureSync" = PureSync 3.1.3
"QcDrv" = Logitech® Camera-Treiber
"RealAlt_is1" = Real Alternative 1.60 Lite
"RealPlayer 6.0" = RealPlayer
"Slp32V4" = Smart Label Printer
"SopCast" = SopCast 3.2.9
"SoundTap" = SoundTap Streaming Audio Recorder
"Stellar Phoenix Windows Data Recovery-Home_is1" = Stellar Phoenix Windows Data Recovery-Home
"TeamViewer 4" = TeamViewer 4
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"UseNeXT_is1" = UseNeXT
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.4
"VobSub" = VobSub v2.23 (Remove Only)
"WavePad" = WavePad Sound Editor
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinEject" = WinEject
"WinMerge_is1" = WinMerge 2.10.2.0
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"X10Hardware" = X10 Hardware(TM)
"Xilisoft AVI to DVD Converter 6" = Xilisoft AVI to DVD Converter 6
"Xilisoft Video Converter Ultimate 6" = Xilisoft Video Converter Ultimate 6
"XviD_is1" = XviD MPEG-4 Video Codec
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
02.03.2012, 13:11
| #5 |
| /// Malware-holic | Programm meldet HDD FEHLERCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2012, 11:17
| #6 |
| | Programm meldet HDD FEHLER Hallo, Combofix meldet 2 Virusscanner, aber es ist keiner in der Taskleiste und keiner in den laufenden Programmen!?! Wie kann ich diese dann abstellen? Gruß slemmy |
|
03.03.2012, 11:27
| #7 |
| /// Malware-holic | Programm meldet HDD FEHLER einfach ok klicken, dann sollte es weiter gehen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Linear-Darstellung
