Windows XP (32-bit) extrem langsam

FritzPhantom · 06.06.2012, 12:40

Guten Tag allerseits!

Ich sitze an einem ca. 5 Jahre altem Rechner .. oder nicht älter? Ich weiss es nicht genau.
Norton war über die Jahre stets mit dem aktuellen Virenscanner installiert.
Die Kiste läuft aber seit geraumer Zeit sehr langsam (und damit meine ich wirklich sehr langsam. Um nach dem Hochfahren z.B. Firefox starten zu können benötigte ich 5 Minuten). Auch wenn ich z.B. eine Datei in einem Email öffnen will, kann das einige Minuten dauern, bis ich damit was anfangen kann. Ich schicke nacher noch einige Logs nach.

defogger wurde installiert und disable-Button gedrückt.

OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 06.06.2012 13:44:33 - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Dokumente und Einstellungen\HansMustermann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
479.48 Mb Total Physical Memory | 66.64 Mb Available Physical Memory | 13.90% Memory free
1.09 Gb Paging File | 0.58 Gb Available in Paging File | 52.97% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.52 Gb Total Space | 29.88 Gb Free Space | 40.10% Space Free | Partition Type: NTFS
 
Computer Name: HANSMUSTERMANN-4F3F7B73 | User Name: HansMustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.06 13:43:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\OTL.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe
PRC - [2012.02.21 16:50:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.23 14:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004.07.16 15:48:42 | 001,163,378 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.21 16:50:34 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe -- (NAV)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 04:23:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2008.02.01 14:09:37 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.08.23 14:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.08.23 14:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 14:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2006.03.12 01:10:41 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004.07.16 15:48:42 | 001,163,378 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\easdrv.sys -- (easdrv)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\eamon.sys -- (eamon)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - [2012.05.31 16:43:41 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.31 16:43:41 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.16 16:23:45 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120605.040\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 16:23:45 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120605.040\NAVENG.SYS -- (NAVENG)
DRV - [2012.04.28 02:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120605.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.04.03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.03.29 08:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 08:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012.03.29 08:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012.03.29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012.03.29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012.03.27 13:06:23 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.30 00:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ccsetx86.sys -- (ccSet_NAV)
DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symds.sys -- (SymDS)
DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2005.11.04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004.08.04 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004.08.04 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004.07.16 15:57:12 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004.07.16 15:53:54 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004.07.16 15:53:14 | 000,092,672 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004.06.21 10:53:20 | 000,626,204 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 05:08:52 | 000,400,384 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {53065D09-6285-4A0C-BB55-6711C27D4049}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{53065D09-6285-4A0C-BB55-6711C27D4049}: "URL" = hxxp://www.google.ch/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: {526fd696-27a0-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.03.03 18:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.21 16:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.23 17:47:44 | 000,000,000 | ---D | M]
 
[2009.08.02 23:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Extensions
[2008.06.27 23:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2009.08.02 23:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2012.05.31 16:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions
[2011.12.08 18:01:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008.01.20 22:03:02 | 000,000,000 | ---D | M] (BlackAqua) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{0648699b-b886-4011-99d4-04f1de459696}
[2011.03.26 12:28:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.26 12:28:01 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2008.01.20 22:01:43 | 000,000,000 | ---D | M] (OSU_Black) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{4520cd5e-a360-11dc-8314-0800200c9a66}
[2008.06.17 17:49:47 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2008.01.20 22:01:25 | 000,000,000 | ---D | M] (BloodFire) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2011.03.26 12:27:50 | 000,000,000 | ---D | M] (Aquatint Slate) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2011.03.26 12:27:48 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008.01.03 22:17:07 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2010.08.07 13:26:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.20 16:26:29 | 000,000,000 | ---D | M] (PitchDark) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2007.10.23 21:13:53 | 000,000,000 | ---D | M] ("FireHawke 3D") -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{d8646e86-22ba-4f3d-8751-23c723ebd7b9}
[2011.03.26 12:28:00 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\extension@virtusdesigns.com
[2011.03.26 12:27:53 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\redshift_V2@shift-themes.com
[2011.03.26 12:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\extension@virtusdesigns.com\chrome
[2011.03.26 12:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011.03.26 12:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2008.10.02 21:47:43 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\searchplugins\winamp-search.xml
[2012.03.03 17:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.23 17:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.10.23 17:47:52 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012.05.01 20:59:27 | 000,563,466 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HANSMUSTERMANN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\7Z31OZBP.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.02.21 16:50:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.21 16:50:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.21 16:50:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.21 16:50:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.21 16:50:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 16:50:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 16:50:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"hxxp://services.bluewin.ch/jass/applikation_de.php" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: rare = C:\Programme\Video ActiveX Access\imsmain.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135927280267 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EFE857A-B7DA-4FE1-AC0F-923C95C5C010}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - equiparant - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HansMustermann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HansMustermann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.30 08:28:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{285e303c-98d9-11da-8619-0040ca88bc6f}\Shell\AutoRun\command - "" = E:\ctfmon.exe
O33 - MountPoints2\{285e303c-98d9-11da-8619-0040ca88bc6f}\Shell\open\command - "" = E:\ctfmon.exe
O33 - MountPoints2\{c133f270-7cdc-11de-8fbe-0040ca88bc6f}\Shell - "" = AutoRun
O33 - MountPoints2\{c133f270-7cdc-11de-8fbe-0040ca88bc6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c133f270-7cdc-11de-8fbe-0040ca88bc6f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.06 13:43:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\OTL.exe
[2012.05.17 15:52:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.06 13:43:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\OTL.exe
[2012.06.06 13:41:40 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\HansMustermann\defogger_reenable
[2012.06.06 13:36:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.06 13:34:59 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\Defogger.exe
[2012.06.06 13:33:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.06 11:47:45 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.06 11:47:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012.06.06 11:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.04 22:38:43 | 000,685,857 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307010.005\Cat.DB
[2012.06.03 18:00:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HansMustermann.job
[2012.06.01 13:01:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.05.24 12:50:07 | 000,001,840 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton AntiVirus.LNK
[2012.05.24 12:48:51 | 000,008,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307010.005\VT20120410.034
[2012.05.22 19:48:52 | 000,452,436 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.22 19:48:52 | 000,435,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.22 19:48:52 | 000,081,394 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.22 19:48:52 | 000,068,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.13 09:47:36 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307010.005\isolate.ini
[2012.05.09 12:03:40 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.08 22:50:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.06 13:41:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\HansMustermann\defogger_reenable
[2012.06.06 13:34:52 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\Defogger.exe
[2012.02.15 13:11:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
 
========== LOP Check ==========
 
[2008.12.27 21:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2009.01.07 21:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2008.02.08 21:04:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2008.07.07 14:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.02.13 15:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006.01.28 01:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\DownloadManager
[2010.08.07 13:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.06.20 17:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Facebook
[2011.01.03 16:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\FileZilla
[2010.04.23 16:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Information Factory
[2010.04.07 20:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\MSNInstaller
[2009.01.15 19:35:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\OpenOffice.org
[2008.06.27 23:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Participatory Culture Foundation
[2008.06.27 23:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\PCF-VLC
[2006.09.08 17:58:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\PDFCreator
[2007.05.05 15:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\SealedMedia
[2007.09.17 20:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\uTorrent
[2012.06.06 11:47:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.06.2012 13:44:34 - Run 1
OTL by OldTimer - Version 3.2.46.1     Folder = C:\Dokumente und Einstellungen\HansMustermann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
479.48 Mb Total Physical Memory | 66.64 Mb Available Physical Memory | 13.90% Memory free
1.09 Gb Paging File | 0.58 Gb Available in Paging File | 52.97% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.52 Gb Total Space | 29.88 Gb Free Space | 40.10% Space Free | Partition Type: NTFS
 
Computer Name: HANSMUSTERMANN-4F3F7B73 | User Name: HansMustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\p2pnetworks\p2pnetworks.exe" = C:\Programme\p2pnetworks\p2pnetworks.exe:*:Enabled:P2PNetworks
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\UnrealTournament\System\UnrealTournament.exe" = C:\UnrealTournament\System\UnrealTournament.exe:*:Disabled:UnrealTournament
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Dokumente und Einstellungen\HansMustermann\Eigene Dateien\Manuel\utorrent.exe" = C:\Dokumente und Einstellungen\HansMustermann\Eigene Dateien\Manuel\utorrent.exe:*:Enabled:µTorrent
"C:\Programme\SPSSInc\SPSS16DE\spss.com" = C:\Programme\SPSSInc\SPSS16DE\spss.com:*:Disabled:SPSS 16.0 fÃ¼r Windows (1031:com)
"C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1031)
"C:\Programme\SPSSInc\SPSS16DE\spss.exe" = C:\Programme\SPSSInc\SPSS16DE\spss.exe:*:Disabled:SPSS 16.0 fÃ¼r Windows (1031:exe)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood
"C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:*:Enabled: 
"C:\Programme\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe" = C:\Programme\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*:Enabled:Miro_Downloader
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{168CD9DA-9C2C-458C-8539-C4C9DA005902}" = Default
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8863EFF-DD77-44BA-8843-D2A7ECDD2CE3}" = SealedMedia Unsealer 5.2.24
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"Data Access Objects (DAO) 3.0" = Data Access Objects (DAO) 3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fonts CH-Line" = Fonts CH-Line
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LehrerOffice_is1" = LehrerOffice
"Macmillan English Dictionary" = Macmillan English Dictionary
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NAV" = Norton AntiVirus
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Security Task Manager" = Security Task Manager 1.7f
"Shockwave" = Shockwave
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6
"VTDisplay" = S3 S3Display
"VTHansMustermann2" = S3 S3HansMustermann2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.06.2012 05:48:02 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:03 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:04 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:05 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:06 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:07 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:08 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:09 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:10 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
 Win32 error: Das System kann die angegebene Datei nicht finden.  
 
[ System Events ]
Error - 05.06.2012 05:59:33 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Automatisches
 LiveUpdate - Scheduler.
 
Error - 05.06.2012 05:59:33 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 05.06.2012 05:59:33 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eamon" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 05.06.2012 05:59:35 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   easdrv  epfwtdir
 
Error - 05.06.2012 05:59:42 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{6476E16F-17E5-4BFD-86E0-EAB51011A534}" kann nicht
 zu dem Router-Manager für das Protokoll IP hinzugefügt werden.  Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Automatisches
 LiveUpdate - Scheduler.
 
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eamon" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 06.06.2012 05:48:12 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   easdrv  epfwtdir
 
Error - 06.06.2012 05:48:19 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{6476E16F-17E5-4BFD-86E0-EAB51011A534}" kann nicht
 zu dem Router-Manager für das Protokoll IP hinzugefügt werden.  Fehler: Die Funktion
 kann nicht abgeschlossen werden.  
 
 
< End of report >

--- --- ---

hier noch das Gmer-Logfile.
Sorry für die Verspätung, aber der Scan dauerte mehr als eine Stunde.

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-06 15:45:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJC0 rev.05.01C05
Running: ro0psjms.exe; Driver: C:\DOKUME~1\***~1\LOKALE~1\Temp\ffdiykow.sys


---- System - GMER 1.0.15 ----

SSDT            84AD5D10                                                                                    ZwAlertResumeThread
SSDT            84AD5DA8                                                                                    ZwAlertThread
SSDT            84AFC730                                                                                    ZwAllocateVirtualMemory
SSDT            84D52FD0                                                                                    ZwAssignProcessToJobObject
SSDT            853785A0                                                                                    ZwConnectPort
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwCreateKey [0xF526FD40]
SSDT            84D17FC0                                                                                    ZwCreateMutant
SSDT            84D52E10                                                                                    ZwCreateSymbolicLinkObject
SSDT            84AD48A8                                                                                    ZwCreateThread
SSDT            84D47EB0                                                                                    ZwDebugActiveProcess
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteKey [0xF526FFC0]
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwDeleteValueKey [0xF5270680]
SSDT            84D3AE00                                                                                    ZwDuplicateObject
SSDT            84D4AE28                                                                                    ZwFreeVirtualMemory
SSDT            84D25DE0                                                                                    ZwImpersonateAnonymousToken
SSDT            84D2BF48                                                                                    ZwImpersonateThread
SSDT            85302C78                                                                                    ZwLoadDriver
SSDT            84D48F28                                                                                    ZwMapViewOfSection
SSDT            84D17EE0                                                                                    ZwOpenEvent
SSDT            84AD4820                                                                                    ZwOpenProcess
SSDT            84AFC820                                                                                    ZwOpenProcessToken
SSDT            84D09B60                                                                                    ZwOpenSection
SSDT            84D3AEF0                                                                                    ZwOpenThread
SSDT            84D52F00                                                                                    ZwProtectVirtualMemory
SSDT            84D37ED8                                                                                    ZwResumeThread
SSDT            84D4BEE0                                                                                    ZwSetContextThread
SSDT            84D4BF80                                                                                    ZwSetInformationProcess
SSDT            84D47F90                                                                                    ZwSetSystemInformation
SSDT            \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)  ZwSetValueKey [0xF5270910]
SSDT            850BF9F8                                                                                    ZwSuspendProcess
SSDT            84D4FD20                                                                                    ZwSuspendThread
SSDT            84D3EDF0                                                                                    ZwTerminateProcess
SSDT            84D4DD00                                                                                    ZwTerminateThread
SSDT            84D48E68                                                                                    ZwUnmapViewOfSection
SSDT            84D4AF18                                                                                    ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

?               SYMDS.SYS                                                                                   Das System kann die angegebene Datei nicht finden. !
?               SYMEFA.SYS                                                                                  Das System kann die angegebene Datei nicht finden. !
init            C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                    entry point in "init" section [0xF64EF900]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                    SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                   SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                   SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                 SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

--- --- ---

cosinus · 08.06.2012, 13:32

Zitat:

479.48 Mb Total Physical Memory

Mit sowenig Arbeitsspeicher läuft ein WinXP auch nicht besonders schnell
Ansonsten => http://www.trojaner-board.de/71631-p...samer-tun.html

FritzPhantom · 09.06.2012, 15:42

Alles klar ... dann ist es also der Arbeitsspeicher.

Was meinst du mit "ansonsten"? Wird durch das Abhandeln der 5 Punkte in deinem Link der Arbeitsspeicher vergrössert?
Oder kann man da sonst was machen?

cosinus · 10.06.2012, 00:16

Zitat:

Wird durch das Abhandeln der 5 Punkte in deinem Link der Arbeitsspeicher vergrössert?

Die Frage kannst du nicht ernst meinen

Oder hast du wirklich keine Ahnung was Arbeitsspeicher ist?

FritzPhantom · 11.06.2012, 14:23

Ich dachte, hier stelle ich die Fragen

Nun ist es so, da ich grundsätzlich nicht ein grosser PC-Freak bin, ich kenne die Tastatur und komme gerade mit Excel und Word zurecht

Im Ernst, ich denke, das ist der Speicher, der für die gerade laufenden Programme benötigt wird ...

Aber mein Rechner muss doch mehr als nur ~500Mb hergeben

Malewarebytes hat zudem gerade noch 9 Sachen entdeckt, die ich in Quarantäne gesteckt habe ...

Sollte man die Kiste neu aufsetzen?

cosinus · 11.06.2012, 15:40

Zitat:

Aber mein Rechner muss doch mehr als nur ~500Mb hergeben

Woher soll ich wissen wieviel RAM wirklich in deinem Rechner steckt, ich kann doch auch nur wiedergeben was im OTL-Log steht! Und da sind es mikrige ~480 MB!

FritzPhantom · 11.06.2012, 16:49

Hmmm tatsächlich sind es nur 480 Mb ... Habe unter System nachgeschaut.
Trotzdem komisch dass man vor rund einem Jahr noch iTunes laufen lassen konnte und neben bei problemlos 4-5 Programme offen haben konnte und es lief eingetlich ruckelfrei ...

cosinus · 11.06.2012, 20:21

Heutige Anwendungen sind halt speicherlastig...
Selbst günstige neue Rechner und auch Notebooks haben 4 GB RAM, eher mehr

11.06.2012, 20:21	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Windows XP (32-bit) extrem langsam Heutige Anwendungen sind halt speicherlastig... Selbst günstige neue Rechner und auch Notebooks haben 4 GB RAM, eher mehr __________________ Logfiles bitte immer in CODE-Tags posten

Windows XP (32-bit) extrem langsam

Log-Analyse und Auswertung: Windows XP (32-bit) extrem langsam