![]() |
|
Log-Analyse und Auswertung: DVU-Trojaner hat auch mich erwischt - ist alles weg ?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() DVU-Trojaner hat auch mich erwischt - ist alles weg ? Tag zusammen, ich habe mir heute gegen 10:00 h wohl auch den DVU - Trojaner eingehandelt. Nichts ging mehr. Nicht mal abgesicherter Modus (Win XP Prof.). 1. Schritt: Avira Rescue Disc - FEHLANZEIGE 2. Schritt: Kaspersky Notfall CD 10 - TEILERFOLG 3. Schritt: Ich konnte erkennen, dass es sich eigentlich nur um eine grafische Oberflche handelt, die automatisch startet und auch nur vollständig erscheint, wenn Verbindung ins WWW besteht. Auf X - Versuche Klammergriff dann eine erste Reaktion - ich konnte im Taskmanager in die Prozesse wechseln und alles einzeln beenden 4. Schritt: malwarebytes Anti-Malware gedownt - prima, alles scheint wie vor dem Angriff - *freu* 5. Schritt: Rat hier im Forum befolgt und Defogger installiert: CODE: defogger_disable by jpshortstuff (23.02.10.1) Log created at 15:18 on 11/01/2013 (*****) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- 6. Schritt: OTL installiert und gescannt CODE "OTL.txt": OTL logfile created on: 11.01.2013 15:26:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 82,26% Memory free 5,34 Gb Paging File | 4,75 Gb Available in Paging File | 89,07% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 100,01 Gb Total Space | 70,87 Gb Free Space | 70,86% Space Free | Partition Type: NTFS Drive D: | 365,75 Gb Total Space | 144,48 Gb Free Space | 39,50% Space Free | Partition Type: NTFS Computer Name: ****-PC | User Name: *****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.11 15:21:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.27 18:51:00 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.14 19:24:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 19:24:04 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.14 19:24:04 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.05.14 19:24:02 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 19:24:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.18 10:44:32 | 002,057,048 | ---- | M] (Tobit.Software) -- D:\Tobit Radio.fx\Client\rfx-tray.exe PRC - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2010.06.07 12:51:24 | 000,138,752 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010.05.14 11:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2008.06.15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2008.04.14 15:35:46 | 001,519,616 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\Scheduled.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.06.28 08:40:33 | 000,077,824 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\TV Tuner Card Utilities\HMCP3XCtl.exe PRC - [2001.12.20 09:42:00 | 000,035,328 | ---- | M] (Logitech Inc. ) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE PRC - [2001.12.20 01:59:00 | 000,204,800 | ---- | M] (Logitech Inc. ) -- C:\Programme\Logitech\iTouch\iTouch.exe PRC - [2001.12.20 01:59:00 | 000,139,264 | ---- | M] () -- C:\Programme\Logitech\iTouch\KbdTray.exe PRC - [2001.11.07 11:59:06 | 000,086,016 | ---- | M] (MusicMatch) -- C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe PRC - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe PRC - [2000.07.06 21:12:18 | 000,032,768 | R--- | M] () -- C:\WINDOWS\twain_32\D66U\D066UUTY.EXE ========== Modules (No Company Name) ========== MOD - [2012.07.31 02:08:04 | 000,016,872 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll MOD - [2012.05.14 19:24:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.01.26 12:39:32 | 009,560,576 | ---- | M] () -- D:\Tobit Radio.fx\Client\tobitclt.dll MOD - [2012.01.26 11:13:36 | 000,215,552 | ---- | M] () -- D:\Tobit Radio.fx\Client\rfx-client$.ger MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU MOD - [2008.11.12 14:54:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll MOD - [2008.06.15 14:34:20 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2008.04.14 15:35:46 | 001,519,616 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\Scheduled.exe MOD - [2008.04.14 06:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.06.28 08:40:33 | 000,077,824 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\TV Tuner Card Utilities\HMCP3XCtl.exe MOD - [2003.09.10 04:42:28 | 000,045,056 | ---- | M] () -- C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\kwspnd.dll MOD - [2001.12.20 01:59:00 | 000,139,264 | ---- | M] () -- C:\Programme\Logitech\iTouch\KbdTray.exe MOD - [2000.07.06 21:12:18 | 000,032,768 | R--- | M] () -- C:\WINDOWS\twain_32\D66U\D066UUTY.EXE ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2013.01.09 10:17:32 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.05.14 19:24:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 19:24:04 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.14 19:24:02 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 19:24:02 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.26 15:08:56 | 003,665,752 | ---- | M] () [Auto | Stopped] -- D:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx) SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2008.12.05 17:25:10 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.06.15 14:34:20 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.05.14 19:24:08 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.14 19:24:08 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 17:03:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.12.04 17:50:55 | 000,027,924 | ---- | M] (MusicMatch, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k) DRV - [2008.12.02 12:59:55 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.16 05:33:14 | 000,115,752 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 05:33:14 | 000,025,512 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 05:33:14 | 000,015,016 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 05:33:12 | 000,120,744 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 05:33:12 | 000,114,216 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 05:33:12 | 000,110,632 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 05:33:12 | 000,089,256 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.02.14 10:04:06 | 004,676,096 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2008.01.09 10:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2008.01.03 15:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.12.04 19:34:18 | 000,946,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.10.08 13:32:56 | 000,036,400 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lgtosync.sys -- (LGTO_Sync) DRV - [2007.08.29 03:04:04 | 000,116,264 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SI3112r.sys -- (SI3112r) DRV - [2007.08.29 03:04:04 | 000,019,240 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SiWinAcc.sys -- (SiFilter) DRV - [2005.04.07 16:18:34 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt) DRV - [2001.12.19 10:42:00 | 000,067,694 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2) DRV - [2001.12.19 10:42:00 | 000,022,206 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.sys -- (LHidFlt2) DRV - [2001.12.19 10:42:00 | 000,005,838 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2) DRV - [2001.12.17 10:42:00 | 000,039,932 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb) DRV - [2001.12.17 10:42:00 | 000,013,052 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr) DRV - [2001.12.17 10:42:00 | 000,010,496 | ---- | M] (Logitech Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) DRV - [2001.02.05 18:21:14 | 000,272,016 | R--- | M] (U.S. Robotics Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdxwmac.sys -- (wdxwmac) DRV - [2001.01.18 14:34:38 | 000,027,792 | R--- | M] (U.S. Robotics Corp) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ndiscapi.sys -- (NDISCAPI) DRV - [2001.01.18 14:34:38 | 000,026,064 | R--- | M] (U.S. Robotics Corp) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\capi.sys -- (CAPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {7AA7FB6A-67FC-4992-BA4F-C13EF6C14D34} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7AA7FB6A-67FC-4992-BA4F-C13EF6C14D34}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz= IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2010.05.04 18:26:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.04.21 16:12:52 | 000,000,000 | ---D | M] (Toolbar fuer eBay) -- C:\Programme\Mozilla Firefox\extensions\{000E148C-F7A7-445A-9044-93BF6CE09ECB} [1999.12.31 16:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll O1 HOSTS File: ([2007.07.27 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll () O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars\Toolbar fuer eBay\ebay.dll () O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [Corel Reminder] File not found O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\twain_32\D66U\D066UUTY.EXE () O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [MMTray] C:\Programme\MusicMatch\MusicMatch Jukebox\mm_tray.exe (MusicMatch) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. ) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe" File not found O4 - HKCU..\Run: [Center Agent] C:\Programme\MSI\TV@nywhere AD V1.1\HyperMediaCenter 3.5\DTVR\Scheduled.exe () O4 - HKCU..\Run: [hddhealth] C:\Programme\HDD Health\hddhealth.exe -wl File not found O4 - HKCU..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKCU..\Run: [rfxsrvtray] D:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\CAPI Tray.lnk = C:\Programme\U.S. Robotics ISDN Utilities\ccmon.exe (Sto//mann E+V GmbH ) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Remote Control.lnk = C:\Programme\MSI\TV@nywhere AD V1.1\TV Tuner Card Utilities\HMCP3XCtl.exe () O4 - Startup: C:\Dokumente und Einstellungen\Björn\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220467195744 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.30 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5BB7A547-4FB4-4FD5-BBCF-BA7017907C52}: DhcpNameServer = 192.168.0.30 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.12.28 20:46:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{532074be-b584-11dc-99d6-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{532074be-b584-11dc-99d6-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{532074be-b584-11dc-99d6-806d6172696f}\Shell\AutoRun\command - "" = E:\Programs\nu2menu\nu2menu.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.11 15:21:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2013.01.11 14:51:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Malwarebytes [2013.01.11 14:51:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.01.11 14:51:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.01.11 14:51:26 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.11 14:51:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.10 10:46:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\aicon [2013.01.10 10:46:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\@icon sushi [2013.01.09 11:17:51 | 000,000,000 | ---D | C] -- D:\Eigene Dateien\DVDVideoSoft [2013.01.09 11:17:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft [2013.01.09 11:17:38 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft [2013.01.09 11:17:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft [2010.05.04 20:18:09 | 002,921,383 | ---- | C] (Landesfinanzdirektion Thüringen) -- C:\Programme\uninstall.exe [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.11 15:21:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Björn\Desktop\OTL.exe [2013.01.11 15:17:28 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.11 15:16:56 | 000,203,520 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.01.11 15:16:53 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.11 15:16:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.11 15:13:16 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2013.01.11 15:11:25 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2013.01.11 14:59:05 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.11 14:52:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job [2013.01.11 14:51:28 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 15:37:39 | 000,111,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.01.10 10:49:02 | 000,000,479 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\E b a y.lnk [2013.01.10 10:46:42 | 000,000,534 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\@icon sushi.lnk [2013.01.10 10:36:19 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini [2013.01.09 17:29:24 | 000,479,082 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.09 17:29:24 | 000,437,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.09 17:29:24 | 000,092,232 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.09 17:29:24 | 000,069,400 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.09 13:44:14 | 000,032,411 | ---- | M] () -- C:\WINDOWS\SGTBox.INI [2013.01.09 11:17:46 | 000,000,912 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\DVDVideoSoft Free Studio.lnk [2013.01.09 11:17:46 | 000,000,765 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Free Audio CD to MP3 Converter.lnk [2013.01.09 10:08:38 | 000,016,960 | ---- | M] () -- D:\Eigene Dateien\camping_carnet09.pdf [2013.01.07 18:27:26 | 000,000,050 | ---- | M] () -- C:\WINDOWS\InfModM.ini [2013.01.06 12:40:22 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.12.31 17:31:32 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.12.30 12:53:34 | 000,000,694 | ---- | M] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Monatseinkommen 2013.lnk [2012.12.21 13:57:48 | 000,341,832 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.12.21 00:34:11 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.11 15:13:16 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\defogger_reenable [2013.01.11 15:11:18 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Defogger.exe [2013.01.11 14:51:28 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 10:46:42 | 000,000,534 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\@icon sushi.lnk [2013.01.10 10:34:15 | 000,000,479 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\E b a y.lnk [2013.01.09 11:17:46 | 000,000,912 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\DVDVideoSoft Free Studio.lnk [2013.01.09 11:17:46 | 000,000,765 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Free Audio CD to MP3 Converter.lnk [2013.01.09 10:08:38 | 000,016,960 | ---- | C] () -- D:\Eigene Dateien\camping_carnet09.pdf [2012.12.30 12:51:25 | 000,000,694 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Desktop\Monatseinkommen 2013.lnk [2012.02.15 16:36:05 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.04.09 17:14:35 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2010.05.04 20:18:09 | 000,000,564 | ---- | C] () -- C:\Programme\Uninstall ElsterFormular.lnk [2008.12.28 11:23:00 | 000,000,274 | ---- | C] () -- C:\Programme\PhonTool.ini [2008.12.28 11:23:00 | 000,000,109 | ---- | C] () -- C:\Programme\params.ini [2008.12.28 11:23:00 | 000,000,061 | ---- | C] () -- C:\Programme\wfcom.ini [2008.12.28 11:23:00 | 000,000,029 | ---- | C] () -- C:\Programme\whconfig.ini [2008.12.28 11:22:59 | 002,692,223 | ---- | C] () -- C:\Programme\userguide.pdf [2008.12.28 11:22:59 | 000,012,800 | ---- | C] () -- C:\Programme\liesmich.wri [2008.12.28 11:22:41 | 000,035,914 | ---- | C] () -- C:\Programme\modems.pac [2008.12.28 11:22:38 | 000,002,560 | ---- | C] () -- C:\Programme\wmodems.dat [2008.12.28 11:22:38 | 000,000,127 | ---- | C] () -- C:\Programme\custom.ini [2008.12.05 17:54:44 | 000,111,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.03 09:08:04 | 000,000,306 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\TV2.INI [2008.12.03 09:08:03 | 000,071,033 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KTVR1.chl [2008.12.03 09:08:03 | 000,000,149 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KTVR1.cfg [2008.12.03 09:03:59 | 000,000,881 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\PInfo.config [2008.12.03 09:03:59 | 000,000,038 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KAgent.cfg [2008.12.03 09:03:59 | 000,000,008 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\SPInfo.cfg [2008.12.02 12:55:40 | 000,000,313 | ---- | C] () -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\wincmd.ini ========== ZeroAccess Check ========== [2007.12.28 21:39:29 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.09.17 09:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2012.01.11 17:17:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2010.10.25 13:51:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.01.09 17:17:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.11.15 12:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PIXELA [2009.08.30 15:23:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2013.01.10 10:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\aicon [2008.10.18 14:08:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canneverbe_Limited [2013.01.09 13:45:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Canon [2009.11.15 13:47:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Cuttermaran [2009.01.09 00:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DataLayer [2010.01.11 20:50:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Desktopicon [2013.01.09 11:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\DVDVideoSoft [2012.01.11 16:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\elsterformular [2008.12.03 09:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\EPGData [2009.08.30 15:24:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\GHISLER [2010.04.16 16:05:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Helios [2008.12.03 12:54:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\KWorld Multimedia [2008.12.07 22:48:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Mp3tag [2008.12.03 08:39:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\MSI [2010.04.01 09:16:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Nokia [2008.12.04 16:51:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Opera [2009.01.09 17:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\PC Suite [2008.12.10 10:32:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\PersBackup [2010.10.07 20:17:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\R.4C [2009.09.17 09:42:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Sony [2011.04.09 17:15:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Tobit [2010.01.05 21:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Toolbars [2011.11.11 17:36:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\TS3Client [2008.08.14 20:44:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Windows Desktop Search [2008.10.18 14:36:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Björn\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > CODE "EXTRAS.txt" OTL Extras logfile created on: 11.01.2013 15:26:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Björn\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,88 Gb Available Physical Memory | 82,26% Memory free 5,34 Gb Paging File | 4,75 Gb Available in Paging File | 89,07% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 100,01 Gb Total Space | 70,87 Gb Free Space | 70,86% Space Free | Partition Type: NTFS Drive D: | 365,75 Gb Total Space | 144,48 Gb Free Space | 39,50% Space Free | Partition Type: NTFS Computer Name: *****-PC| User Name: *****| Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = Opera.HTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Opera\opera.exe" (Opera Software) https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Programme\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mp3tag] -- "C:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich) Directory [PlayWithVLC] -- C:\Programme\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) "C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe" = C:\Programme\Corel\Graphics10\Register\NAVBrowser.exe:* ![]() "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Assistent zum Übertragen von Dateien und Einstellungen -- (Microsoft Corporation) "H:\WS_FTP\WS_FTP95.exe" = H:\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 "C:\Programme\WS_FTP\WS_FTP95.exe" = C:\Programme\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA 02173) "E:\setup.exe" = E:\setup.exe:*:Enabled:setup "C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe" = C:\Programme\Sony Ericsson\Sony Ericsson Media Manager\MediaManager.exe:*:Enabled:Sony Ericsson Media Manager 1.2 -- (Sony Creative Software Inc.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application "D:\Programme\Klebezettel NG\klebez.exe" = D:\Programme\Klebezettel NG\klebez.exe:*:Enabled:Elektronische Haftnotizen für Windows "C:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "C:\Programme\Microsoft Office\Office14\GROOVE.EXE" = C:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "D:\Tobit Radio.fx\Server\rfx-server.exe" = D:\Tobit Radio.fx\Server\rfx-server.exe:*:Enabled:Radio.fx Server -- () "D:\Tobit Radio.fx\Client\rfx-client.exe" = D:\Tobit Radio.fx\Client\rfx-client.exe:*:Enabled:Radio.fx Client -- (Tobit.Software) "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.) "C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper "C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "@icon sushi_is1" = @icon sushi 1.21 "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009 "{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord "{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution "{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch "{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 23 "{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1 "{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2 "{49F864F5-1A85-4E69-8764-C7E4EABD8BA0}" = MSI TV Tuner Card Utilities "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC "{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Fotostory 3 für Windows "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1 "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{74DAA2E2-A7DB-4CA3-8F99-62EB23BA3377}" = TV@nywhere Pro Teletext "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{81D62C32-0984-11D3-86CD-00105AD33021}" = Caere Scan Manager 5.1 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010 "{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARD_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARD_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARD_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARD_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARD_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARD_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARD_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS "{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{98EA51C9-B0B0-45BC-8641-3E119EA47D7B}" = Sony Ericsson Media Manager 1.2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10 "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A2A227E0-8DEC-11D2-A564-B2890D000000}" = Jaws PDF Creator "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC54E544-3E42-443C-A91D-A00A6974C592}" = NVIDIA PhysX v8.10.13 "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch "{AE112F6D-D1B3-11D4-8577-00105ADDC431}" = mb Software ArCon 6 "{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5 "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX "{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC "{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech-Handbuch "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = PhoneTools "34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5) "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "7-Zip" = 7-Zip 4.57 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe Shockwave Player" = Adobe Shockwave Player "ArcSoft PhotoBase" = ArcSoft PhotoBase "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Belarc Advisor 2.0" = Belarc Advisor 7.2 "Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.5 "Canon ScanGear Toolbox FAU" = Canon ScanGear Toolbox FAU 2.5 "CCleaner" = CCleaner (remove only) "CorelDRAW 10_TV" = CorelDRAW 10_TV "DIKE" = DIKE "EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7) "ElsterFormular 11.4.1.4323" = ElsterFormular "ElsterFormular 13.0.0.8086p" = ElsterFormular "Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228 "Google Updater" = Google Updater "hp deskjet 960c series" = hp deskjet 960c series (nur entfernen) "HyperMediaCenter 3.5_is1" = HyperMediaCenter 3.5 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1 "InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX "InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX "InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX "InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX "InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX "InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX "InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library "InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX "IrfanView" = IrfanView (remove only) "ISDN TOOLS" = Uninstall U.S. Robotics ISDN Utilities "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mp3tag" = Mp3tag "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MUSICMATCH Jukebox" = MUSICMATCH Jukebox "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Office14.STANDARD" = Microsoft Office Standard 2010 "OmniPagePro9.0DeinstKey" = OmniPage Pro 9.0 "Opera 12.12.1707" = Opera 12.12 "TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay "Tobit Radio.fx Server" = Radio.fx "TVP3XDrv" = MSI TV@nywhere A/D V1.1 BDA Driver "VLC media player" = VLC media player 0.9.8a "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "XP RegTune 2.12" = XP RegTune 2.12 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.01.2013 03:29:04 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 10.01.2013 07:37:56 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 10.01.2013 07:49:48 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 11.01.2013 04:37:49 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3013 Description = Eintrag <D:\TOBIT RADIO.FX\SERVER\RADIO.FX.DB-JOURNAL> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error - 11.01.2013 05:13:24 | Computer Name = ****-PC | Source = Avira Antivirus | ID = 4122 Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5 Error - 11.01.2013 09:23:40 | Computer Name = ****-PC | Source = Windows Search Service | ID = 7040 Description = Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben. Details: 0xc0041801 (0xc0041801) Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 7040 Description = Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben. Kontext: Windows Anwendung, SystemIndex Katalog Details: 0xc0041801 (0xc0041801) Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3029 Description = Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen werden. (0xc0041800) Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3028 Description = Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen werden. (0xc0041800) Error - 11.01.2013 09:23:41 | Computer Name = ****-PC | Source = Windows Search Service | ID = 3058 Description = Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindex kann nicht gelesen werden. (0xc0041800) [ System Events ] Error - 11.01.2013 09:24:19 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Windows Search. Error - 11.01.2013 09:24:19 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 11.01.2013 09:24:19 | Computer Name = ****-PC | Source = DCOM | ID = 10005 Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "WSearch" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error - 11.01.2013 09:28:25 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "ServiceLayer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 11.01.2013 09:28:28 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 11.01.2013 09:28:31 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 11.01.2013 09:28:55 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7034 Description = Dienst "WMI-Leistungsadapter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 11.01.2013 10:06:03 | Computer Name = ****-PC | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 11.01.2013 10:06:33 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: agp440 IntelIde Error - 11.01.2013 10:17:28 | Computer Name = ****-PC | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Radio.fx Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 1000 Millisekunden durchgeführt: Starten Sie den Dienst neu.. < End of report > 7. Schritt: gmer scannen lassen CODE: GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-11 19:14:27 Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Scsi\SI3112r1Port2Path0Target0Lun0 SiI_____ rev.1100 465,76GB Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\BJRN~1\LOKALE~1\Temp\awdcapow.sys ---- System - GMER 2.0 ---- SSDT B16F7BBC ZwClose SSDT B16F7B76 ZwCreateKey SSDT B16F7BC6 ZwCreateSection SSDT B16F7B9E ZwCreateSymbolicLinkObject SSDT B16F7B6C ZwCreateThread SSDT B16F7B7B ZwDeleteKey SSDT B16F7B85 ZwDeleteValueKey SSDT B16F7BB7 ZwDuplicateObject SSDT B16F7BA3 ZwLoadDriver SSDT B16F7B8A ZwLoadKey SSDT B16F7B58 ZwOpenProcess SSDT B16F7B99 ZwOpenSection SSDT B16F7B5D ZwOpenThread SSDT B16F7BDF ZwQueryValueKey SSDT B16F7B94 ZwReplaceKey SSDT B16F7BD0 ZwRequestWaitReplyPort SSDT B16F7B8F ZwRestoreKey SSDT B16F7BCB ZwSetContextThread SSDT B16F7BD5 ZwSetSecurityObject SSDT B16F7BA8 ZwSetSystemInformation SSDT B16F7B80 ZwSetValueKey SSDT B16F7BDA ZwSystemDebugControl SSDT B16F7B67 ZwTerminateProcess SSDT B16F7B62 ZwWriteVirtualMemory ---- Kernel code sections - GMER 2.0 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8994360, 0x34CDBF, 0xE8000020] ---- User code sections - GMER 2.0 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[388] kernel32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text D:\Tobit Radio.fx\Server\rfx-server.exe[1988] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 00642C40 D:\Tobit Radio.fx\Server\rfx-server.exe .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 10083A50 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 10083A90 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 10090D70 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!EndDialog 7E374A4E 5 Bytes JMP 10054EB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!DefWindowProcA 7E37C17E 7 Bytes JMP 10054ED0 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 10090CC0 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 10090E40 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 10090D00 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 10090DB0 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 10090D30 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 10090DF0 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!DrawFrameControl 7E38E940 7 Bytes JMP 10081650 D:\Tobit Radio.fx\Client\TOBITCLT.dll .text D:\Tobit Radio.fx\Client\rfx-tray.exe[2496] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 10090C80 D:\Tobit Radio.fx\Client\TOBITCLT.dll ---- Files - GMER 2.0 ---- File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS.log 131072 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS0057D.log 131072 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS0057E.log 0 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS0057F.log 131072 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS00580.log 131072 bytes File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Search\Data\Applications\Windows\MSS00581.log 131072 bytes ---- EOF - GMER 2.0 ---- Nun meine Frage an die Community: hab ich´s alles weg bekommen ? Gruß´von der Küste Deichfisch |
Themen zu DVU-Trojaner hat auch mich erwischt - ist alles weg ? |
0xc0000001, 7-zip, antivir, askbar, avira, bho, browser, cdburnerxp, ebay, entfernen, error, excel, firefox, flash player, frage, helper, homepage, internet browser, intranet, kaspersky, logfile, mp3, plug-in, prima, problem, realtek, registry, security, senden, server, starten, taskmanager, tracker, trojaner, windows internet, wrapper, wsearch |