| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-DateiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.02.2013, 18:54
| #1 |
 |  OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Bin beim Durchsuchen meines Zweitrechners. defogger lief ohne Aufheben durch: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:54 on 23/02/2013 (Michael)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
SPTD -> Already disabled
-=E.O.F=-
Es wird nun nur folgendede otl.txt erzeugt: Code:
ATTFilter OTL logfile created on: 23.02.2013 18:42:31 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Michael\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 72,99% Memory free 3,85 Gb Paging File | 3,36 Gb Available in Paging File | 87,33% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 146,57 Gb Total Space | 4,44 Gb Free Space | 3,03% Space Free | Partition Type: NTFS Computer Name: R40 | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.23 18:36:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe PRC - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.08 19:43:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 15:52:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.23 11:09:08 | 000,838,656 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe PRC - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2011.05.27 14:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2011.05.27 14:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2011.05.18 17:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\dlnaPlugin.exe PRC - [2011.04.20 13:02:04 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Connect.exe PRC - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe PRC - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe PRC - [2010.07.20 11:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe PRC - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndassvc.exe PRC - [2009.07.29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe PRC - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.07.03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe PRC - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2006.05.30 15:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE PRC - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe PRC - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe PRC - [2002.12.19 10:02:22 | 000,491,520 | ---- | M] (IBM) -- C:\Programme\IBM\Messages By IBM\ibmmessages.exe PRC - [2002.10.30 01:01:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE PRC - [2002.10.16 09:59:54 | 001,622,016 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Support.com\Bin\tgcmd.exe PRC - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ========== Modules (No Company Name) ========== MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.05.08 15:52:28 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.02.23 11:09:08 | 000,838,656 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe MOD - [2012.02.07 10:16:32 | 001,415,680 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll MOD - [2011.12.23 17:20:42 | 000,192,512 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll MOD - [2011.05.27 14:57:32 | 000,022,944 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2011.05.27 14:08:56 | 000,660,480 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe MOD - [2011.04.19 15:29:42 | 000,132,608 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll MOD - [2010.08.22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010.08.22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010.08.22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010.08.22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010.08.22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe MOD - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe MOD - [2008.03.19 15:54:46 | 000,327,680 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CGamma.dll MOD - [2008.03.19 14:37:20 | 000,131,072 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CSensor.dll MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe MOD - [2003.07.03 23:49:30 | 000,024,576 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll MOD - [2003.03.27 01:06:02 | 000,561,152 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCON.DLL MOD - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE MOD - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe MOD - [2002.12.24 16:15:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapHk.dll MOD - [2002.11.15 00:14:28 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\AIBMRUNL.dll MOD - [2002.01.08 09:08:22 | 000,051,712 | ---- | M] () -- C:\WINDOWS\system32\ngprtserv.dll MOD - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PLSRemote.exe -- (PLSRemoteSvc) SRV - [2013.02.20 15:39:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service) SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper) SRV - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc) SRV - [2009.08.10 21:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.03.27 01:06:02 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2003.01.24 14:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor) SRV - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc) SRV - [2002.02.21 11:05:36 | 000,196,688 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_Bus.sys -- (RNUS_BusEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_HC.sys -- (RNUS) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hexmagic.sys -- (hexmagic) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Michael\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50) DRV - [2012.05.08 15:52:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 15:52:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.11 14:09:05 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.04.11 14:08:38 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.03.01 15:40:30 | 000,452,016 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2012.03.01 15:40:30 | 000,275,504 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2012.03.01 15:40:30 | 000,081,200 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2011.12.23 17:21:04 | 001,195,200 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2011.12.23 17:20:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) DRV - [2010.11.28 22:41:23 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2010.08.22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50) DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.01.13 09:12:46 | 000,556,008 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt) DRV - [2010.01.13 09:12:44 | 000,119,784 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lpx.sys -- (lpx) DRV - [2010.01.13 09:12:40 | 000,385,512 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus) DRV - [2010.01.13 09:12:36 | 000,562,152 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ndasfs.sys -- (ndasfs) DRV - [2010.01.13 09:12:36 | 000,461,288 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasfat.sys -- (ndasfat) DRV - [2010.01.13 09:12:28 | 000,791,528 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasrofs.sys -- (ndasrofs) DRV - [2010.01.13 09:12:24 | 000,377,320 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi) DRV - [2009.11.17 10:13:04 | 000,014,592 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mafw.sys -- (MAFW) DRV - [2009.06.22 15:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp) DRV - [2009.02.17 11:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.02.17 11:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.12.12 12:11:08 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3) DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.12.01 11:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\drhard.sys -- (drhard) DRV - [2004.06.18 19:23:56 | 000,016,768 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiBulk.sys -- (SiBulk) DRV - [2003.05.14 16:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera) DRV - [2003.04.29 21:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.03.27 01:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK) DRV - [2003.03.12 13:16:44 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) DRV - [2003.01.12 15:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2002.11.20 13:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3) DRV - [2002.11.01 00:31:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2002.11.01 00:31:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR) DRV - [2002.11.01 00:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2002.10.30 01:01:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2002.10.18 10:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2002.07.16 01:00:00 | 000,498,672 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2002.07.16 01:00:00 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2002.07.15 12:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage) DRV - [2002.05.22 08:40:40 | 000,007,552 | ---- | M] (Hewlett-Packard Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpusbfd.sys -- (hpusbfd) DRV - [2002.02.21 11:05:36 | 000,259,072 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETPPPOI.SYS -- (NETPPPOI) DRV - [2001.09.18 11:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus) DRV - [2001.08.17 12:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack) DRV - [2001.08.17 12:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.goggle.de" FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8rc3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.10 00:27:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.20 15:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.20 15:38:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.10 00:27:50 | 000,000,000 | ---D | M] [2011.09.08 19:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions [2009.06.02 12:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2013.02.22 20:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions [2012.07.05 22:09:11 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.09 18:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2) [2013.01.21 16:54:38 | 000,315,066 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.02.22 20:17:24 | 000,531,369 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.15 09:43:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.09 18:16:06 | 000,521,144 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2)\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.09.27 12:41:08 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\conduit.xml [2011.09.08 00:42:19 | 000,002,506 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\SearchResults.xml [2010.02.17 14:25:58 | 000,001,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\wolframalpha.xml [2013.02.20 15:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.21 20:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.02.20 15:39:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.12.18 23:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2009.06.18 12:16:18 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2009.06.18 12:36:06 | 000,108,272 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011.12.29 09:09:21 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 14:19:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.12.29 09:09:21 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.29 09:09:21 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.08 00:42:19 | 000,002,506 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\SearchResults.xml [2011.12.29 09:09:21 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.29 09:09:21 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPSibelius.dll CHR - plugin: NapsterLink (Enabled) = C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: NotScripts = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2002.08.29 04:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Lamp] C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe () O4 - HKLM..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe File not found O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NPDTRAY] C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.) O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE () O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [StorageGuard] c:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [tgcmd] C:\Programme\Support.com\bin\tgcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe () O4 - HKLM..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" File not found O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKCU..\Run: [PC Notes Taker] C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe (Pegasus Technologies) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Geräte-Manager.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TP-LINK Wireless Configuration Utility.lnk = C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () O4 - Startup: C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\Telefon- und Branchenbuch Frühjahr 2007 - Schnellstarter.lnk = C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2007\KSTART32.EXE (klickTel GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Bild zum Bildarchiv senden - file://C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MGI\PhotoSuite4\Temp\MGI00000.html File not found O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242923080286 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19356C41-6FB9-4C19-ADA8-9D0A1DBE80BA}: DhcpNameServer = 192.168.169.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29C7FE0-06D5-4939-85EE-10AC7B3EB02A}: NameServer = 192.168.121.252,192.168.121.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54CB423-672B-427E-8E56-2233D6FB9A46}: DhcpNameServer = 192.168.1.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 () - hxxp://bits.wikimedia.org/skins-1.5/common/images/sort_none.gif O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.21 16:20:48 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell - "" = AutoRun O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell - "" = AutoRun O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{fd865905-fd77-11df-88db-00061bda36a8}\Shell - "" = Autorun O33 - MountPoints2\{fd865905-fd77-11df-88db-00061bda36a8}\Shell\AutoRun\command - "" = E:\Install_Nokia_Ovi_Suite.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.23 18:36:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe [2013.02.20 15:38:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.02.13 14:07:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes [2013.02.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.13 14:07:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.13 14:07:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.13 14:07:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.10 14:56:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Revo Uninstaller [2013.02.06 06:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\FilmeSchule [2013.02.05 16:32:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2013.02.02 00:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\iui [6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.23 18:36:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe [2013.02.23 17:53:16 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.23 17:52:04 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3264421748-380149622-3910952666-1004.job [2013.02.23 17:51:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.23 17:51:30 | 2146,422,784 | -HS- | M] () -- C:\hiberfil.sys [2013.02.23 17:51:25 | 000,402,255 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2013.02.23 17:07:54 | 000,000,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SyncToy_41d7829c-1905-4c51-9042-03ee7bbb3f2e.dat [2013.02.17 21:00:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2013.02.15 09:55:42 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG [2013.02.14 11:59:24 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable [2013.02.13 14:07:02 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.13 13:42:52 | 000,509,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.13 11:38:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.13 11:38:15 | 002,003,790 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2013.02.13 11:26:14 | 000,517,538 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.13 11:26:14 | 000,494,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.13 11:26:14 | 000,101,584 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.13 11:26:14 | 000,084,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.12 17:35:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3264421748-380149622-3910952666-1004.job [2013.02.10 14:56:14 | 000,000,900 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Revo Uninstaller.lnk [2013.02.08 18:19:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.02.07 00:54:14 | 1178,434,572 | ---- | M] () -- C:\arte_02_07_2013_00_02_01.mpg [2013.02.07 00:01:40 | 005,223,204 | ---- | M] () -- C:\arte_02_07_2013_00_01_29.mpg [2013.02.07 00:01:04 | 005,278,476 | ---- | M] () -- C:\arte_02_07_2013_00_00_47.mpg [2013.02.07 00:00:37 | 013,324,500 | ---- | M] () -- C:\arte_02_07_2013_00_00_01.mpg [2013.02.05 16:34:16 | 000,171,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip [2013.01.29 16:25:47 | 000,038,460 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif [2013.01.28 20:08:19 | 000,086,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf [6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.23 17:07:54 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SyncToy_41d7829c-1905-4c51-9042-03ee7bbb3f2e.dat [2013.02.14 11:59:00 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable [2013.02.13 14:07:02 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.07 00:02:01 | 1178,434,572 | ---- | C] () -- C:\arte_02_07_2013_00_02_01.mpg [2013.02.07 00:01:29 | 005,223,204 | ---- | C] () -- C:\arte_02_07_2013_00_01_29.mpg [2013.02.07 00:00:47 | 005,278,476 | ---- | C] () -- C:\arte_02_07_2013_00_00_47.mpg [2013.02.07 00:00:01 | 013,324,500 | ---- | C] () -- C:\arte_02_07_2013_00_00_01.mpg [2013.02.05 16:34:30 | 000,171,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip [2013.01.29 16:25:51 | 000,038,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif [2013.01.28 20:08:18 | 000,086,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf [2013.01.13 16:56:30 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2013.01.13 16:56:30 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll [2013.01.13 16:56:30 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2013.01.13 16:56:30 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2013.01.13 16:55:50 | 000,014,181 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012.02.15 07:46:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.03 14:00:44 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll [2011.09.15 21:57:48 | 000,037,755 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.ADR [2011.09.15 19:38:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.09.15 19:38:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.09.03 23:50:41 | 000,000,496 | RHS- | C] () -- C:\Dokumente und Einstellungen\Michael\ntuser.pol [2011.06.19 21:32:00 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\RoomEQWizardV5-Path [2011.06.14 13:48:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.05.29 21:46:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\unVQ3240.dll [2011.05.29 21:46:31 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Dext536.ini [2011.03.06 02:11:06 | 010,977,280 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2011.01.06 18:27:38 | 000,011,453 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.TSK [2011.01.06 18:08:25 | 000,011,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Tabulatorgetrennte Werte (DOS).TSK [2010.12.04 20:14:38 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\n.wav [2010.12.04 20:14:06 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\j.wav [2009.06.21 19:50:13 | 000,127,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.22 21:31:06 | 007,294,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\filesync.metadata ========== ZeroAccess Check ========== [2009.05.22 18:14:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2009.03.03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.11.01 16:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton [2012.04.11 15:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2010.10.10 12:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Activ Software [2011.08.19 19:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Affinegy [2011.08.19 15:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Belkin [2011.09.08 18:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess [2010.01.27 17:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.04.11 16:36:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clonehdd [2010.11.28 22:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.04.04 15:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2012.12.09 19:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2012.04.11 16:36:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher [2012.04.11 16:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ftw [2012.01.17 19:43:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm [2010.12.09 21:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.04.11 16:36:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher [2012.02.21 11:46:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lexware [2009.05.25 15:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster [2009.06.02 13:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2012.03.07 21:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF [2010.12.09 23:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.12.10 00:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.09.07 00:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Overlook [2010.12.09 23:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.11.16 20:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PIXELA [2010.10.10 12:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Promethean [2009.05.23 19:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT [2009.05.23 23:47:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teledat [2010.09.19 12:08:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.06.02 12:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2013.01.13 16:56:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2010.04.04 15:54:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2011.07.06 15:51:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{075F7537-CA93-49E5-A04A-8EBA1F0F84E7} [2012.04.11 14:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\7E84B114-7060-428F-ABDB-40EFD790968C [2012.11.01 16:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ableton [2012.04.11 14:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Acronis [2010.03.20 19:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Amazon [2012.12.27 12:14:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Audacity [2010.10.10 15:22:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\beSoft [2010.01.30 15:25:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Canneverbe Limited [2010.11.28 22:49:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DAEMON Tools Lite [2009.11.10 20:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Desktopicon [2011.01.08 21:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\EAC [2012.12.09 19:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\elsterformular [2011.07.06 15:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\GetRightToGo [2010.05.27 18:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\HarmonicTune [2009.06.07 19:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\IBM [2011.02.15 21:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\IGC [2009.09.04 21:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\InterVideo [2009.12.05 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Klett [2009.06.02 16:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\klickIdent [2009.06.05 10:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\klickTel [2012.02.21 11:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Lexware [2012.07.07 23:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\LibreOffice [2012.11.18 17:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\mathegrafix [2012.03.07 21:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nitro PDF [2010.12.10 00:44:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nokia [2010.12.10 00:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nokia Ovi Suite [2009.06.21 23:20:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\OpenOffice.org [2012.07.06 16:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Oracle [2011.09.07 00:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Overlook [2010.12.10 00:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PC Suite [2010.10.10 12:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Promethean [2013.02.04 22:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\QuickScan [2009.07.03 06:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\RecordNow [2009.05.25 15:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Teledat [2009.06.02 12:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TomTom [2013.01.14 00:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TP-LINK [2009.05.21 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VERITAS [2010.03.26 23:48:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VideoReDo-TVSuite [2010.08.31 10:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VideoReDoPlus [2011.07.02 09:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\XMedia Recode ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 185 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:66633281 @Alternate Data Stream - 175 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0888F409 < End of report > |
|
23.02.2013, 21:42
| #2 | |
| /// TB-Ausbilder   | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Hallo,
__________________Zitat:
Mach stattdessen das: Starte bitte die OTL.exe.
__________________ |
|
24.02.2013, 11:33
| #3 |
| | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Hier die otl:
__________________Code:
ATTFilter OTL logfile created on: 24.02.2013 11:08:21 - Run 6 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Michael\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,76% Memory free 3,85 Gb Paging File | 3,14 Gb Available in Paging File | 81,63% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 146,57 Gb Total Space | 4,27 Gb Free Space | 2,92% Space Free | Partition Type: NTFS Computer Name: R40 | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.23 18:36:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe PRC - [2013.02.20 15:39:04 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.08 19:43:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 15:52:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.01.23 05:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe PRC - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2011.05.27 14:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2011.05.27 14:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2011.05.18 17:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\dlnaPlugin.exe PRC - [2011.04.20 13:02:04 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Connect.exe PRC - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe PRC - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe PRC - [2010.07.20 11:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.02.25 18:35:04 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe PRC - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe PRC - [2010.01.13 09:12:32 | 000,283,112 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndasmgmt.exe PRC - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndassvc.exe PRC - [2009.07.29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe PRC - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe PRC - [2008.09.30 18:17:22 | 002,528,512 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.07.03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe PRC - [2007.01.10 14:38:48 | 000,451,584 | ---- | M] (klickTel GmbH) -- C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2007\KSTART32.EXE PRC - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2006.05.30 15:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2003.04.08 16:51:48 | 000,077,903 | ---- | M] (Pegasus Technologies) -- C:\WINDOWS\system32\PNTRoute.EXE PRC - [2003.04.01 13:16:20 | 000,782,396 | ---- | M] (Pegasus Technologies) -- C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe PRC - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE PRC - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe PRC - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe PRC - [2002.12.19 10:02:22 | 000,491,520 | ---- | M] (IBM) -- C:\Programme\IBM\Messages By IBM\ibmmessages.exe PRC - [2002.10.30 01:01:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE PRC - [2002.10.16 09:59:54 | 001,622,016 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Support.com\Bin\tgcmd.exe PRC - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ========== Modules (No Company Name) ========== MOD - [2013.02.20 15:39:03 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.12 11:21:36 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.05.08 15:52:28 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.05.27 14:57:32 | 000,022,944 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2011.05.27 14:08:56 | 000,660,480 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe MOD - [2011.04.19 15:29:42 | 000,132,608 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll MOD - [2010.08.22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010.08.22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010.08.22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010.08.22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010.08.22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe MOD - [2010.01.13 12:29:16 | 000,260,096 | ---- | M] () -- C:\Programme\NDAS\System\ndasmgmt.deu.dll MOD - [2008.11.26 15:59:32 | 000,131,584 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll MOD - [2008.10.22 15:01:00 | 000,200,704 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe MOD - [2008.03.19 15:54:46 | 000,327,680 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CGamma.dll MOD - [2008.03.19 14:37:20 | 000,131,072 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CSensor.dll MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2007.04.19 08:33:00 | 000,035,584 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\uPiApi.dll MOD - [2007.04.02 13:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe MOD - [2003.07.03 23:49:30 | 000,024,576 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll MOD - [2003.03.27 01:06:02 | 000,561,152 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCON.DLL MOD - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE MOD - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe MOD - [2002.12.24 16:15:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapHk.dll MOD - [2002.11.15 00:14:28 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\AIBMRUNL.dll MOD - [2002.01.08 09:08:22 | 000,051,712 | ---- | M] () -- C:\WINDOWS\system32\ngprtserv.dll MOD - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PLSRemote.exe -- (PLSRemoteSvc) SRV - [2013.02.20 15:39:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service) SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper) SRV - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc) SRV - [2009.08.10 21:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.03.27 01:06:02 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2003.01.24 14:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor) SRV - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc) SRV - [2002.02.21 11:05:36 | 000,196,688 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_Bus.sys -- (RNUS_BusEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_HC.sys -- (RNUS) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hexmagic.sys -- (hexmagic) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Michael\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50) DRV - [2012.05.08 15:52:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 15:52:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.11 14:09:05 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.04.11 14:08:38 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.03.01 15:40:30 | 000,452,016 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2012.03.01 15:40:30 | 000,275,504 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2012.03.01 15:40:30 | 000,081,200 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2011.12.23 17:21:04 | 001,195,200 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2011.12.23 17:20:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) DRV - [2010.11.28 22:41:23 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2010.08.22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50) DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.01.13 09:12:46 | 000,556,008 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt) DRV - [2010.01.13 09:12:44 | 000,119,784 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lpx.sys -- (lpx) DRV - [2010.01.13 09:12:40 | 000,385,512 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus) DRV - [2010.01.13 09:12:36 | 000,562,152 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ndasfs.sys -- (ndasfs) DRV - [2010.01.13 09:12:36 | 000,461,288 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasfat.sys -- (ndasfat) DRV - [2010.01.13 09:12:28 | 000,791,528 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasrofs.sys -- (ndasrofs) DRV - [2010.01.13 09:12:24 | 000,377,320 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi) DRV - [2009.11.17 10:13:04 | 000,014,592 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mafw.sys -- (MAFW) DRV - [2009.06.22 15:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp) DRV - [2009.02.17 11:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.02.17 11:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.12.12 12:11:08 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3) DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.12.01 11:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\drhard.sys -- (drhard) DRV - [2004.06.18 19:23:56 | 000,016,768 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiBulk.sys -- (SiBulk) DRV - [2003.05.14 16:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera) DRV - [2003.04.29 21:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.03.27 01:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK) DRV - [2003.03.12 13:16:44 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) DRV - [2003.01.12 15:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2002.11.20 13:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3) DRV - [2002.11.01 00:31:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2002.11.01 00:31:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR) DRV - [2002.11.01 00:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2002.10.30 01:01:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2002.10.18 10:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2002.07.16 01:00:00 | 000,498,672 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2002.07.16 01:00:00 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2002.07.15 12:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage) DRV - [2002.05.22 08:40:40 | 000,007,552 | ---- | M] (Hewlett-Packard Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpusbfd.sys -- (hpusbfd) DRV - [2002.02.21 11:05:36 | 000,259,072 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETPPPOI.SYS -- (NETPPPOI) DRV - [2001.09.18 11:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus) DRV - [2001.08.17 12:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack) DRV - [2001.08.17 12:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.defaultthis.engineName: "Freeware.de Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.goggle.de" FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8rc3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20((url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com')%20%7B%20return%20'PROXY%20us04.personalitycores.com%3A8000%3B%20PROXY%20us05.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.10 00:27:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.20 15:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.20 15:38:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.10 00:27:50 | 000,000,000 | ---D | M] [2011.09.08 19:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions [2009.06.02 12:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2013.02.22 20:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions [2012.07.05 22:09:11 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.09 18:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2) [2013.01.21 16:54:38 | 000,315,066 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.02.22 20:17:24 | 000,531,369 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.15 09:43:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.09 18:16:06 | 000,521,144 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2)\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.09.27 12:41:08 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\conduit.xml [2011.09.08 00:42:19 | 000,002,506 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\SearchResults.xml [2010.02.17 14:25:58 | 000,001,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\wolframalpha.xml [2013.02.20 15:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.21 20:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.02.20 15:39:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.12.18 23:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2009.06.18 12:16:18 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2009.06.18 12:36:06 | 000,108,272 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011.12.29 09:09:21 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 14:19:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.12.29 09:09:21 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.29 09:09:21 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.08 00:42:19 | 000,002,506 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\SearchResults.xml [2011.12.29 09:09:21 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.29 09:09:21 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPSibelius.dll CHR - plugin: NapsterLink (Enabled) = C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: NotScripts = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2002.08.29 04:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found. O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFree.dll (Conduit Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Lamp] C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe () O4 - HKLM..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [IR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe File not found O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NPDTRAY] C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.) O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE () O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [StorageGuard] c:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [tgcmd] C:\Programme\Support.com\bin\tgcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe () O4 - HKLM..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" File not found O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKCU..\Run: [PC Notes Taker] C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe (Pegasus Technologies) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Geräte-Manager.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TP-LINK Wireless Configuration Utility.lnk = C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () O4 - Startup: C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\Telefon- und Branchenbuch Frühjahr 2007 - Schnellstarter.lnk = C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2007\KSTART32.EXE (klickTel GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Bild zum Bildarchiv senden - file://C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MGI\PhotoSuite4\Temp\MGI00000.html File not found O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242923080286 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19356C41-6FB9-4C19-ADA8-9D0A1DBE80BA}: DhcpNameServer = 192.168.169.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29C7FE0-06D5-4939-85EE-10AC7B3EB02A}: NameServer = 192.168.121.252,192.168.121.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54CB423-672B-427E-8E56-2233D6FB9A46}: DhcpNameServer = 192.168.1.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 () - hxxp://bits.wikimedia.org/skins-1.5/common/images/sort_none.gif O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.21 16:20:48 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell - "" = AutoRun O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1f074dd2-347b-11df-887e-00061bda36a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell - "" = AutoRun O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{403e4ea8-7432-11e0-8910-00061bda36a8}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{fd865905-fd77-11df-88db-00061bda36a8}\Shell - "" = Autorun O33 - MountPoints2\{fd865905-fd77-11df-88db-00061bda36a8}\Shell\AutoRun\command - "" = E:\Install_Nokia_Ovi_Suite.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.23 18:36:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe [2013.02.20 15:38:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.02.13 14:07:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes [2013.02.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.13 14:07:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.13 14:07:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.13 14:07:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.10 18:20:04 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.02.10 18:20:04 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.02.10 18:19:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.02.10 18:19:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.02.10 18:19:55 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.02.10 14:56:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Revo Uninstaller [2013.02.06 06:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\FilmeSchule [2013.02.05 16:32:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2013.02.02 00:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\iui [6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.24 11:03:28 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.24 11:02:05 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3264421748-380149622-3910952666-1004.job [2013.02.24 11:01:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.24 11:01:44 | 2146,422,784 | -HS- | M] () -- C:\hiberfil.sys [2013.02.24 11:01:42 | 000,407,363 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2013.02.23 18:36:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe [2013.02.23 17:07:54 | 000,000,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SyncToy_41d7829c-1905-4c51-9042-03ee7bbb3f2e.dat [2013.02.17 21:00:00 | 000,000,484 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2013.02.15 09:55:42 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG [2013.02.14 11:59:24 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable [2013.02.13 14:07:02 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.13 13:42:52 | 000,509,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.13 11:38:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.13 11:38:15 | 002,003,790 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2013.02.13 11:26:14 | 000,517,538 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.13 11:26:14 | 000,494,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.13 11:26:14 | 000,101,584 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.13 11:26:14 | 000,084,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.12 17:35:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3264421748-380149622-3910952666-1004.job [2013.02.12 11:21:37 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.12 11:21:36 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.10 18:19:38 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.02.10 18:19:37 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.02.10 18:19:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.02.10 18:19:37 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.02.10 18:19:37 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.02.10 18:19:36 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.02.10 18:19:36 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.02.10 14:56:14 | 000,000,900 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Revo Uninstaller.lnk [2013.02.08 18:19:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.02.07 00:54:14 | 1178,434,572 | ---- | M] () -- C:\arte_02_07_2013_00_02_01.mpg [2013.02.07 00:01:40 | 005,223,204 | ---- | M] () -- C:\arte_02_07_2013_00_01_29.mpg [2013.02.07 00:01:04 | 005,278,476 | ---- | M] () -- C:\arte_02_07_2013_00_00_47.mpg [2013.02.07 00:00:37 | 013,324,500 | ---- | M] () -- C:\arte_02_07_2013_00_00_01.mpg [2013.02.05 16:34:16 | 000,171,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip [2013.01.29 16:25:47 | 000,038,460 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif [2013.01.28 20:08:19 | 000,086,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf [2013.01.26 04:55:37 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll [6 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.23 17:07:54 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SyncToy_41d7829c-1905-4c51-9042-03ee7bbb3f2e.dat [2013.02.14 11:59:00 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable [2013.02.13 14:07:02 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.07 00:02:01 | 1178,434,572 | ---- | C] () -- C:\arte_02_07_2013_00_02_01.mpg [2013.02.07 00:01:29 | 005,223,204 | ---- | C] () -- C:\arte_02_07_2013_00_01_29.mpg [2013.02.07 00:00:47 | 005,278,476 | ---- | C] () -- C:\arte_02_07_2013_00_00_47.mpg [2013.02.07 00:00:01 | 013,324,500 | ---- | C] () -- C:\arte_02_07_2013_00_00_01.mpg [2013.02.05 16:34:30 | 000,171,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip [2013.01.29 16:25:51 | 000,038,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif [2013.01.28 20:08:18 | 000,086,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf [2013.01.13 16:56:30 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2013.01.13 16:56:30 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll [2013.01.13 16:56:30 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2013.01.13 16:56:30 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2013.01.13 16:55:50 | 000,014,181 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012.02.15 07:46:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.03 14:00:44 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll [2011.09.15 21:57:48 | 000,037,755 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.ADR [2011.09.15 19:38:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.09.15 19:38:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.09.03 23:50:41 | 000,000,496 | RHS- | C] () -- C:\Dokumente und Einstellungen\Michael\ntuser.pol [2011.06.19 21:32:00 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\RoomEQWizardV5-Path [2011.06.14 13:48:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.05.29 21:46:31 | 000,053,248 | ---- | C] () -- C:\WINDOWS\unVQ3240.dll [2011.05.29 21:46:31 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Dext536.ini [2011.03.06 02:11:06 | 010,977,280 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2011.01.06 18:27:38 | 000,011,453 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.TSK [2011.01.06 18:08:25 | 000,011,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Tabulatorgetrennte Werte (DOS).TSK [2010.12.04 20:14:38 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\n.wav [2010.12.04 20:14:06 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\j.wav [2009.06.21 19:50:13 | 000,127,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.22 21:31:06 | 007,294,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\filesync.metadata ========== ZeroAccess Check ========== [2009.05.22 18:14:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\System32\shdocvw.dll -- [2009.03.03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 185 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:66633281 @Alternate Data Stream - 175 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0888F409 < End of report > Code:
ATTFilter OTL Extras logfile created on: 24.02.2013 11:08:21 - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Michael\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 61,76% Memory free
3,85 Gb Paging File | 3,14 Gb Available in Paging File | 81,63% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 146,57 Gb Total Space | 4,27 Gb Free Space | 2,92% Space Free | Partition Type: NTFS
Computer Name: R40 | User Name: Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"80:TCP" = 80:TCP:*:Enabled:HTTP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Disabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Disabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Disabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Disabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Disabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Disabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"19540:UDP" = 19540:UDP:*:Enabled:SXUPTP
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:Enabled:javaw -- ()
"C:\WINDOWS\system32\sessmgr.exe" = C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Support.com\Bin\tgcmd.exe" = C:\Programme\Support.com\Bin\tgcmd.exe:*:Disabled:Support.com Scheduler and Command Dispatcher -- (SupportSoft, Inc.)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Programme\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\NetGear\ProSafe Plus Utility\ProSafe Plus Utility.exe" = C:\Programme\NetGear\ProSafe Plus Utility\ProSafe Plus Utility.exe:*:Enabled:ProSafe Plus Utility -- ()
"C:\Programme\NetGear\ProSafe Plus Utility\NetGearServer.exe" = C:\Programme\NetGear\ProSafe Plus Utility\NetGearServer.exe:*:Enabled:NetGearServer -- ()
"C:\Programme\NetGear\ProSafe Plus Utility\NsdpManager.exe" = C:\Programme\NetGear\ProSafe Plus Utility\NsdpManager.exe:*:Enabled:NsdpManager -- ()
"C:\Programme\Belkin\Belkin USB Print and Storage Center\Connect.exe" = C:\Programme\Belkin\Belkin USB Print and Storage Center\Connect.exe:*:Enabled:Belkin USB Print and Storage Center -- (Belkin International, Inc.)
"C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe" = C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe:LocalSubNet:Enabled:Belkin Setup -- (Affinegy, Inc.)
"C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe" = C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe:*:Enabled:Lexware Datenbank Server -- (iAnywhere Solutions, Inc.)
"C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe" = C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe:*:Enabled:PC Notes Taker -- (Pegasus Technologies)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0197D136-598D-4968-BEEA-91C1B764F05D}" = Lexware buchhalter 2012
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0664AD25-A8C3-4CE6-88BC-6245DC1B15ED}" = MediaBrowser
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = VERITAS Update Manager
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B325F20-59AD-4D6B-976B-C12E5CD675C7}" = Installationshinweise
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{1265A07C-5B80-4D8C-A076-FD7E2AFE4435}" = HP LaserJet Fonts
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1923679F-C14B-4790-BC54-EFA3FCDE147B}" = Lexware Elster
"{1D1347A8-D5E8-466D-A1FD-2EC88A9AEC58}" = PC Notes Taker
"{1E34AB5C-B893-4EE9-82F3-F195978D009D}" = IBM Access Support - Local Content Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor für Windows
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = Dienstprogramm 'IBM ThinkPad-Tastaturanpassung'
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{22CC52F5-A55A-48B6-A753-E217FFD5B11C}" = Firmware Manager
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{319D91C6-3D44-436C-9F79-36C0D22372DC}" = TP-LINK Wireless Configuration Utility
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36A1E3D6-288A-4EEE-A081-30D9808B2BE3}" = Joe
"{37BC8FCE-15B1-456E-A62C-EEB175B71340}" = Lexware reisekosten plus 2011
"{3B7B3B4A-AF8C-4671-A92E-3E7E9ABCB22B}" = IBM Rapid Restore PC Setup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5EA394-1031-11D2-A2CB-00C04F72F31D}" = Microsoft PhotoDraw 2000 V2
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A5A427F-BA39-4BF0-9999-9A47FBE60C9F}" = Visual C++ 9.0 Runtime for Dragon NaturallySpeaking
"{4D568C38-0552-4CDD-A643-01FAFA2957EF}" = Nokia Software Updater
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{5EAF9A83-3B91-45BF-8F2D-990BBEBDC9AB}" = Intel(R) Sebring API
"{64522D5F-4743-4939-8E22-B1878FB68772}" = M-Audio FireWire Driver 6.0.1 (x86)
"{69F90670-C53E-4E84-AE0A-3D390FB7B88C}" = FormsForWeb® Filler 3.1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EA9DEAF-B633-44B8-89F6-2EF0C4944A19}" = ActivInspire v1
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7115EE2B-62BF-4DEB-B4AA-91456D245F47}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E6E2EF6-AACA-431A-B824-049C394EA5F8}" = DigitalCam Pro
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{8214CC02-6271-4DC8-B8DD-779933450264}" = IBM RecordNow
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad-UltraNav-Assistent
"{831DCD32-5EE9-45CF-9929-2EA16FA8DA8E}" = PlexTools Professional V2.33
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8745DEAB-1126-42F5-9585-C66D5497B47B}" = EMEA Wallpaper
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068A4FE-BBD5-48BF-96C7-3EA967C71D43}" = Benutzerhandbuch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}" = PC Connectivity Solution
"{A72FC039-FE41-4BAD-B36E-64368EC54B54}" = ArcSoft MediaConverter 2.5
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{B745E94B-433F-4483-8B0B-DFA947C09CDF}" = klickTel Telefon- und Branchenbuch Frühjahr 2007
"{B7EB2CF8-BB80-488C-B0E9-26056DF3814F}" = USB-Feuchte Temp.Logger
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C6BCBC-0884-4C66-B5EF-0B7668FE2B10}" = TP-LINK TL-WDN3200 Driver
"{C1C50448-C067-454A-80B2-334ECAC8F414}" = Lexware Admintools Plus
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1" = SiSoftware Sandra Lite 2011.SP1
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5089197-5B15-44AD-B0FC-2E94EE9ECB63}" = WinSysClean X2 - Trial
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = alm
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2011
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{DAF15921-FA90-4427-82A2-1852A9BAC99A}" = Lexware Datenbank plus 2011
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.2.5
"{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA664480-3844-11D5-8C25-444553540000}" = Funktion "IBM TrackPoint-Eingabehilfen"
"{EBA04232-8CDA-4900-A36E-9E5CC4AF3254}" = NDAS-Software 3.72.2080
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF790F1C-CB0C-4B95-8C54-60783F3B6661}" = LibreOffice 3.5
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Access IBM Tools" = Access IBM Tools
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"ASIO4ALL" = ASIO4ALL
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 2.0.2
"AudioAnalyserV1.9_is1" = AudioAnalyserV1.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Belkin Installationsprogramm und Router Monitor_is1" = Belkin Installationsprogramm und Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"BWR_is1" = BWR Version 4.5.0
"CD Bremse_is1" = CD Bremse 1.49
"conduitEngine" = Conduit Engine
"cPlay (cics Play) 2.0b35_is1" = cPlay 2.0b35
"Digital Editions" = Adobe Digital Editions
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Dr. Hardware 2010_is1" = Dr. Hardware 2010 10.5d
"EasyEject Utility" = Dienstprogramm 'IBM ThinkPad EasyEject'
"ElsterFormular" = ElsterFormular
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"FLAC" = FLAC 1.2.1b (remove only)
"FreePDF_XP" = FreePDF XP (Remove only)
"Freeware.de Toolbar" = Freeware.de Toolbar
"HarmonicTune 0.92_is1" = HarmonicTune 0.92
"HD Tune_is1" = HD Tune 2.55
"HDClone.Free.4.0.7.1031-{E5F47096-3219-483A-AF78-6FD0E3DEB398}" = HDClone 4 Free Edition
"HDD Health_is1" = HDD Health v3.3 Beta
"HP Color LaserJet CP3505" = HP Color LaserJet CP3505
"HWiNFO32_is1" = HWiNFO32 Version 3.70
"IBM Access Support" = IBM Access Support
"ie8" = Windows Internet Explorer 8
"InstallShield_{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"Klett Lernsoftware Mathematik - Lambacher Schweizer 5 BY_is1" = Klett Lernsoftware Mathematik - Lambacher Schweizer 5 BY
"klickIdent 18_is1" = klickIdent 18
"Live 8.2.3" = Live 8.2.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatheGrafix 9_is1" = MatheGrafix 9 (Version 9.50)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 19.0 (x86 de)" = Mozilla Firefox 19.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MultisineV1.74_is1" = MultisineV1.74
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2 SE
"NETGEAR Print Server Software" = NETGEAR Print Server Software
"Nokia Ovi Suite" = Nokia Ovi Suite
"NotenManager Heimversion" = NotenManager Heimversion 3.0
"Overlook Fing 1.4" = Overlook Fing
"Power Features" = IBM ThinkPad 'Akku-MaxiMiser' und Stromsparfunktionen
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad 'Präsentationsdirektor'
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Revo Uninstaller" = Revo Uninstaller 1.94
"RoomEQWizardV5" = Room EQ Wizard V5
"Spyder3Elite" = Spyder3Elite
"Support.com" = Support.com Software
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"Teledat 150" = Teledat 150
"Teledat Konf" = Teledat Konfigurationsprogramm
"ThinkPad Configuration" = IBM ThinkPad-Konfiguration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = Installationsprogramm für ThinkPad-Software
"TomTom HOME" = TomTom HOME 2.8.3.2499
"TT-Dynamic-Range 1.4" = TT-Dynamic-Range 1.4
"Tunatic" = Tunatic
"Update für Notenmanager Heimversion" = Update für Notenmanager Heimversion 3.1
"Video Mover_is1" = Video Mover
"VideoReDo-Plus_is1" = VideoReDo/Plus Version 2.5.6.512
"VideoReDoTVSuite_is1" = VideoReDo TVSuite Version 3.1.5.564
"Visible" =
"VLC media player" = VLC media player 1.0.2
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Wilbur" = Wilbur (remove only)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1.2
"WinSysClean X2 - Trial" = WinSysClean X2 - Trial
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fbaa9ace9c15fb8c" = aOUTo
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.02.2013 21:39:28 | Computer Name = R40 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{30ad0241-461a-11de-87a1-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 04.02.2013 22:11:13 | Computer Name = R40 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{30ad0241-461a-11de-87a1-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 04.02.2013 22:39:34 | Computer Name = R40 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{30ad0241-461a-11de-87a1-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 05.02.2013 07:36:16 | Computer Name = R40 | Source = VSS | ID = 12289
Description = Volumeschattenkopie-Dienstfehler: Unerwarteter Fehler "CreateFileW(\\?\Volume{30ad0241-461a-11de-87a1-806d6172696f},0xc0000000,0x00000003,...)".
hr = 0x80070005.
Error - 05.02.2013 07:36:55 | Computer Name = R40 | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070015" (konvertiert
in 0x800423f3) fehlgeschlagen.
Error - 10.02.2013 13:20:18 | Computer Name = R40 | Source = MsiInstaller | ID = 11327
Description = Product: Java Auto Updater -- Error 1327.Invalid Drive: F:\
Error - 11.02.2013 14:35:20 | Computer Name = R40 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.2.3189, fehlgeschlagenes
Modul in_mp4.dll, Version 0.0.0.0, Fehleradresse 0x00005ccf.
Error - 23.02.2013 08:42:51 | Computer Name = R40 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung winamp.exe, Version 5.6.2.3189, fehlgeschlagenes
Modul in_mp4.dll, Version 0.0.0.0, Fehleradresse 0x00005ccf.
Error - 23.02.2013 17:10:28 | Computer Name = R40 | Source = MsiInstaller | ID = 11327
Description = Produkt: Adobe Reader X (10.1.6) - Deutsch -- Fehler 1327. Ungültiges
Laufwerk: F:\
Error - 23.02.2013 17:10:28 | Computer Name = R40 | Source = MsiInstaller | ID = 1024
Description = Produkt: Adobe Reader X (10.1.6) - Deutsch - Update "Adobe Reader
X (10.1.6)" konnte nicht installiert werden. Fehlercode 1603. Windows Installer
kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation
von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen
zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
[ System Events ]
Error - 20.02.2013 10:29:02 | Computer Name = R40 | Source = W32Time | ID = 39452689
Description = Zeitabieter "NtpClient": Beim DNS-Lookup für den manuell konfigurierten
Peer "time.nist.gov,0x1" ist ein Fehler aufgetreten. Der DNS-Lookup wird in 15 Minuten
wiederholt.
Fehler:
Der Host war bei einem Socketvorgang nicht erreichbar. (0x80072751)
Error - 20.02.2013 10:29:02 | Computer Name = R40 | Source = W32Time | ID = 39452701
Description = Der Zeitanbieter "NtpClient" wurde für die Zeiterfassung von mehreren
Zeitquellen konfiguriert. Es ist jedoch Keine der Quellen verfügbar. Innerhalb der
nächsten 14 Minuten wird kein Versuch unternommen, eine Verbindung mit der Quelle
herzustellen. Der NtpClient verfügt über keine Quelle mit genauer Zeit.
Error - 21.02.2013 17:50:07 | Computer Name = R40 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.36 für die Netzwerkkarte mit der Netzwerkadresse
00061BDA36A8 wurde durch den DHCP-Server 192.168.1.2 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 22.02.2013 17:26:43 | Computer Name = R40 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio
Error - 22.02.2013 17:35:53 | Computer Name = R40 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio
Error - 23.02.2013 12:53:12 | Computer Name = R40 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio
Error - 23.02.2013 17:05:03 | Computer Name = R40 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio
Error - 23.02.2013 17:10:36 | Computer Name = R40 | Source = System Error | ID = 1003
Description = Fehlercode 1000007e, 1. Parameter c0000005, 2. Parameter a4bc6ca1,
3. Parameter f78daa10, 4. Parameter f78da70c.
Error - 24.02.2013 06:03:25 | Computer Name = R40 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avgio
Error - 24.02.2013 06:06:53 | Computer Name = R40 | Source = Wechselmediendienst | ID = 262159
Description = Der Wechselmediendienst kann die Bibliothek CdRom0 nicht verwalten.
Die Datenbank ist beschädigt.
< End of report >
|
|
24.02.2013, 15:16
| #4 |
| /// TB-Ausbilder | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Hallo, mach bitte auch noch ein Gmer-Log: Schritt 1 Lade dir Gmer herunter (auf den Button Download EXE drücken) und speichere das Programm auf den Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
24.02.2013, 22:05
| #5 |
| | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Puh, gmer hat ja stundenlang gebraucht... Hier die Datei: Code:
ATTFilter GMER 2.1.19081 - hxxp://www.gmer.net
Rootkit scan 2013-02-24 21:48:38
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM160HC rev.LQ100-10 149,05GB
Running: b5escp28.exe; Driver: C:\DOKUME~1\Michael\LOKALE~1\Temp\ugtdrpob.sys
---- System - GMER 2.1 ----
SSDT F7A9E27C ZwClose
SSDT F7A9E236 ZwCreateKey
SSDT F7A9E286 ZwCreateSection
SSDT F7A9E22C ZwCreateThread
SSDT F7A9E23B ZwDeleteKey
SSDT F7A9E245 ZwDeleteValueKey
SSDT F7A9E277 ZwDuplicateObject
SSDT F7A9E24A ZwLoadKey
SSDT F7A9E218 ZwOpenProcess
SSDT F7A9E21D ZwOpenThread
SSDT F7A9E29F ZwQueryValueKey
SSDT F7A9E254 ZwReplaceKey
SSDT F7A9E290 ZwRequestWaitReplyPort
SSDT F7A9E24F ZwRestoreKey
SSDT F7A9E28B ZwSetContextThread
SSDT F7A9E295 ZwSetSecurityObject
SSDT F7A9E240 ZwSetValueKey
SSDT F7A9E29A ZwSystemDebugControl
SSDT F7A9E227 ZwTerminateProcess
---- Devices - GMER 2.1 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
Device \FileSystem\ndasrofs \Device\NdasRofsControl ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Direct Access Component/VERITAS Software, Inc.)
Device ndasrofs.sys (NDAS RO File System Driver/XIMETA, Inc.)
Device ndasfs.sys (NDAS LFS Filter/XIMETA, Inc.)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x4D 0x42 0x71 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3A 0x4D 0x42 0x71 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 6152A02BDDF17CE9998BC00FD8333D54B68A015F02258B4480D62E7111E2C80269C5C4628504EFD079BC9C8835EAAC37048B6705AE23C04FB34DF85BE650B1A66365E41ABC2C573740FE719AC51427E14CA94845F4AAE0851B7E107184827BA376D3BB4C3A61ED8EBE0443D57606C3ABA3CA96E7959301CA309FF1562074D40324B7F2144BDD21AA95860BEEC85E4C54F15538DBE87C69E33FE813D107632535BA3CAB31D1A294443CBF363FD2FC42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555A6171C11EC38DE3D6A9A726AA28811D492A04A1C8EBB38B7166762CBD798AC2246B93B5F92A1AB110E1D72786430BB31A53A87A68486006B5819AF613D2B144ED3A6C0518F9EFC410C0E24F3D6D924072CE1E082099F69169C14AE31FA193DBA903E1CB8BF4E558BAC38CA3513DC642FB786ADD44E92ED6E5C0DE4CDFAC4229AFE18A63367064DC39B392C8753265539BA6AC2342902C8DF758ADB3E4CA37FD785A2B5D3EBB2C36FE703922CF7B597670FA4FB3012237B0AA8E89E7B1EBF568CED9E2A23D8D1DBC5835ACD55069E0DB0701FBA49A63EC9411D58BEF2C838EC8C68A0639A5D78F9B648DA2F2CA30CDDBEFE9AE1F2A7323B0C59DCCF88C5404B59051149A9CACCC8627
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 7EC9439BEDA7EA89F0AFA73825271254445633E989A5B7FD762E4EDA768AC571CF617BF160FB320A07575C57488D00097F04B448BDB5594A130A94BBF19535556BA9FE585C148BB86D012DB7E6459FB5B59ED9FA37A1D4BF1DDF2130FB8D93C35AA1EE8554B7C3C729C1FE4E3F3BCEDB027066569C1A38CBEA4D388A4308C435CD5BB1E8A1FE3061E0C076C571ABF2EEA75562E1F6A21A51F705E3CFD8ECAC1C9680F123FDD725A0613B81FC812B72D80ABF19D9341511A55FCDF037347836D8AB4A1D0B0905FE9499014C86D620B97631B59C2B261ABC13E581702DB03C4FC3A909E429469B9B439E76CC2ABFC437994C4DBFFB80B43B58FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794A6171C11EC38DE3DD88A0474420B15142B18AC557C61AF6A39C608339B4AE162B4FEE19922C29A6926B7A44B43CB9C8422CC6893E3D713879C9790ECAF1E3D2739E5787239AB1D513E3736282F4E45DA89CFE58E9A4E2A009D150704B5730DA8BA41ED7D4B64EE0E8E64C309AC4517A0E3320F21AF3AACC5F8255753C4A65CE8D1EB50B2984E89D0262E1C21C4B89DD0DB1995DA9468574691C1B3E4D7E7B6DF365670BA4221EB3D391AD1D4E181E85FBEBEEC009D786BDDEC7A107ACBBC2E7
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
24.02.2013, 22:35
| #6 | |
| /// TB-Ausbilder | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Dann machen wir grad weiter: Schritt 1 Downloade dir bitte AdwCleaner und speichere es auf deinen Desktop.
Schritt 2 Warnung für Mitleser: Combofix sollte nur dann ausgeführt werden, wenn dies explizit von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix.
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
Schritt 3 Starte bitte die OTL.exe.
Bitte poste in deiner nächsten Antwort:
__________________ --> OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei |
|
24.02.2013, 23:14
| #7 |
| | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei den adwcleaner habe ich laufen lassen. Ein Neustart war notwendig. Jetzt ist der Rechner soooo langsam, dass ich nur mit Müh und Not die adw-cleaner-Dateien habe finden können. Die Systemauslastung ist gar nicht mal so hoch (12%) aber irgendwas bremst da unglaublich. p.s. DIESE Nachricht schreibe ich schon von einem anderen Rechner, weil es auf dem R40 nicht vorangeht. |
|
24.02.2013, 23:35
| #8 |
| /// TB-Ausbilder | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Das ist schon etwas merkwürdig. Der AdwCleaner macht eigentlich nichts, was so einen Einbruch bewirken könnte.. Ich hatte schon bei deinem Gmer-Scan ein etwas ungutes Gefühl, der sollte normalerweise auch nicht "stundenlang" dauern. Wie ist es nach einem erneuten Neustart? Unverändert? Kannst du das Log-File des AdwCleaners rausholen (z.B. per USB-Stick) und hier posten?
__________________ cheers, Leo |
|
24.02.2013, 23:44
| #9 |
| | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Hat jetzt fast ne Stunde gedauert, um die beiden adw.Dateien auf nen usb-Stick zu bekommen. Hier die s1: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 24/02/2013 um 22:48:22 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Michael - R40
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Michael\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\SearchResults.xml
Datei Gelöscht : C:\Programme\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gelöscht : C:\WINDOWS\system32\conduitEngine.tmp
Ordner Gelöscht : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gelöscht : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Desktopicon
Ordner Gelöscht : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\jetpack
Ordner Gelöscht : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Conduit
Ordner Gelöscht : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\ConduitEngine
Ordner Gelöscht : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Freeware.de
Ordner Gelöscht : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Ilivid Player
Ordner Gelöscht : C:\Programme\ConduitEngine
Ordner Gelöscht : C:\Programme\Freeware.de
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Freeware.de
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F2A3993-F7FE-48EF-AB71-2A0830CF97D6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0F2A3993-F7FE-48EF-AB71-2A0830CF97D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\Freeware.de
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7113E113-27B2-4ABA-9C08-7508DEC80046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEF6F38-7FC9-4E0D-8E42-AF4D195E292C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFD67789-21B2-468B-9A41-B083A147CCE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freeware.de Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0F2A3993-F7FE-48EF-AB71-2A0830CF97D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476 --> hxxp://www.google.com
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\prefs.js
Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Web Search");
-\\ Google Chrome v18.0.1025.162
Datei : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [7785 octets] - [24/02/2013 22:47:24]
AdwCleaner[S1].txt - [6598 octets] - [24/02/2013 22:48:22]
########## EOF - C:\AdwCleaner[S1].txt - [6658 octets] ##########
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 24/02/2013 um 22:47:24 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Michael - R40
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Michael\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\SearchResults.xml
Datei Gefunden : C:\Programme\Mozilla Firefox\searchplugins\SearchResults.xml
Datei Gefunden : C:\WINDOWS\system32\conduitEngine.tmp
Ordner Gefunden : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
Ordner Gefunden : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Desktopicon
Ordner Gefunden : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\jetpack
Ordner Gefunden : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Conduit
Ordner Gefunden : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\ConduitEngine
Ordner Gefunden : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Freeware.de
Ordner Gefunden : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Ilivid Player
Ordner Gefunden : C:\Programme\ConduitEngine
Ordner Gefunden : C:\Programme\Freeware.de
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Freeware.de
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0F2A3993-F7FE-48EF-AB71-2A0830CF97D6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gefunden : HKCU\Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{0F2A3993-F7FE-48EF-AB71-2A0830CF97D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\Freeware.de
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7113E113-27B2-4ABA-9C08-7508DEC80046}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7AEF6F38-7FC9-4E0D-8E42-AF4D195E292C}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FFD67789-21B2-468B-9A41-B083A147CCE8}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freeware.de Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E111A5C-3D11-4F56-9463-5310C3C69025}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0F2A3993-F7FE-48EF-AB71-2A0830CF97D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeware.de Toolbar
Schlüssel Gefunden : HKU\S-1-5-21-3264421748-380149622-3910952666-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{7E111A5C-3D11-4F56-9463-5310C3C69025}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.6001.18702
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476
-\\ Mozilla Firefox v19.0 (de)
Datei : C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "Web Search");
Gefunden : user_pref("browser.search.defaultthis.engineName", "Freeware.de Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&Sea[...]
Gefunden : user_pref("browser.search.order.1", "Web Search");
-\\ Google Chrome v18.0.1025.162
Datei : C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [7656 octets] - [24/02/2013 22:47:24]
########## EOF - C:\AdwCleaner[R1].txt - [7716 octets] ##########
Jetzt scheint der R40 wieder flotter zu laufen. War den in den gelöschten Pfaden Adware? Oder wie ist die Datei zu verstehen? Geändert von walter_h (24.02.2013 um 23:50 Uhr) |
|
24.02.2013, 23:59
| #10 | ||
| /// TB-Ausbilder | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Hallo, Zitat:
Zitat:
Dann kannst du mit Schritt 2 von vorheriger Liste weitermachen.
__________________ cheers, Leo |
|
25.02.2013, 00:00
| #11 |
| | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Kann es ein Problem sein, dass auf dem Rechner das Programm Malwarbytes drauf ist? Ich geh die nächsten Schritte morgen an! |
|
25.02.2013, 00:11
| #12 | ||
| /// TB-Ausbilder | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-DateiZitat:
Aber du kannst ja mal alles Überflüssige deinstallieren und schauen, ob es danach besser wird. Zitat:
__________________ cheers, Leo |
|
25.02.2013, 20:24
| #13 |
| | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei So, jetzt bin ich mit combofix durch, hier die Datei: Code:
ATTFilter ComboFix 13-02-24.01 - Michael 25.02.2013 19:48:28.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.2047.1060 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Michael\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokume~1\Michael\LOKALE~1\Temp\1.tmp\F_IN_BOX.dll
c:\dokumente und einstellungen\Admin\WINDOWS
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml57.tmp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml58.tmp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\xml59.tmp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlA7.tmp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlA8.tmp
c:\dokumente und einstellungen\All Users\Anwendungsdaten\xmlA9.tmp
c:\dokumente und einstellungen\Default User\WINDOWS
c:\dokumente und einstellungen\Michael\Lokale Einstellungen\Temp\1.tmp\F_IN_BOX.dll
c:\dokumente und einstellungen\Michael\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\unVQ3240.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-25 bis 2013-02-25 ))))))))))))))))))))))))))))))
.
.
2013-02-13 13:07 . 2013-02-13 13:07 -------- d-----w- c:\dokumente und einstellungen\Michael\Anwendungsdaten\Malwarebytes
2013-02-13 13:07 . 2013-02-13 13:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-02-13 13:07 . 2013-02-13 13:07 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2013-02-13 13:07 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-10 17:20 . 2013-02-10 17:19 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-10 17:19 . 2013-02-10 17:19 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-05 15:32 . 2013-02-05 15:32 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-15 08:55 . 2009-05-21 18:18 1080 ----a-w- c:\windows\AUTOLNCH.REG
2013-02-12 10:21 . 2012-04-11 12:36 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 10:21 . 2011-05-19 16:22 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 17:19 . 2012-07-06 15:31 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-10 17:19 . 2010-04-17 15:55 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-26 03:55 . 1979-12-31 22:00 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-07 07:24 . 2002-08-29 01:41 2072064 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-07 07:24 . 1979-12-31 22:00 2195328 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 10:09 . 1979-12-31 22:00 1867392 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 1979-12-31 22:00 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 1979-12-31 22:00 1297920 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:06 . 1979-12-31 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:06 . 1979-12-31 22:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:06 . 1979-12-31 22:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2009-05-21 15:33 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 1979-12-31 22:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2009-06-18 11:16 . 2013-02-20 14:38 10437264 ----a-w- c:\programme\mozilla firefox\plugins\PDFNetC.dll
2009-06-18 11:36 . 2013-02-20 14:38 108272 ----a-w- c:\programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
2013-02-20 14:39 . 2013-02-20 14:38 263064 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\programme\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"ibmmessages"="c:\programme\IBM\Messages By IBM\ibmmessages.exe" [2002-12-19 491520]
"PC Notes Taker"="c:\programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe" [2003-04-01 782396]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"S3TRAY2"="S3Tray2.exe" [2002-07-15 69632]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2008-07-03 118784]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2008-07-03 1323008]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 28672]
"BluetoothAuthenticationAgent"="irprops.cpl" [2008-04-14 380928]
"QCWLICON"="c:\programme\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-03-27 53248]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 94208]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2002-10-31 64000]
"TPKMAPMN"="c:\programme\ThinkPad\Utilities\TpKmapMn.exe" [2003-02-16 32835]
"TP4EX"="tp4ex.exe" [2002-09-03 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2002-11-01 204800]
"tgcmd"="c:\programme\Support.com\bin\tgcmd.exe" [2002-10-16 1622016]
"ibmmessages"="c:\programme\IBM\Messages By IBM\ibmmessages.exe" [2002-12-19 491520]
"StorageGuard"="c:\programme\VERITAS Software\Update Manager\sgtray.exe" [2002-06-17 155648]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2002-11-08 106551]
"HP Lamp"="c:\programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248]
"FreePDF Assistant"="c:\programme\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NPDTRAY"="c:\progra~1\ThinkPad\UTILIT~1\NPDTray.exe" [2002-10-30 204800]
"ArcSoft Connection Service"="c:\programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-30 2528512]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 87751]
"M-Audio Taskbar Icon"="c:\windows\system32\MAFWTray.exe" [2009-07-29 252424]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"InstaLAN"="c:\programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"LexwareInfoService"="c:\programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Michael\Startmenü\Programme\Autostart\
Telefon- und Branchenbuch Frühjahr 2007 - Schnellstarter.lnk - c:\programme\klickTel\Telefon- und Branchenbuch Frühjahr 2007\KSTART32.EXE [2009-6-2 451584]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
NDAS Geräte-Manager.lnk - c:\programme\NDAS\System\ndasmgmt.exe [2010-1-13 283112]
Spyder3Utility.lnk - c:\programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2008-3-19 6333954]
TMMonitor.lnk - c:\programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2010-5-22 258048]
TP-LINK Wireless Configuration Utility.lnk - c:\programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe [2013-1-13 838656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 22:45 28672 ----a-w- c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 19:16 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\IBMTOOLS\\Updater\\jre\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Programme\\Support.com\\Bin\\tgcmd.exe"=
"c:\\Programme\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programme\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\RpcAgentSrv.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2011.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\NetGear\\ProSafe Plus Utility\\ProSafe Plus Utility.exe"=
"c:\\Programme\\NetGear\\ProSafe Plus Utility\\NetGearServer.exe"=
"c:\\Programme\\NetGear\\ProSafe Plus Utility\\NsdpManager.exe"=
"c:\\Programme\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"=
"c:\\Programme\\Sybase\\SQL Anywhere 9\\win32\\dbsrv9.exe"=
"c:\\Programme\\Pegasus Technologies\\PC Notes Taker\\PCNotesTaker.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19540:UDP"= 19540:UDP:SXUPTP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\drivers\fltsrv.sys [11.04.2012 14:08 77696]
R0 ndasfs;ndasfs;c:\windows\system32\drivers\ndasfs.sys [13.01.2010 09:12 562152]
R0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\drivers\vsflt61.sys [11.04.2012 14:09 84544]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [21.10.2011 16:29 36000]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\programme\HWiNFO32\HWiNFO32.SYS [06.03.2011 01:00 20088]
R1 ndasfat;NDAS FAT File System Service;c:\windows\system32\drivers\ndasfat.sys [13.01.2010 09:12 461288]
R1 ndasrofs;NDAS ROFS File System Service;c:\windows\system32\drivers\ndasrofs.sys [13.01.2010 09:12 791528]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [21.05.2009 15:58 12288]
R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [21.10.2011 16:29 86224]
R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [19.08.2011 15:58 152576]
R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [19.08.2011 15:58 49152]
R2 drhard;drhard;c:\windows\system32\drivers\drhard.sys [06.03.2011 02:24 23600]
R2 Lexware_Datenbank_Plus;Lexware Datenbank Plus;c:\programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -hvLexware_Datenbank_Plus --> c:\programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -hvLexware_Datenbank_Plus [?]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.06.2010 18:07 35088]
R2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\Scutum50.sys [13.01.2013 16:56 19072]
R2 TomTomHOMEService;TomTomHOMEService;c:\programme\TomTom HOME 2\TomTomHOMEService.exe [23.01.2012 05:43 92592]
R3 AVMWAN;NDIS WAN CAPI Treiber;c:\windows\system32\drivers\avmwan.sys [16.07.2002 01:00 37568]
R3 FXUSBASE;Teledat X120 (WinXP/2000);c:\windows\system32\drivers\fxusbase.sys [16.07.2002 01:00 498672]
R3 hpusbfd;Hewlett-Packard USB Filter Class;c:\windows\system32\drivers\hpusbfd.sys [25.05.2009 15:46 7552]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\drivers\RTL2832U_IRHID.sys [22.05.2010 17:56 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [22.05.2010 17:56 93344]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\drivers\RTL2832UUSB.sys [22.05.2010 17:56 32800]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [19.08.2011 15:58 246936]
S1 Uim_Vim;UIM Virtual Image Plugin;c:\windows\system32\drivers\Uim_Vim.sys [01.03.2012 15:40 275504]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\drivers\dc3d.sys [09.05.2012 16:29 45288]
S3 hexmagic;hexmagic;\??\c:\windows\system32\drivers\hexmagic.sys --> c:\windows\system32\drivers\hexmagic.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\programme\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [01.10.2002 08:44 802683]
S3 MAFW;Service for M-Audio FireWire;c:\windows\system32\drivers\mafw.sys [12.12.2010 21:28 192392]
S3 NETPPPOI;PPP over ISDN;c:\windows\system32\drivers\NETPPPOI.SYS [23.05.2009 23:53 259072]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [09.12.2010 21:33 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [09.12.2010 21:33 8320]
S3 RNUS;Rally Network USB Storage Driver;c:\windows\system32\DRIVERS\RNUS_HC.sys --> c:\windows\system32\DRIVERS\RNUS_HC.sys [?]
S3 RNUS_BusEnum;Rally Network USB Storage Bus;c:\windows\system32\DRIVERS\RNUS_Bus.sys --> c:\windows\system32\DRIVERS\RNUS_Bus.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe [06.03.2011 02:11 93848]
S3 SiBulk;SiBulk;c:\windows\system32\drivers\SiBulk.sys [05.09.2009 16:30 16768]
S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [01.10.2011 21:00 14592]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\drivers\Spyder3.sys [19.03.2008 14:26 12288]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [28.11.2010 22:41 691696]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-01 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2009-05-21 23:31]
.
2013-02-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3264421748-380149622-3910952666-1004.job
- c:\progra~1\Real\______~1\realupgrade.exe [2010-11-05 10:33]
.
2013-02-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3264421748-380149622-3910952666-1004.job
- c:\progra~1\Real\______~1\realupgrade.exe [2010-11-05 10:33]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~1\MICROS~3\Office\1031\phdintl.dll/phdContext.htm
IE: Bild zum Bildarchiv senden - file://c:\dokumente und einstellungen\Michael\Anwendungsdaten\MGI\PhotoSuite4\Temp\MGI00000.html
TCP: DhcpNameServer = 192.168.1.2
TCP: Interfaces\{A29C7FE0-06D5-4939-85EE-10AC7B3EB02A}: NameServer = 192.168.121.252,192.168.121.253
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\dokumente und einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.goggle.de
FF - prefs.js: network.proxy.type - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-UnlockerAssistant - c:\programme\Unlocker\UnlockerAssistant.exe
HKLM-Run-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
AddRemove-EasyEject Utility - c:\windows\IsUn0407.exe
AddRemove-HP PrecisionScan Pro - c:\windows\IsUn0407.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Power Features - c:\windows\IsUn0407.exe
AddRemove-Presentation Director - c:\windows\IsUn0407.exe
AddRemove-Teledat 150 - c:\windows\IsUn0407.exe
AddRemove-Teledat Konf - c:\windows\IsUn0407.exe
AddRemove-ThinkPad Configuration - c:\windows\IsUn0407.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\programme\DivX\DivXCodecUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-25 20:01
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
tgcmd = "c:\programme\Support.com\bin\tgcmd.exe" /server?ver
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PC Notes Taker = c:\programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe -silent??????????? ??????|????~???,???? ??????????????8???@???????????????????????????? ??L??????|?????????VA?X:???^E?????8?F????s?????>??h>???????UA???????C??????????TA?????????????????X:?????
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="6152A02BDDF17CE9998BC00FD8333D54B68A015F02258B4480D62E7111E2C80269C5C4628504EFD079BC9C8835EAAC37048B6705AE23C04FB34DF85BE650B1A66365E41ABC2C573740FE719AC51427E14CA94845F4AAE0851B7E107184827BA376D3BB4C3A61ED8EBE0443D57606C3ABA3CA96E7959301CA309FF1562074D40324B7F2144BDD21AA95860BEEC85E4C54F15538DBE87C69E33FE813D107632535BA3CAB31D1A294443CBF363FD2FC42FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555A6171C11EC38DE3D6A9A726AA28811D492A04A1C8EBB38B7166762CBD798AC2246B93B5F92A1AB110E1D72786430BB31A53A87A68486006B5819AF613D2B144ED3A6C0518F9EFC410C0E24F3D6D924072CE1E082099F69169C14AE31FA193DBA903E1CB8BF4E558BAC38CA3513DC642FB786ADD44E92ED6E5C0DE4CDFAC4229AFE18A63367064DC39B392C8753265539BA6AC2342902C8DF758ADB3E4CA37FD785A2B5D3EBB2C36FE703922CF7B597670FA4FB3012237B0AA8E89E7B1EBF568CED9E2A23D8D1DBC5835ACD55069E0DB0701FBA49A63EC9411D58BEF2C838EC8C68A0639A5D78F9B648DA2F2CA30CDDBEFE9AE1F2A7323B0C59DCCF88C5404B59051149A9CACCC86270708ECD9D3774F0BEA7D718F76E1C274C4DEB11B11CBD2DBA2D44B21A0BB79F9B5E46C7E4F001581A2E0A94A3797C00C755AE5650265773E584C08EE48177F64B39B49F8C9FF43EDBE7E6BAD5EC313C00753997854EEC4D42FCB207EA94FE266AEABC4E4BBA091A3465634EDFF451331001B0855D951710734F0FDB0EBA071E4233C43D7ECCB89CB8087508B6D23A6E73A03CC68493B24301884EBFD57E90850321B7CEA577C1A7E0079A1672DD8BAF8D4F8975CCF06223D308EFD86D805A353F9B83D5E4EE28D089EC5019D07C296AA15C4A9FACEB89A13A05F34223736DBB6EDC1C9B047B326473991C26B2ADBAC3DA6C30C63C5851E06706E00DE91F92596C71F75A6DF8EB5FC13F05C69D81AE1AC5F677603D1C28BC7168413AD95E5783F83D114334D824F57DE296F5389FB1FA54485AD80EB03F3E53DDA0C12C200FE3B673E579899DED0C14E1E02851BEBB2B5B7F990CB5A40AA86A69918D40E8CF59AC9F79164661A0BE5469763F5A2E02229410FACD5E1AC3EE79E5AAFD1A4EF2F3489FD2A4E54F575CF37DEF16E54D810A9D43C6615548E73BA67E0466DEFC18F957A47B260927F1E40AF3E978AF91FAC3F63349038DF738E77D35BC0B5BB31FE48CB3830CF3BE1291947702A79186F26286D052619C883B07EADDF42A7DC4306081287DC08C7DA0CCF208DC590FC7AFAD165EB99B3BECB7DB432254F0D69834D1AF"
"OODEFRAG10.00.00.01WORKSTATION"="7EC9439BEDA7EA89F0AFA73825271254445633E989A5B7FD762E4EDA768AC571CF617BF160FB320A07575C57488D00097F04B448BDB5594A130A94BBF19535556BA9FE585C148BB86D012DB7E6459FB5B59ED9FA37A1D4BF1DDF2130FB8D93C35AA1EE8554B7C3C729C1FE4E3F3BCEDB027066569C1A38CBEA4D388A4308C435CD5BB1E8A1FE3061E0C076C571ABF2EEA75562E1F6A21A51F705E3CFD8ECAC1C9680F123FDD725A0613B81FC812B72D80ABF19D9341511A55FCDF037347836D8AB4A1D0B0905FE9499014C86D620B97631B59C2B261ABC13E581702DB03C4FC3A909E429469B9B439E76CC2ABFC437994C4DBFFB80B43B58FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794A6171C11EC38DE3DD88A0474420B15142B18AC557C61AF6A39C608339B4AE162B4FEE19922C29A6926B7A44B43CB9C8422CC6893E3D713879C9790ECAF1E3D2739E5787239AB1D513E3736282F4E45DA89CFE58E9A4E2A009D150704B5730DA8BA41ED7D4B64EE0E8E64C309AC4517A0E3320F21AF3AACC5F8255753C4A65CE8D1EB50B2984E89D0262E1C21C4B89DD0DB1995DA9468574691C1B3E4D7E7B6DF365670BA4221EB3D391AD1D4E181E85FBEBEEC009D786BDDEC7A107ACBBC2E764A02E4F2D1E41A6C9F40BB4155CF0B30FA6F4E06055F2D5E3571278864FCD90E0E0789EB30F799E8554DF53454261E1BA78C351CE7E2E30F385C743847D5D2792991F96CAF8BF334FA01DF2E76D9BB6EFD8BE09DC7205E296885BAE37EC9B57D68DF9AEC01A63A4052AE9B68379885EB597656210A076C5B5ACAFD1F792AA5573946901C3EA1FC7745BF914C785E9C46BA68DDEC78DA62C5C91F08AB0B22C7B52DA9C45CE0AB54B4DFB16BF87E7FAAA8C894837C3F33998092096604E7AE45BBFD876740C8C5DA47CF91194071A2DA30CA40978070FCEE953822E8D3AA1F4B7F05EE6993B9C5ADF4EB07CD285DC25C6B2EC32EDA82F5C1015F9826FAD3190D8C418282D2DA5671F42AC801EC33AC63E1048D9FA34DB3F637533075104395BF6255792A3137F24B7226A26D7AC686280B801D07278F1DF79C01BC7659C0E01C728820A1113E6FE68EA1F412F65044E4D5FC0AC464E8EDB18CFAAA8754F69BE0A6C554681044F0F25CFE35B2B56DB1D820767B7E8E603793D37577503272BBCED69B8AC6F77FF1A0E5C66BD5C21DEDC9428D309B0E5FDA93B44C35395528882C543DC945CC0C3FA725A432C65CC46A7E04877847FCB291A866FC0A6ED9EC9FC2E0032D32C2E97AC20A683C94742DEFC1224EB9F22C8B67519029B062887B71DF34E4E2A043FA1AB07986CB1333819764CD6C6E511E7F3C8D539777C864F1C254F8"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(868)
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(560)
c:\windows\system32\msi.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Avira\AntiVir Desktop\avguard.exe
c:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\programme\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\system32\RunDll32.exe
c:\programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
c:\programme\NDAS\System\ndassvc.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\netdde.exe
c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe
c:\programme\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\oodag.exe
c:\programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe
c:\windows\System32\RegSrvc.exe
c:\windows\system32\PNTRoute.exe
c:\programme\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\programme\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\programme\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-02-25 20:07:21 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-02-25 19:07
.
Vor Suchlauf: 4.688.392.192 Bytes frei
Nach Suchlauf: 5.119.782.912 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 3A54041FCCEB1A1C11E802AB81E180B2
|
|
25.02.2013, 22:06
| #14 |
| /// TB-Ausbilder | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei Ok, dann fehlt jetzt nur noch Schritt 3 (ein frisches OTL-Log). Dann geht's weiter.
__________________ cheers, Leo |
|
25.02.2013, 22:28
| #15 |
| | OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei otl ist durch: Code:
ATTFilter OTL logfile created on: 25.02.2013 22:14:25 - Run 7 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Michael\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 60,90% Memory free 3,85 Gb Paging File | 3,08 Gb Available in Paging File | 79,97% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 146,57 Gb Total Space | 4,81 Gb Free Space | 3,28% Space Free | Partition Type: NTFS Computer Name: R40 | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.23 18:36:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe PRC - [2013.02.20 15:39:04 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe PRC - [2012.08.08 19:43:36 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 15:52:25 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.23 11:09:08 | 000,838,656 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe PRC - [2012.01.23 05:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe PRC - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2011.05.27 14:57:28 | 002,015,136 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2011.05.27 14:57:26 | 007,025,568 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2011.05.18 17:28:16 | 001,641,888 | ---- | M] (Affinegy, Inc.) -- C:\Programme\Belkin\Router Setup and Monitor\dlnaPlugin.exe PRC - [2011.04.20 13:02:04 | 001,095,168 | ---- | M] (Belkin International, Inc.) -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Connect.exe PRC - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe PRC - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe PRC - [2010.07.20 11:45:24 | 001,531,904 | ---- | M] (Nokia) -- C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.02.25 18:35:04 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe PRC - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe PRC - [2010.01.13 09:12:32 | 000,283,112 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndasmgmt.exe PRC - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) -- C:\Programme\NDAS\System\ndassvc.exe PRC - [2009.07.29 14:28:40 | 000,252,424 | ---- | M] (Avid Technology, Inc.) -- C:\WINDOWS\system32\MAFWTray.exe PRC - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe PRC - [2008.09.30 18:17:22 | 002,528,512 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe PRC - [2008.07.22 21:44:06 | 000,357,376 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2008.07.03 22:17:00 | 000,118,784 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe PRC - [2007.01.10 14:38:48 | 000,451,584 | ---- | M] (klickTel GmbH) -- C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2007\KSTART32.EXE PRC - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe PRC - [2006.05.30 15:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe PRC - [2003.04.08 16:51:48 | 000,077,903 | ---- | M] (Pegasus Technologies) -- C:\WINDOWS\system32\PNTRoute.EXE PRC - [2003.04.01 13:16:20 | 000,782,396 | ---- | M] (Pegasus Technologies) -- C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe PRC - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE PRC - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe PRC - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe PRC - [2002.12.19 10:02:22 | 000,491,520 | ---- | M] (IBM) -- C:\Programme\IBM\Messages By IBM\ibmmessages.exe PRC - [2002.10.30 01:01:00 | 000,204,800 | ---- | M] (IBM Corp.) -- C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE PRC - [2002.10.16 09:59:54 | 001,622,016 | ---- | M] (SupportSoft, Inc.) -- C:\Programme\Support.com\Bin\tgcmd.exe PRC - [2002.06.07 22:29:59 | 000,061,490 | R--- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office\OUTLOOK.EXE PRC - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ========== Modules (No Company Name) ========== MOD - [2013.02.20 15:39:03 | 003,067,288 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2013.02.12 11:21:36 | 014,586,736 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.05.08 15:52:28 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2012.02.23 11:09:08 | 000,838,656 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe MOD - [2012.02.07 10:16:32 | 001,415,680 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\nicLan.dll MOD - [2011.12.23 17:20:42 | 000,192,512 | ---- | M] () -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\DC_WFF.dll MOD - [2011.05.27 14:57:32 | 000,022,944 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2011.05.27 14:08:56 | 000,660,480 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe MOD - [2011.04.19 15:29:42 | 000,132,608 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkLocalBackup.dll MOD - [2010.08.22 20:01:36 | 007,187,456 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010.08.22 20:01:08 | 000,325,632 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010.08.22 20:01:06 | 001,954,304 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010.08.22 20:01:06 | 000,847,360 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010.08.22 19:32:34 | 000,119,808 | ---- | M] () -- C:\Programme\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe MOD - [2010.01.13 12:29:16 | 000,260,096 | ---- | M] () -- C:\Programme\NDAS\System\ndasmgmt.deu.dll MOD - [2008.11.26 15:59:32 | 000,131,584 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll MOD - [2008.10.22 15:01:00 | 000,200,704 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll MOD - [2008.04.14 03:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2008.03.19 16:00:28 | 006,333,954 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe MOD - [2008.03.19 15:54:46 | 000,327,680 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CGamma.dll MOD - [2008.03.19 14:37:20 | 000,131,072 | ---- | M] () -- C:\Programme\Datacolor\Spyder3Elite\Utility\CSensor.dll MOD - [2008.02.25 21:23:10 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2007.04.19 08:33:00 | 000,035,584 | ---- | M] () -- C:\Programme\ArcSoft\TotalMedia 3.5\uPiApi.dll MOD - [2007.04.02 13:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2006.10.02 10:19:48 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe MOD - [2005.11.30 20:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll MOD - [2005.10.28 20:29:52 | 000,208,896 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll MOD - [2005.07.05 14:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe MOD - [2003.07.03 23:49:30 | 000,024,576 | ---- | M] () -- C:\Programme\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll MOD - [2003.03.27 01:06:02 | 000,561,152 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCON.DLL MOD - [2003.03.27 01:06:02 | 000,053,248 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE MOD - [2003.02.16 23:30:48 | 000,032,835 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapMn.exe MOD - [2002.12.24 16:15:00 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\Utilities\TpKmapHk.dll MOD - [2002.11.15 00:14:28 | 000,143,360 | ---- | M] () -- C:\WINDOWS\system32\AIBMRUNL.dll MOD - [2002.01.08 09:08:22 | 000,051,712 | ---- | M] () -- C:\WINDOWS\system32\ngprtserv.dll MOD - [2001.04.27 10:00:10 | 000,053,248 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\HPLamp.exe ========== Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\PLSRemote.exe -- (PLSRemoteSvc) SRV - [2013.02.20 15:39:04 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.10 18:19:38 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012.05.08 15:52:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 15:52:25 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.23 05:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.12.23 17:20:44 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011.05.27 14:57:30 | 000,562,592 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Programme\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2011.04.19 15:29:42 | 000,152,576 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service) SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Programme\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus) SRV - [2010.10.20 11:22:24 | 000,630,272 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.02.09 14:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Programme\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper) SRV - [2010.01.13 09:12:22 | 000,247,784 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Programme\NDAS\System\ndassvc.exe -- (ndassvc) SRV - [2009.08.10 21:04:48 | 000,093,848 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2008.09.30 18:18:36 | 001,062,144 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.03.27 01:06:02 | 000,049,152 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC) SRV - [2003.01.24 14:37:32 | 000,299,075 | ---- | M] (Intel Corporation ) [Disabled | Stopped] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor) SRV - [2003.01.24 14:36:42 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc) SRV - [2002.02.21 11:05:36 | 000,196,688 | ---- | M] (AVM Berlin) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_Bus.sys -- (RNUS_BusEnum) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RNUS_HC.sys -- (RNUS) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\Michael\LOKALE~1\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\KernExplorer.sys -- (Lavasoft Kernexplorer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hexmagic.sys -- (hexmagic) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Michael\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys -- (cpuz132) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | System | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\AFGMp50.sys -- (AFGMp50) DRV - [2012.05.08 15:52:28 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 15:52:28 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.11 14:09:05 | 000,084,544 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vsflt61.sys -- (vidsflt61) DRV - [2012.04.11 14:08:38 | 000,077,696 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\fltsrv.sys -- (fltsrv) DRV - [2012.03.01 15:40:30 | 000,452,016 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM) DRV - [2012.03.01 15:40:30 | 000,275,504 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Uim_Vim.sys -- (Uim_Vim) DRV - [2012.03.01 15:40:30 | 000,081,200 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus) DRV - [2011.12.23 17:21:04 | 001,195,200 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2011.12.23 17:20:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.10 15:39:48 | 000,045,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc3d.sys -- (dc3d) DRV - [2010.11.28 22:41:23 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010.09.29 23:13:46 | 000,020,088 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Programme\HWiNFO32\HWiNFO32.SYS -- (HWiNFO32) DRV - [2010.08.22 20:01:54 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AFGSp50.sys -- (AFGSp50) DRV - [2010.06.25 18:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2010.01.13 09:12:46 | 000,556,008 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\lfsfilt.sys -- (lfsfilt) DRV - [2010.01.13 09:12:44 | 000,119,784 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\lpx.sys -- (lpx) DRV - [2010.01.13 09:12:40 | 000,385,512 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ndasbus.sys -- (ndasbus) DRV - [2010.01.13 09:12:36 | 000,562,152 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\ndasfs.sys -- (ndasfs) DRV - [2010.01.13 09:12:36 | 000,461,288 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasfat.sys -- (ndasfat) DRV - [2010.01.13 09:12:28 | 000,791,528 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ndasrofs.sys -- (ndasrofs) DRV - [2010.01.13 09:12:24 | 000,377,320 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ndasscsi.sys -- (ndasscsi) DRV - [2009.11.17 10:13:04 | 000,014,592 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiUSBXp.sys -- (SIUSBXP) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.10.26 09:43:54 | 000,032,800 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009.10.26 09:43:52 | 000,093,344 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009.10.05 19:20:26 | 000,031,872 | ---- | M] (Realtek) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys -- (SANDRA) DRV - [2009.07.29 14:28:18 | 000,192,392 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mafw.sys -- (MAFW) DRV - [2009.06.22 15:50:00 | 000,246,936 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sxuptp.sys -- (sxuptp) DRV - [2009.02.17 11:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.02.17 11:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 19:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2007.12.12 12:11:08 | 000,012,288 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Spyder3.sys -- (Spyder3) DRV - [2006.11.28 21:46:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50) DRV - [2006.11.10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc) DRV - [2005.12.01 11:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\drhard.sys -- (drhard) DRV - [2004.06.18 19:23:56 | 000,016,768 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SiBulk.sys -- (SiBulk) DRV - [2003.05.14 16:28:14 | 000,011,048 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk536.sys -- (USBCamera) DRV - [2003.04.29 21:01:06 | 000,542,592 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2003.03.27 01:06:02 | 000,002,295 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS -- (IBMTPCHK) DRV - [2003.03.12 13:16:44 | 002,390,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) DRV - [2003.01.12 15:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2002.11.20 13:52:14 | 000,033,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3) DRV - [2002.11.01 00:31:00 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint) DRV - [2002.11.01 00:31:00 | 000,012,288 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWR.SYS -- (TPPWR) DRV - [2002.11.01 00:31:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI) DRV - [2002.10.30 01:01:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP) DRV - [2002.10.18 10:07:34 | 001,156,672 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2002.07.16 01:00:00 | 000,498,672 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2002.07.16 01:00:00 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2002.07.15 12:45:28 | 000,095,104 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3ssavm.sys -- (S3SSavage) DRV - [2002.05.22 08:40:40 | 000,007,552 | ---- | M] (Hewlett-Packard Co.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hpusbfd.sys -- (hpusbfd) DRV - [2002.02.21 11:05:36 | 000,259,072 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETPPPOI.SYS -- (NETPPPOI) DRV - [2001.09.18 11:00:00 | 000,167,816 | ---- | M] (OmniVision Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\omcamvid.sys -- (OVT511Plus) DRV - [2001.08.17 12:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack) DRV - [2001.08.17 12:28:10 | 000,802,683 | ---- | M] (Lucent Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LTSM.sys -- (LucentSoftModem) DRV - [1996.04.03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.goggle.de" FF - prefs.js..extensions.enabledAddons: %7Be001c731-5e37-4538-a5cb-8168736a2360%7D:0.9.9.119 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8rc3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us04.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000'%3B%7D%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D" FF - prefs.js..network.proxy.type: 2 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.12.10 00:27:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.02.20 15:39:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.20 15:38:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.12.10 00:27:50 | 000,000,000 | ---D | M] [2011.09.08 19:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions [2009.06.02 12:13:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2013.02.22 20:17:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions [2012.07.05 22:09:11 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012.03.09 18:16:07 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2) [2013.01.21 16:54:38 | 000,315,066 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013.02.22 20:17:24 | 000,531,369 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.15 09:43:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.09 18:16:06 | 000,521,144 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\extensions\staged(2)\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2010.02.17 14:25:58 | 000,001,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Profiles\s6834c61.default\searchplugins\wolframalpha.xml [2013.02.20 15:38:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.06.21 20:13:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2013.02.20 15:39:04 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.12.18 23:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npstrlnk.dll [2011.10.26 19:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll [2009.06.18 12:16:18 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll [2009.06.18 12:36:06 | 000,108,272 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011.12.29 09:09:21 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 14:19:14 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.12.29 09:09:21 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.12.29 09:09:21 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.12.29 09:09:21 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.12.29 09:09:21 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\18.0.1025.162\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Programme\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: ScorchPlugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPSibelius.dll CHR - plugin: NapsterLink (Enabled) = C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Adblock Plus = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.1_0\ CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: NotScripts = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\odjhifogjcknibkahlpidmdajjpkkcfn\0.9.6_0\ CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013.02.25 19:59:27 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found. O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (VERITAS Software, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\irprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [BMMGAG] C:\Programme\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Lamp] C:\Programme\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe () O4 - HKLM..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKLM..\Run: [InstaLAN] C:\Programme\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\MAFWTray.exe (Avid Technology, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [NPDTRAY] C:\Programme\ThinkPad\Utilities\NPDTRAY.EXE (IBM Corp.) O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [QCWLICON] C:\Programme\ThinkPad\ConnectUtilities\QCWLICON.EXE () O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.) O4 - HKLM..\Run: [StorageGuard] c:\Programme\VERITAS Software\Update Manager\sgtray.exe (VERITAS Software, Inc.) O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.) O4 - HKLM..\Run: [tgcmd] C:\Programme\Support.com\bin\tgcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation) O4 - HKLM..\Run: [TPHOTKEY] C:\Programme\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe () O4 - HKLM..\Run: [TPKMAPMN] C:\Programme\ThinkPad\Utilities\TpKmapMn.exe () O4 - HKU\S-1-5-21-3264421748-380149622-3910952666-1004..\Run: [ibmmessages] C:\Programme\IBM\Messages By IBM\ibmmessages.exe (IBM) O4 - HKU\S-1-5-21-3264421748-380149622-3910952666-1004..\Run: [PC Notes Taker] C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe (Pegasus Technologies) O4 - HKU\S-1-5-21-3264421748-380149622-3910952666-1004..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\NDAS Geräte-Manager.lnk = C:\Programme\NDAS\System\ndasmgmt.exe (XIMETA, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Spyder3Utility.lnk = C:\Programme\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TMMonitor.lnk = C:\Programme\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TP-LINK Wireless Configuration Utility.lnk = C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () O4 - Startup: C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Autostart\Telefon- und Branchenbuch Frühjahr 2007 - Schnellstarter.lnk = C:\Programme\klickTel\Telefon- und Branchenbuch Frühjahr 2007\KSTART32.EXE (klickTel GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-3264421748-380149622-3910952666-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - C:\Programme\Microsoft Office\Office\1031\PHDINTL.DLL (Microsoft Corporation) O8 - Extra context menu item: Bild zum Bildarchiv senden - file://C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MGI\PhotoSuite4\Temp\MGI00000.html File not found O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242923080286 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{19356C41-6FB9-4C19-ADA8-9D0A1DBE80BA}: DhcpNameServer = 192.168.169.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A29C7FE0-06D5-4939-85EE-10AC7B3EB02A}: NameServer = 192.168.121.252,192.168.121.253 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B54CB423-672B-427E-8E56-2233D6FB9A46}: DhcpNameServer = 192.168.1.2 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 () - hxxp://bits.wikimedia.org/skins-1.5/common/images/sort_none.gif O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mozilla\Firefox\Desktop-Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.05.21 16:20:48 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 20:52:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.02.25 19:44:44 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.02.25 19:42:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.02.25 19:42:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.02.25 19:42:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.02.25 19:42:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.02.25 19:41:53 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.25 19:41:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.02.25 19:35:44 | 005,034,894 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Michael\Desktop\ComboFix.exe [2013.02.23 18:36:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe [2013.02.20 15:38:46 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.02.13 14:07:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Malwarebytes [2013.02.13 14:07:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.13 14:07:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.13 14:07:00 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.13 14:07:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.10 14:56:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Startmenü\Programme\Revo Uninstaller [2013.02.06 06:47:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\FilmeSchule [2013.02.05 16:32:47 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [2013.02.02 00:00:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Michael\Desktop\iui [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.25 21:05:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG [2013.02.25 20:00:59 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.02.25 19:59:27 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.02.25 19:59:11 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3264421748-380149622-3910952666-1004.job [2013.02.25 19:58:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.25 19:58:50 | 2146,422,784 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 19:58:48 | 000,412,471 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor [2013.02.25 19:44:52 | 000,000,327 | RHS- | M] () -- C:\BOOT.INI [2013.02.25 19:36:09 | 005,034,894 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Michael\Desktop\ComboFix.exe [2013.02.25 18:05:51 | 000,000,054 | ---- | M] () -- C:\WINDOWS\SoSoHD3.INI [2013.02.24 22:42:49 | 000,594,019 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\adwcleaner.exe [2013.02.24 15:32:04 | 000,376,832 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\b5escp28.exe [2013.02.23 18:36:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Michael\Desktop\OTL.exe [2013.02.23 17:07:54 | 000,000,016 | -H-- | M] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SyncToy_41d7829c-1905-4c51-9042-03ee7bbb3f2e.dat [2013.02.14 11:59:24 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable [2013.02.13 14:07:02 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.13 13:42:52 | 000,509,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.13 11:38:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.13 11:38:15 | 002,003,790 | ---- | M] () -- C:\WINDOWS\iis6.BAK [2013.02.13 11:26:14 | 000,517,538 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.13 11:26:14 | 000,494,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.13 11:26:14 | 000,101,584 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.13 11:26:14 | 000,084,636 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.12 17:35:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3264421748-380149622-3910952666-1004.job [2013.02.10 14:56:14 | 000,000,900 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Revo Uninstaller.lnk [2013.02.08 18:19:38 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.02.07 00:54:14 | 1178,434,572 | ---- | M] () -- C:\arte_02_07_2013_00_02_01.mpg [2013.02.07 00:01:40 | 005,223,204 | ---- | M] () -- C:\arte_02_07_2013_00_01_29.mpg [2013.02.07 00:01:04 | 005,278,476 | ---- | M] () -- C:\arte_02_07_2013_00_00_47.mpg [2013.02.07 00:00:37 | 013,324,500 | ---- | M] () -- C:\arte_02_07_2013_00_00_01.mpg [2013.02.05 16:34:16 | 000,171,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip [2013.01.29 16:25:47 | 000,038,460 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif [2013.01.28 20:08:19 | 000,086,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.25 19:44:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.02.25 19:44:48 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.02.25 19:42:09 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.02.25 19:42:09 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.02.25 19:42:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.02.25 19:42:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.02.25 19:42:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.02.24 22:42:53 | 000,594,019 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\adwcleaner.exe [2013.02.24 15:32:15 | 000,376,832 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\b5escp28.exe [2013.02.23 17:07:54 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Michael\Eigene Dateien\SyncToy_41d7829c-1905-4c51-9042-03ee7bbb3f2e.dat [2013.02.14 11:59:00 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\defogger_reenable [2013.02.13 14:07:02 | 000,000,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.07 00:02:01 | 1178,434,572 | ---- | C] () -- C:\arte_02_07_2013_00_02_01.mpg [2013.02.07 00:01:29 | 005,223,204 | ---- | C] () -- C:\arte_02_07_2013_00_01_29.mpg [2013.02.07 00:00:47 | 005,278,476 | ---- | C] () -- C:\arte_02_07_2013_00_00_47.mpg [2013.02.07 00:00:01 | 013,324,500 | ---- | C] () -- C:\arte_02_07_2013_00_00_01.mpg [2013.02.05 16:34:30 | 000,171,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\superequ-0.03.zip [2013.01.29 16:25:51 | 000,038,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\fax.tif [2013.01.28 20:08:18 | 000,086,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Desktop\Flash.pdf [2013.01.13 16:56:30 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2013.01.13 16:56:30 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll [2013.01.13 16:56:30 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2013.01.13 16:56:30 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2013.01.13 16:55:50 | 000,014,181 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012.02.15 07:46:49 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.10.03 14:00:44 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll [2011.09.15 21:57:48 | 000,037,755 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.ADR [2011.09.15 19:38:26 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat [2011.09.15 19:38:26 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat [2011.09.03 23:50:41 | 000,000,496 | RHS- | C] () -- C:\Dokumente und Einstellungen\Michael\ntuser.pol [2011.06.19 21:32:00 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\RoomEQWizardV5-Path [2011.06.14 13:48:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.05.29 21:46:31 | 000,000,470 | ---- | C] () -- C:\WINDOWS\System32\Dext536.ini [2011.03.06 02:11:06 | 010,977,280 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2011.01.06 18:27:38 | 000,011,453 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Microsoft Excel.TSK [2011.01.06 18:08:25 | 000,011,463 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Tabulatorgetrennte Werte (DOS).TSK [2010.12.04 20:14:38 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\n.wav [2010.12.04 20:14:06 | 275,454,524 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\j.wav [2009.06.21 19:50:13 | 000,127,488 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.05.22 21:31:06 | 007,294,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Michael\Lokale Einstellungen\Anwendungsdaten\filesync.metadata ========== ZeroAccess Check ========== [2009.05.22 18:14:14 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.03.03 00:10:15 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 03:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.05.21 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\VERITAS [2009.05.21 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VERITAS [2012.11.01 16:22:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton [2012.04.11 15:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2010.10.10 12:07:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Activ Software [2011.08.19 19:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Affinegy [2011.08.19 15:58:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Belkin [2010.01.27 17:40:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2012.04.11 16:36:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\clonehdd [2010.11.28 22:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010.04.04 15:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2012.12.09 19:19:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2012.04.11 16:36:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher [2012.04.11 16:43:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ftw [2012.01.17 19:43:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ibm [2010.12.09 21:31:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.04.11 16:36:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher [2012.02.21 11:46:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lexware [2009.05.25 15:58:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Napster [2009.06.02 13:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2012.03.07 21:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF [2010.12.09 23:22:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.12.10 00:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2011.09.07 00:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Overlook [2010.12.09 23:38:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.11.16 20:11:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PIXELA [2010.10.10 12:10:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Promethean [2009.05.23 19:29:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT [2009.05.23 23:47:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teledat [2009.06.02 12:20:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2013.01.13 16:56:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2010.04.04 15:54:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2011.07.06 15:51:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{075F7537-CA93-49E5-A04A-8EBA1F0F84E7} [2009.05.21 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\VERITAS [2012.04.11 14:09:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\7E84B114-7060-428F-ABDB-40EFD790968C [2012.11.01 16:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ableton [2012.04.11 14:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Acronis [2010.03.20 19:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Amazon [2012.12.27 12:14:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Audacity [2010.10.10 15:22:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\beSoft [2010.01.30 15:25:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Canneverbe Limited [2010.11.28 22:49:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DAEMON Tools Lite [2011.01.08 21:13:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\EAC [2012.12.09 19:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\elsterformular [2011.07.06 15:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\GetRightToGo [2010.05.27 18:28:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\HarmonicTune [2009.06.07 19:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\IBM [2011.02.15 21:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\IGC [2009.09.04 21:32:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\InterVideo [2009.12.05 12:40:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Klett [2009.06.02 16:48:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\klickIdent [2009.06.05 10:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\klickTel [2012.02.21 11:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Lexware [2012.07.07 23:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\LibreOffice [2012.11.18 17:40:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\mathegrafix [2012.03.07 21:09:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nitro PDF [2010.12.10 00:44:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nokia [2010.12.10 00:44:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nokia Ovi Suite [2009.06.21 23:20:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\OpenOffice.org [2012.07.06 16:31:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Oracle [2011.09.07 00:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Overlook [2010.12.10 00:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PC Suite [2010.10.10 12:09:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Promethean [2013.02.04 22:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\QuickScan [2009.07.03 06:45:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\RecordNow [2009.05.25 15:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Teledat [2009.06.02 12:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TomTom [2013.01.14 00:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TP-LINK [2009.05.21 16:07:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VERITAS [2010.03.26 23:48:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VideoReDo-TVSuite [2010.08.31 10:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\VideoReDoPlus [2011.07.02 09:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\XMedia Recode ========== Purity Check ========== < End of report > |
|
| Themen zu OTL erzeugt keine Extra.txt-Datei, nur die OTL.txt-Datei |
| .com, ad-aware, adblock, adobe, antivir, askbar, avg, avira, bho, cdburnerxp, defender, einstellungen, error, firefox, format, google, helper, home, lenovo, logfile, monitor, mozilla, object, plug-in, realtek, scan, senden, software, temp, usb |
Linear-Darstellung
