|
Plagegeister aller Art und deren Bekämpfung: AKM Virus eingefagen windows xpWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
10.04.2015, 20:39 | #1 |
| AKM Virus eingefagen windows xp Hallo liebes Trojaner-Board, auch ich habe mir leider den AKM Virus eingefangen. HAbe lt. Anleitung alles schon gemacht und anbei meine beiden log.datein. Für Eure weitere Hilfe bin ich euch sehr dankbar. lg stefan |
10.04.2015, 21:35 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AKM Virus eingefagen windows xp Hi und
__________________Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
17.04.2015, 14:09 | #3 |
| AKM Virus eingefagen windows xp Hallo,
__________________sorry das ich mich erst jetzt melde, war die ganze Woche über auf Montage OTL Code:
ATTFilter OTL logfile created on: 4/11/2015 1:18:22 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 152.67 Gb Total Space | 95.51 Gb Free Space | 62.56% Space Free | Partition Type: NTFS Drive D: | 232.88 Gb Total Space | 57.56 Gb Free Space | 24.72% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet007 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (CLTNetCnService) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - [2015/01/30 12:29:10 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015/01/18 12:10:08 | 000,114,800 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2014/11/08 05:53:01 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto] -- D:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2014/04/09 09:12:50 | 000,235,696 | ---- | M] (McAfee, Inc.) [On_Demand] -- D:\Programme\McAfee Security Scan\3.8.150\McCHSvc.exe -- (McComponentHostService) SRV - [2012/06/16 08:54:51 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- D:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto] -- D:\Programme\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS) SRV - [2012/05/16 18:00:00 | 000,126,128 | ---- | M] (Seiko Epson Corporation) [Auto] -- D:\WINDOWS\system32\escsvc.exe -- (EpsonScanSvc) SRV - [2011/04/15 05:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011/03/09 15:22:04 | 000,008,192 | ---- | M] () [Auto] -- D:\WINDOWS\system32\srvany.exe -- (KMService) SRV - [2010/06/14 09:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- D:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010/01/09 15:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010/01/09 15:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009/11/08 04:54:55 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- D:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2009/10/23 22:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto] -- D:\Programme\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2009/08/21 04:27:24 | 000,102,400 | ---- | M] (Wireless Service) [On_Demand] -- D:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService) SRV - [2007/06/27 14:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- D:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2006/11/03 14:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) SRV - [2006/10/26 08:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (USBAAPL) DRV - File not found [Kernel | On_Demand] -- -- (SynasUSB) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2015/01/24 07:53:17 | 001,636,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20150130.022\NAVEX15.SYS -- (NAVEX15) DRV - [2015/01/24 07:53:17 | 000,095,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\VirusDefs\20150130.022\NAVENG.SYS -- (NAVENG) DRV - [2015/01/14 15:39:01 | 000,475,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\IPSDefs\20150130.001\IDSXpx86.sys -- (IDSxpx86) DRV - [2015/01/06 15:15:27 | 001,164,504 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\Definitions\BASHDefs\20150106.001\BHDrvx86.sys -- (BHDrvx86) DRV - [2014/12/14 06:03:55 | 000,378,672 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2014/12/14 06:03:55 | 000,111,408 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2012/07/30 15:06:57 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2012/07/05 22:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | System] -- D:\WINDOWS\System32\Drivers\NIS\1309010.00E\SRTSP.SYS -- (SRTSP) DRV - [2012/07/05 22:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1309010.00E\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL) DRV - [2012/06/07 00:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1309010.00E\ccSetx86.sys -- (ccSet_NIS) DRV - [2012/05/21 21:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot] -- D:\WINDOWS\system32\drivers\NIS\1309010.00E\symefa.sys -- (SymEFA) DRV - [2012/04/17 22:13:32 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\System32\Drivers\NIS\1309010.00E\SYMTDI.SYS -- (SYMTDI) DRV - [2012/04/17 21:42:14 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\WINDOWS\system32\drivers\NIS\1309010.00E\Ironx86.SYS -- (SymIRON) DRV - [2012/03/29 02:28:25 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\NIS\1309010.00E\symds.sys -- (SymDS) DRV - [2009/12/12 05:07:13 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2009/07/17 11:23:46 | 000,476,544 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73) DRV - [2009/06/27 06:41:00 | 000,281,760 | ---- | M] () [Kernel | Auto] -- D:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009/06/27 06:41:00 | 000,025,888 | ---- | M] () [Kernel | Auto] -- D:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/02/09 13:10:04 | 000,029,411 | ---- | M] () [Kernel | Auto] -- D:\WINDOWS\system32\ANIO.sys -- (ANIO) DRV - [2008/12/02 16:34:54 | 000,094,624 | ---- | M] (AlcaTech) [Kernel | Boot] -- D:\WINDOWS\system32\drivers\mmrtkrnl.sys -- (MMRTKRNL) DRV - [2008/07/30 01:51:30 | 000,277,736 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- D:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11) DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008/04/13 14:45:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2007/03/06 00:27:32 | 000,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2007/03/06 00:27:28 | 000,058,752 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2006/09/01 07:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto] -- D:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2006/07/20 11:43:00 | 000,340,864 | R--- | M] (DiBcom) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\mod7700.sys -- (mod7700) DRV - [2006/07/19 07:29:08 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe) DRV - [2006/07/19 07:28:56 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2006/07/19 07:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd) DRV - [2002/11/18 03:51:40 | 000,377,358 | R--- | M] (C-Media Inc) [Kernel | On_Demand] -- D:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = E:\System32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = E:\System32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = E:\System32\blank.htm IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\LocalService_ON_D\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = E:\System32\blank.htm IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\NetworkService_ON_D\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\Steve_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome IE - HKU\Steve_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = E:\System32\blank.htm IE - HKU\Steve_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch IE - HKU\Steve_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage IE - HKU\Steve_ON_D\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\Steve_ON_D\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - D:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\Steve_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: D:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.71.2: D:\Programme\Java\jre7\bin\dtplugin\npdeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.71.2: D:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Programme\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Programme\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Programme\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: D:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: D:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: D:\Programme\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 06:09:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: E:\Programme\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014/10/04 15:50:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.1.5\coFFPlgn\ [2015/04/10 16:38:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Components: E:\Programme\Mozilla Firefox\components [2015/01/18 12:09:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 35.0\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2015/01/18 12:09:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2012/04/29 04:06:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins [2014/10/04 15:51:09 | 000,000,000 | ---D | M] [2015/01/18 12:09:54 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\browser\extensions [2015/01/18 12:10:09 | 000,000,000 | ---D | M] (Default) -- D:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015/01/30 11:31:29 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\updated\browser\extensions [2015/01/30 11:33:08 | 000,000,000 | ---D | M] (Default) -- D:\Programme\Mozilla Firefox\updated\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/11/13 20:47:38 | 000,098,304 | ---- | M] (DivX, Inc) -- D:\Programme\mozilla firefox\plugins\npDivxPlayerPlugin.dll [2014/08/03 05:54:28 | 000,188,304 | ---- | M] (Adobe Systems Inc.) -- D:\Programme\mozilla firefox\plugins\nppdf32.dll [2011/07/02 10:57:11 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Programme\mozilla firefox\plugins\npqtplugin.dll [2011/07/02 10:57:11 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Programme\mozilla firefox\plugins\npqtplugin2.dll [2011/07/02 10:57:11 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Programme\mozilla firefox\plugins\npqtplugin3.dll [2011/07/02 10:57:11 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Programme\mozilla firefox\plugins\npqtplugin4.dll [2011/07/02 10:57:11 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Programme\mozilla firefox\plugins\npqtplugin5.dll [2011/07/02 10:57:11 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Programme\mozilla firefox\plugins\npqtplugin6.dll [2011/07/02 10:57:11 | 000,159,744 | ---- | M] (Apple Inc.) -- D:\Programme\mozilla firefox\plugins\npqtplugin7.dll [2011/03/22 14:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- D:\Programme\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2011/04/23 08:23:38 | 000,000,825 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Programme\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Programme\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) O3 - HKU\Steve_ON_D\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\Steve_ON_D\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\Steve_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\Steve_ON_D\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - D:\Programme\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.) O3 - HKU\Steve_ON_D\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Programme\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Programme\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe ARM] D:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ANIWZCS2Service] D:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Wireless Service) O4 - HKLM..\Run: [Autodesk Sync] D:\Programme\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) O4 - HKLM..\Run: [BCSSync] D:\Programme\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [EEventManager] D:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] D:\Programme\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] D:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogitechCommunicationsManager] D:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.) O4 - HKLM..\Run: [NvBackend] D:\Programme\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation) O4 - HKLM..\Run: [Windows Defender] D:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_D..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_D..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Steve_ON_D..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Steve_ON_D..\Run: [DAEMON Tools Lite] D:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\Steve_ON_D..\Run: [EPLTarget\P0000000000000000] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIKBE.EXE (SEIKO EPSON CORPORATION) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = D:\Programme\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) O4 - Startup: D:\Dokumente und Einstellungen\Steve\Startmenü\Programme\Autostart\AutoStarter.lnk = File not found O4 - Startup: D:\Dokumente und Einstellungen\Steve\Startmenü\Programme\Autostart\ja.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\LocalService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O7 - HKU\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1 O7 - HKU\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Encarta Suchleiste - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - D:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - D:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1230806575757 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1260188110218 (MUWebControl Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - D:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - D:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (E:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe) - D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software\TuneUp Utilities 2011\WinStyler\tu_logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - D:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - D:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - D:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - D:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - D:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - D:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - D:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - D:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - D:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O27 - HKLM IFEO\netviewer.exe: Debugger - "E:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" File not found O27 - HKLM IFEO\scrconfig.exe: Debugger - "E:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" File not found O27 - HKLM IFEO\smb5 loader v3.0.1.exe: Debugger - "E:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" File not found O27 - HKLM IFEO\smkonv.exe: Debugger - "E:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" File not found O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - D:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - D:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - D:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - D:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - D:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - D:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - D:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - D:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - D:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/31 09:34:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [19 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2015/04/10 16:38:15 | 000,013,646 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl [2015/04/10 16:38:10 | 000,001,044 | ---- | M] () -- D:\WINDOWS\tasks\Google Software Updater.job [2015/04/10 16:37:59 | 000,000,464 | ---- | M] () -- D:\WINDOWS\tasks\SDMsgUpdate (TE).job [2015/04/10 16:37:53 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat [2015/04/10 16:36:07 | 000,520,720 | ---- | M] () -- D:\WINDOWS\System32\perfh007.dat [2015/04/10 16:36:07 | 000,496,908 | ---- | M] () -- D:\WINDOWS\System32\perfh009.dat [2015/04/10 16:36:07 | 000,102,250 | ---- | M] () -- D:\WINDOWS\System32\perfc007.dat [2015/04/10 16:36:07 | 000,085,392 | ---- | M] () -- D:\WINDOWS\System32\perfc009.dat [2015/04/10 16:35:54 | 000,003,226 | ---- | M] () -- D:\WINDOWS\System32\nvAppTimestamps [2015/04/10 16:34:39 | 000,000,322 | -H-- | M] () -- D:\WINDOWS\tasks\MP Scheduled Scan.job [2015/04/10 16:32:42 | 000,000,216 | ---- | M] () -- D:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job [2015/04/10 16:32:23 | 000,001,086 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015/04/10 16:32:23 | 000,000,222 | ---- | M] () -- D:\WINDOWS\tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job [2015/04/07 18:41:00 | 000,000,917 | ---- | M] () -- D:\WINDOWS\tasks\EPSON WF-7610 Series Update {12FC5F39-FAF3-499A-BB91-EDE57C811357}.job [2015/04/07 18:41:00 | 000,000,731 | ---- | M] () -- D:\WINDOWS\tasks\EPSON WF-7610 Series Invitation {12FC5F39-FAF3-499A-BB91-EDE57C811357}.job [2015/04/07 18:27:00 | 000,000,884 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job [2015/04/07 18:22:38 | 000,001,090 | ---- | M] () -- D:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [19 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ] [1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2015/01/30 13:03:24 | 000,605,082 | ---- | C] () -- D:\Dokumente und Einstellungen\Steve\Anwendungsdaten\loadit.exe [2015/01/18 08:44:48 | 000,000,532 | ---- | C] () -- D:\WINDOWS\eReg.dat [2014/12/05 06:30:42 | 131,741,022 | ---- | C] () -- D:\Dokumente und Einstellungen\Steve\Anwendungsdaten\autostarter.exe [2014/11/08 06:05:06 | 003,826,628 | ---- | C] () -- D:\WINDOWS\System32\nvcoproc.bin [2014/11/08 05:59:58 | 002,294,284 | ---- | C] () -- D:\WINDOWS\System32\nvdata.data [2014/10/13 16:16:25 | 000,000,000 | ---- | C] () -- D:\WINDOWS\EEventManager.INI [2012/07/01 09:39:32 | 000,008,192 | -HS- | C] () -- D:\WINDOWS\o2cLicStore.bin [2012/07/01 03:29:17 | 000,000,520 | ---- | C] () -- D:\WINDOWS\netdet.ini [2012/06/16 15:56:40 | 000,571,826 | ---- | C] () -- D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1123561945-287218729-725345543-1004-0.dat [2012/06/16 15:56:38 | 000,365,570 | ---- | C] () -- D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012/02/17 14:30:34 | 000,003,072 | ---- | C] () -- D:\WINDOWS\System32\iacenc.dll [2011/07/07 13:09:48 | 000,000,013 | ---- | C] () -- D:\WINDOWS\System32\asdrawim.ini [2011/03/09 15:18:25 | 000,008,192 | ---- | C] () -- D:\WINDOWS\System32\srvany.exe [2010/12/28 13:53:09 | 000,000,195 | ---- | C] () -- D:\Dokumente und Einstellungen\Steve\default.pls [2010/08/03 06:54:35 | 000,010,240 | ---- | C] () -- D:\WINDOWS\System32\vidx16.dll [2010/06/16 13:03:11 | 001,405,660 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb0.bin [2010/06/16 13:03:08 | 001,405,660 | ---- | C] () -- D:\WINDOWS\System32\nvdrsdb1.bin [2010/06/16 13:03:08 | 000,000,001 | ---- | C] () -- D:\WINDOWS\System32\nvdrssel.bin [2010/06/16 13:02:00 | 002,293,194 | ---- | C] () -- D:\WINDOWS\System32\nvdata.bin [2010/05/05 11:12:53 | 000,000,000 | ---- | C] () -- D:\WINDOWS\WinInit.ini [2010/02/11 13:18:06 | 000,315,392 | ---- | C] () -- D:\WINDOWS\System32\ANIOApi.dll [2010/02/11 13:18:06 | 000,048,640 | ---- | C] () -- D:\WINDOWS\System32\ANIO64.sys [2010/02/11 13:18:06 | 000,029,411 | ---- | C] () -- D:\WINDOWS\System32\ANIO.sys [2010/02/11 13:17:57 | 000,258,048 | ---- | C] () -- D:\WINDOWS\System32\wlanapp.dll [2010/02/11 13:17:56 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\JJAKEn.dll [2010/02/11 13:17:56 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\AQCKGen.dll [2010/02/11 13:17:56 | 000,045,115 | ---- | C] () -- D:\WINDOWS\System32\ANICtl.dll [2009/09/30 06:05:48 | 000,290,816 | ---- | C] () -- D:\WINDOWS\System32\nsldap32v60.dll [2009/09/27 08:27:39 | 000,000,151 | ---- | C] () -- D:\WINDOWS\PhotoSnapViewer.INI [2009/04/24 15:03:22 | 000,162,304 | ---- | C] () -- D:\WINDOWS\System32\ztvunrar36.dll [2009/04/24 15:03:22 | 000,077,312 | ---- | C] () -- D:\WINDOWS\System32\ztvunace26.dll [2009/03/02 06:33:32 | 000,067,584 | ---- | C] () -- D:\WINDOWS\System32\ff_vfw.dll [2009/02/21 05:47:52 | 000,281,760 | ---- | C] () -- D:\WINDOWS\System32\drivers\atksgt.sys [2009/02/21 05:47:52 | 000,025,888 | ---- | C] () -- D:\WINDOWS\System32\drivers\lirsgt.sys [2009/01/18 06:31:09 | 000,000,069 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini [2009/01/03 06:34:23 | 000,363,520 | ---- | C] () -- D:\WINDOWS\System32\PsisDecd.dll [2009/01/02 12:28:57 | 000,000,025 | ---- | C] () -- D:\WINDOWS\mixerdef.ini [2009/01/02 10:00:06 | 000,039,279 | R--- | C] () -- D:\WINDOWS\cmijack.dat [2009/01/02 10:00:06 | 000,023,041 | R--- | C] () -- D:\WINDOWS\cmaudio.dat [2009/01/01 13:25:02 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat [2009/01/01 11:35:31 | 000,001,732 | R--- | C] () -- D:\WINDOWS\System32\drivers\nvphy.bin [2009/01/01 07:24:08 | 000,000,664 | ---- | C] () -- D:\WINDOWS\System32\d3d9caps.dat [2009/01/01 06:50:21 | 000,215,144 | ---- | C] () -- D:\WINDOWS\patchw32.dll [2009/01/01 06:49:58 | 000,215,144 | ---- | C] () -- D:\WINDOWS\pw32a.dll [2008/12/31 11:53:50 | 000,066,872 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrA.exe [2008/12/31 11:53:49 | 000,138,184 | ---- | C] () -- D:\WINDOWS\System32\drivers\PnkBstrK.sys [2008/12/31 11:53:42 | 000,183,112 | ---- | C] () -- D:\WINDOWS\System32\PnkBstrB.exe [2008/12/31 10:56:19 | 000,000,400 | ---- | C] () -- D:\WINDOWS\ODBC.INI [2008/12/31 09:51:00 | 000,135,680 | ---- | C] () -- D:\Dokumente und Einstellungen\Steve\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/31 09:35:31 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstat.dat [2008/12/31 09:32:05 | 000,021,740 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat [2008/12/31 09:25:40 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI [2008/12/31 09:23:02 | 000,392,776 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT [2008/10/30 12:00:22 | 000,048,640 | ---- | C] () -- D:\WINDOWS\System32\nsldapssl32v60.dll [2008/10/30 11:59:24 | 000,025,088 | ---- | C] () -- D:\WINDOWS\System32\nsldappr32v60.dll [2008/10/07 01:33:00 | 000,286,720 | ---- | C] () -- D:\WINDOWS\System32\nvnt4cpl.dll [2005/08/23 05:59:28 | 000,086,016 | ---- | C] () -- D:\WINDOWS\System32\aspolyzt.dll [2005/07/06 06:59:58 | 000,028,672 | ---- | C] () -- D:\WINDOWS\System32\asdrawli.dll [2005/07/04 09:17:30 | 000,069,632 | ---- | C] () -- D:\WINDOWS\System32\ASDRAWMA.DLL [2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- D:\WINDOWS\System32\nsldapssl32v50.dll [2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- D:\WINDOWS\System32\nsldappr32v50.dll [2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- D:\WINDOWS\System32\nsldap32v50.dll [2004/08/17 11:34:52 | 000,036,864 | ---- | C] () -- D:\WINDOWS\System32\AS_SORT.DLL [2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin [2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat [2004/08/04 08:00:00 | 000,520,720 | ---- | C] () -- D:\WINDOWS\System32\perfh007.dat [2004/08/04 08:00:00 | 000,496,908 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat [2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat [2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- D:\WINDOWS\System32\perfi007.dat [2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat [2004/08/04 08:00:00 | 000,102,250 | ---- | C] () -- D:\WINDOWS\System32\perfc007.dat [2004/08/04 08:00:00 | 000,085,392 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat [2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin [2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- D:\WINDOWS\System32\perfd007.dat [2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat [2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat [2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat [2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- D:\WINDOWS\System32\dcache.bin [2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat [2003/05/22 06:31:44 | 000,033,792 | ---- | C] () -- D:\WINDOWS\System32\ASDRAW32.DLL [2002/07/12 10:29:28 | 000,073,728 | ---- | C] () -- D:\WINDOWS\System32\AS_MDB32.DLL ========== LOP Check ========== [2009/02/21 10:50:14 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AlcaTech [2014/06/17 21:20:14 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2011/08/05 11:30:52 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG10 [2011/04/30 09:51:54 | 000,000,000 | -H-D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files [2009/12/12 05:06:46 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2009/01/11 13:14:06 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Droppix [2011/11/17 04:39:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Core [2011/11/17 08:49:24 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EA Logs [2011/11/17 04:39:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2014/10/12 09:46:45 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Epson [2011/03/09 14:33:54 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure [2011/05/21 14:17:25 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IObit [2009/01/07 15:18:49 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2011/08/04 08:23:48 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData [2010/09/26 10:27:49 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2009/01/02 11:10:53 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OrbNetworks [2012/01/01 10:22:54 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Origin [2009/01/01 12:50:09 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2010/09/26 10:31:21 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012/07/30 14:53:49 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2009/12/26 13:28:33 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2011/04/24 13:51:56 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2009/01/01 09:38:58 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RoboForm [2011/11/12 15:59:31 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Rockstar Games [2011/06/13 04:29:41 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney Business 5.0 [2011/08/26 08:50:13 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft [2009/12/04 12:57:05 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Synetic [2011/04/23 04:51:00 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Systweak [2009/06/27 06:54:39 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages [2012/06/16 09:26:04 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009/01/03 06:30:54 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TerraTec [2011/04/30 08:38:16 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009/04/08 05:35:36 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2009/04/24 15:06:42 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WildTangent [2011/04/30 08:37:08 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2011/07/02 10:58:13 | 000,000,000 | ---D | M] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2015/04/10 16:32:23 | 000,000,222 | ---- | M] () -- D:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job [2015/04/10 16:32:42 | 000,000,216 | ---- | M] () -- D:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Monatliche Benachrichtigung.job [2015/04/07 18:41:00 | 000,000,731 | ---- | M] () -- D:\WINDOWS\Tasks\EPSON WF-7610 Series Invitation {12FC5F39-FAF3-499A-BB91-EDE57C811357}.job [2015/04/07 18:41:00 | 000,000,917 | ---- | M] () -- D:\WINDOWS\Tasks\EPSON WF-7610 Series Update {12FC5F39-FAF3-499A-BB91-EDE57C811357}.job [2015/04/10 16:34:39 | 000,000,322 | -H-- | M] () -- D:\WINDOWS\Tasks\MP Scheduled Scan.job [2015/04/10 16:37:59 | 000,000,464 | ---- | M] () -- D:\WINDOWS\Tasks\SDMsgUpdate (TE).job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A1EDB939 < End of report > Code:
ATTFilter OTL Extras logfile created on: 4/11/2015 1:18:22 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 7.0.5730.13) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): E:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme Drive C: | 152.67 Gb Total Space | 95.51 Gb Free Space | 62.56% Space Free | Partition Type: NTFS Drive D: | 232.88 Gb Total Space | 57.56 Gb Free Space | 24.72% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet007 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = ChromeHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "E:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" https [open] -- "E:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [edit] -- "E:\Programme\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "E:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Directory [Winamp.Bookmark] -- "E:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "E:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "E:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UACDisableNotify" = 0 "AntiSpyWareDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet007\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 "E:\Programme\Ubisoft\Related Designs\ANNO 1404\Anno4.exe" = E:\Programme\Ubisoft\Related Designs\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404 -- () "E:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe" = E:\Programme\Ubisoft\Related Designs\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Anno 1404 Web -- () "E:\Programme\Verimount\FirstloadIkarus\FirstloadIkarus.exe" = E:\Programme\Verimount\FirstloadIkarus\FirstloadIkarus.exe:*:Enabled:Firstload Ikarus -- (Lumaris) "E:\Programme\Microsoft Office\Office14\GROOVE.EXE" = E:\Programme\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation) "E:\Programme\Microsoft Office\Office14\ONENOTE.EXE" = E:\Programme\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation) "E:\Programme\Microsoft Office\Office14\OUTLOOK.EXE" = E:\Programme\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "E:\Programme\VideoLAN\VLC\vlc.exe" = E:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- (VideoLAN) "E:\Programme\Winamp Remote\bin\Orb.exe" = E:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb -- (Orb Networks, Inc.) "E:\Programme\Winamp Remote\bin\OrbTray.exe" = E:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray -- (Orb Networks) "E:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = E:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client -- (Orb Networks) "E:\Programme\TeamViewer\Version6\TeamViewer.exe" = E:\Programme\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH) "E:\Programme\TeamViewer\Version6\TeamViewer_Service.exe" = E:\Programme\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH) "E:\WINDOWS\system32\dpnsvr.exe" = E:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation) "E:\Programme\GrabIt\GrabIt.exe" = E:\Programme\GrabIt\GrabIt.exe:*:Enabled:GrabIt -- () "E:\Programme\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe" = E:\Programme\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe:*:Enabled:Landwirtschafts Simulator 15 -- (GIANTS Software GmbH) "E:\Programme\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe" = E:\Programme\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe:*:Enabled:Landwirtschafts Simulator 15 -- (GIANTS Software GmbH) "E:\Programme\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe" = E:\Programme\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe:*:Enabled:Landwirtschafts Simulator 15 -- (GIANTS Software GmbH) "E:\Programme\Mozilla Firefox\firefox.exe" = E:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox (E:\Programme\Mozilla Firefox) -- (Mozilla Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8 "{09100081-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Encarta 2009 - Enzyklopädie "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility "{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}" = Epson Event Manager "{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}" = Autodesk Material Library 2013 "{153DB567-6FF3-49AD-AC4F-86F8A3CCFDFB}" = Autodesk Design Review 2013 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FCBD504-AB7D-4757-9A14-850348384B08}" = StarMoney "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F03217071FF}" = Java 7 Update 71 "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 "{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe "{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service "{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}" = EPSON Scan OCR Component "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5783F2D7-B001-0000-0002-0060B0CE6BBA}" = AutoCAD 2013 - Deutsch (German) "{5783F2D7-B001-0407-1002-0060B0CE6BBA}" = AutoCAD 2013 Language Pack - Deutsch (German) "{5783F2D7-B001-0407-2002-0060B0CE6BBA}" = AutoCAD 2013 - Deutsch (German) "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{606E12B9-641F-4644-A22A-FF38AE980AFD}" = Autodesk Material Library Base Resolution Image Library 2013 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0 "{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{80407BA7-7763-4395-AB98-5233F1B34E65}" = NVIDIA PhysX "{82C1E6E4-6718-4EFD-9DCC-E276D690EF46}" = Autodesk Inventor Fusion plug-in for AutoCAD 2013 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}" = EPSON-Handbücher "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{90140000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 14 "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch "{AC76BA86-1033-F400-7761-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708 "{AE112F6D-D1B3-11D4-8577-00105ADDC431}" = mb Software ArCon 6 "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 340.52 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.1 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 141.24 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.1220 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 15.3.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B307472F-7BD9-4040-9255-CE6D6A1196A3}" = Software Updater "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BD202930-5F70-4B35-B875-1E28604F328D}" = Logitech Communications Manager "{BF7C1B99-A250-45EF-B186-0C33B7308F95}" = SD40-2_Content_Update "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium "{E2F2B987-F2BC-4969-95F2-92099486B811}" = StarMoney "{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0 "{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}" = Autodesk Sync "{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}" = KhalSetup "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9956472-6E16-4F83-BF9A-F887EF4A45B7}" = EPSON Scan PDF Extensions "{FE2F4875-095C-427C-9A97-4F8DE05ACF22}" = Autodesk Inventor Fusion Plugin Language Pack for AutoCAD 2013 "Adobe Flash Player ActiveX" = Adobe Flash Player 16 ActiveX "Adobe Flash Player NPAPI" = Adobe Flash Player 16 NPAPI "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "AI RoboForm" = AI RoboForm (All Users) "Autodesk Design Review 2013" = Autodesk Design Review 2013 "Autodesk Inventor Fusion plug-in for AutoCAD 2013" = Autodesk Inventor Fusion plug-in for AutoCAD 2013 "Cool Edit Pro 2.0" = Cool Edit Pro 2.0 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EPSON PC-FAX Driver 2" = Epson PC-FAX Driver "EPSON Scanner" = EPSON Scan "EPSON WF-7610 Series" = Druckerdeinstallation für EPSON WF-7610 Series "Explorer Suite_is1" = Explorer Suite III "FarmingSimulator2015DE_is1" = Landwirtschafts Simulator 15 "Firstload" = Firstload "Game Booster_is1" = Game Booster "German Truck Simulator" = German Truck Simulator 1.00 "giants_editor_4.1.2_is1" = GIANTS Editor 4.1.2 "Google Updater" = Google Updater "GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997) "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "John Deere American Farmer Deluxe_is1" = John Deere American Farmer Deluxe "McAfee Security Scan" = McAfee Security Scan Plus "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 35.0 (x86 de)" = Mozilla Firefox 35.0 (x86 de) "Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NIS" = Norton Internet Security "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Orb" = Winamp Remote "PCI Audio Driver" = PCI Audio Driver "ProtectDisc Driver 11" = ProtectDisc Driver, Version 11 "Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0 "TeamViewer 6" = TeamViewer 6 "TRAKTOR DJ" = TRAKTOR DJ "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "VLC media player" = VLC media player "WIC" = Windows Imaging Component "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\Steve_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SmartDraw 2010" = SmartDraw 2010 "Winamp Detect" = Winamp Erkennungs-Plug-in < End of report > mfg |
17.04.2015, 16:03 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AKM Virus eingefagen windows xp Hast ja echt noch XP drauf.... Lesestoff: Windows XP Auf deinem Rechner läuft noch Windows XP. Microsoft hat dieses Betriebssystem bereits 2001 veröffentlicht und stellt den Support endgültig ab April 2014 ein, d.h. ab Mai 2014 gibt es keine weiteren Updates mehr und danach gefundene Lücken werden nicht mehr durch Updates/Hotfixes geschlossen werden können. Mit Windows XP nach April 2014 zu surfen wird damit ein großes Sicherheitsrisiko. Du solltest dir jetzt unbedingt Gedanken machen, möglichst schnell auf ein aktuelleres Betriebssystem umzusteigen.
__________________ Logfiles bitte immer in CODE-Tags posten |
17.04.2015, 17:33 | #5 |
| AKM Virus eingefagen windows xp ja, bin ja auch sehr zufrieden, und hatte bis vorige Woche keine Probleme. habe ja windows defender und NIS installiert und es lief problemlos. Habe mir beim Downloaden den AKM-Virus eingefangen. eigentlich der erste richtige Virus auf meine PC seit 10 Jahren. gibt es wirklich keine Hoffnung mehr!? Vielen Dank, lg |
17.04.2015, 23:43 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AKM Virus eingefagen windows xp Du verstehst das Grundproblem nicht. Lesestoff richtig gelesen? Ich habe schwer den Eindruck, dass du das nicht getan hast. Windows XP wird seit einem Jahr nicht mehr gepatcht. Lücken, die in Folgeversionen von Windows und im IE gefunden werden sind auch in Windows XP enthalten, aber die Lücken in Windows XP werden immer da bleiben, da Micosoft keine Patches mehr für Windows bereitstellt. (Jedenfalls nicht kostenlos und nicht ohne Vertrag, das kann sich aber eine Privatperson eh nicht leisten) Wie sehr du mit Windows XP zufrieden bist und wie toll und schön (angeblich) irgendwelche Virenscanner laufen hat mit diesem Grundproblem nix zu tun. Beschreib mal was du mit diesem Rechner alles so machst, dann kann man dir ein aktuelles OS empfehlen.
__________________ --> AKM Virus eingefagen windows xp |
18.04.2015, 13:47 | #7 |
| AKM Virus eingefagen windows xp naja, ist nur mein privat rechner, internet surfen, sachen downloaden und games zocken. aber ich kann den PC ja nichtmal formatieren, da ich nicht in die eingabeaufforderung komme bzw. dort nichts eingeben kann,.. danke mfg |
18.04.2015, 14:23 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AKM Virus eingefagen windows xp Da du ja unbedingt spielen willst musst duauf ein neueres Windows umsteigen. Sonst hätte locker sowas wie Lubuntu oder Xubuntu gepasst. Aber die Spielehersteller verkrampfen sich auf Windows was dazu führt, dass der Großteil aller Spiele nicht nativ auf Linux läuft. BTW: ist auch nur noch ne Frage der Zeit bis neue Versionen anderer Software die Unterstützung für XP verliert. Niemand will sich mehr die Arbeit machen alles gegen Windows XP zu testen wenn dieses OS schon seit einem Jahr tot ist.
__________________ Logfiles bitte immer in CODE-Tags posten |
18.04.2015, 14:28 | #9 |
| AKM Virus eingefagen windows xp ok, aber wie kann ich jetzt den pc formatieren!? geht das mit der von mir erstellen cd!? danke |
18.04.2015, 14:42 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AKM Virus eingefagen windows xp Von der Windows7/8.1 DVD booten, siehe http://www.trojaner-board.de/104197-...anleitung.html
__________________ Logfiles bitte immer in CODE-Tags posten |
18.04.2015, 14:44 | #11 |
| AKM Virus eingefagen windows xp ok danke, aber wäre es nicht besser zuerst die festlatte zu formatieren!? damit der ganze müll und der akm-virus wirklich weg ist!? danke mfg |
18.04.2015, 14:46 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | AKM Virus eingefagen windows xp Lies doch bitte mal die Anleitung. Im Setup kannst du die Festplatte neu einrichten.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu AKM Virus eingefagen windows xp |
akm virus, anbei, anleitung, hilfe, leitung, party, stefan, troja, trojaner-board, virus, windows, windows xp |