windows system alert

Jenjen · 14.07.2010, 23:14

ich will dich wirklich nicht verarschen und mich nervt der blöde virus auch total. ich habe jetzt noch zusätzlich das problem, dass mein internet nicht mehr ordentlich läuft. internet explorer und firefox finden nach dem update, das sie beide heute nachmittag gezogen haben, keine verbindung mehr zum server. Allerdings ist die Internet-Verbindung total in Ordnung. Thunderbird läuft noch einwandfrei und icq auch. dementsprechend schicke ich mir jetzt immer selbst e-mails mit den inhalten der logs, damit ich die am computer meines freundes hier reinstellen kann. genau so muss ich mir eben auch die ganzen programme und so schicken.
ich hab schon versucht, den firefox neu zu installieren, aber das hat nicht geholfen. ich werd mir also jetzt die sachen aus deinem post zuschicken und das (hoffentlich) morgen nachmittag laufen lassen. ich hoffe mal, dass das mit dem java-update funktioniert.

Gruß,
Jen

Jenjen · 15.07.2010, 07:31

guten Morgen,

das mit dem OTL klappt nicht. Der stürzt immer ab. hab die xxx natürlich ersetzt und habs sowohl im normalen als auch im abgesicherten MOdus versucht. Wenn ich auf fix geklickt habe, verschwindet meine task-leiste und kurz danach reagiert das Programm gar nicht mehr. ich kann es lediglich über den task manager beenden, aber davon kommt meine task leiste auch bei langem warten nicht zurück. dementsprechend kann ich dann den computer nur neu starten, damit ich ihn wieder benutzen kann.
wenn er abstürzt, steht unten in der leiste unter dem textfenster:
Processing IE - HKCU/Software/Microsoft/Windows/CurrentVersion/InternetSettings:...

meine browser gehen immer noch nicht.

Larusso · 15.07.2010, 13:49

Downloade OTS.exe und speichere es unbedingt auf Deinem Desktop. Doppelklick auf die OTS.exe
Wenn Dein Anti-Viren-Programm bei OTS Meldung macht, erlaube es.

Mache einen Haken bei "Scan All Users und Include MD5".

Kopiere folgenden Text in die

Box.

Code:

ATTFilter

%SYSTEMDRIVE%\*.exe
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Unter der Box klicke auf den Button.
Hake nun folgende Einträge an:
- Reg- Active Sub Paths
- App Paths
- Approved Shell Extensions
- Disabled MS Config Items
- Drivers32
- NetSvcs
- File Lop Check
- File Purity Check
Mache währenddessen nichts anderes an dem Rechner.
Wenn der Scan durchgeführt ist (Scan complete!), öffnet sich der Editor mit dem Logfile.
Auch zu finden auf dem Desktop ( OTS.txt )
Schließe nun alle laufenden Programme sowie deinen Browser.
Klicke auf den links oben, um die Untersuchung zu starten

Hänge diese Log bitte hier an, die ist nicht gerade kurz.

Jenjen · 15.07.2010, 18:37

fertig. das ist echt ganz schön lang. die datei ist zu groß zum anhängen und es sind zu viele zeichen für einen beitrag. ich habs jetzt einfach mal aufgeteilt.

Code:

ATTFilter

OTS logfile created on: 15.07.2010 18:26:39 - Run 1
OTS by OldTimer - Version 3.1.33.0 Folder = C:\Dokumente und
Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -
Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:
dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 471,00 Mb Available Physical Memory
| 46,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging
File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Programme
Drive C: | 143,44 Gb Total Space | 16,25 Gb Free Space | 11,33% Space
Free | Partition Type: NTFS
Drive D: | 667,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free
| Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\OTS.exe ->
[2010.07.15 18:23:04 | 000,640,512 | ---- | M | MD5 =
13AEC6A0F3E63C3A4BAEB03A98B811EF] (OldTimer Tools)
thunderbird.exe -> C:\Programme\Mozilla Thunderbird\thunderbird.exe ->
[2010.07.14 13:55:19 | 012,732,080 | ---- | M | MD5 =
C620B86D3607752BD74463186A1426FB] (Mozilla Messaging)
icq service.exe -> C:\Programme\ICQ6Toolbar\ICQ Service.exe ->
[2010.06.02 16:58:20 | 000,246,520 | ---- | M | MD5 =
5C7D72EAB04B1DF8C5D2ACC6551FDE49] ()
avguard.exe -> C:\Programme\Avira\AntiVir Desktop\avguard.exe ->
[2009.08.05 12:19:32 | 000,185,089 | ---- | M | MD5 =
B8720A787C1223492E6F319465E996CE] (Avira GmbH)
sched.exe -> C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2009.06.12
23:47:16 | 000,108,289 | ---- | M | MD5 =
9015BC03F62940527EC92D45EE89E46F] (Avira GmbH)
daemon.exe -> C:\Programme\DAEMON Tools Lite\daemon.exe -> [2009.04.23
15:51:38 | 000,691,656 | ---- | M | MD5 =
1542D48BEF0C07513453CDEF1577BB79] (DT Soft Ltd)
avgnt.exe -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe -> [2009.03.02
13:08:43 | 000,209,153 | ---- | M | MD5 =
29680A793F690EEF4AAA68479D2A6DF8] (Avira GmbH)
fdm.exe -> C:\Programme\Free Download Manager\fdm.exe -> [2009.01.31
02:45:14 | 003,399,727 | ---- | M | MD5 =
0B82EFCF8D6CA4B6AD91154DDBCD575A] (FreeDownloadManager.ORG)
vpngui.exe -> C:\Programme\Cisco Systems\VPN Client\vpngui.exe ->
[2009.01.13 11:28:54 | 001,549,080 | ---- | M | MD5 =
C68F246B3796E4CE8F5025C666B6646F] (Cisco Systems, Inc.)
cvpnd.exe -> C:\Programme\Cisco Systems\VPN Client\cvpnd.exe ->
[2009.01.13 11:28:46 | 001,528,608 | ---- | M | MD5 =
5CE32922F8F74A0D2D6ECC30CDAD01E0] (Cisco Systems, Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 |
001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E]
(Microsoft Corporation)
zlclient.exe -> C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe ->
[2007.12.13 20:27:10 | 000,919,016 | ---- | M | MD5 =
6B632BE30A0930421560A9A9C677ABD4] (Zone Labs, LLC)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2007.12.13
20:27:10 | 000,075,304 | ---- | M | MD5 =
4BB7862806BEA6BF50D618C5D593ED54] (Zone Labs, LLC)
roxwatchtray9.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe -> [2006.11.05 13:22:16 |
000,221,184 | ---- | M | MD5 = 1AAD451CCBECE62987591B35AE8037A8] (Sonic
Solutions)
roxmediadb9.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2006.11.05 13:15:12 |
000,880,640 | ---- | M | MD5 = EBCDE8B48FADC6479D96A56D0A432160] (Sonic
Solutions)
roxwatch9.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe -> [2006.11.05 13:13:00 | 000,159,744
| ---- | M | MD5 = AB2B1DE1C8F31EFCE2384B14B3DC4260] (Sonic Solutions)
cpshelprunner.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\CPSHelpRunner.exe -> [2006.11.05 12:55:48 |
000,010,752 | ---- | M | MD5 = C551D15D5D0F875D7BF0BC4FBB6EB2D9] (Sonic
Solutions)
issch.exe -> C:\Programme\Gemeinsame
Dateien\InstallShield\UpdateService\issch.exe -> [2006.10.03 13:37:04 |
000,081,920 | ---- | M | MD5 = FF3BF05021BFECC92DB81B8257EEB026]
(Macrovision Corporation)

[Modules - Safe List]
ots.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\OTS.exe ->
[2010.07.15 18:23:04 | 000,640,512 | ---- | M | MD5 =
13AEC6A0F3E63C3A4BAEB03A98B811EF] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008.04.14 04:21:06
| 000,110,592 | ---- | M | MD5 = 8354A33FC0CD75F34D310B7EE8CBD621]
(Microsoft Corporation)

[Win32 Services - Safe List]
(ICQ Service) ICQ Service [Auto | Running] ->
C:\Programme\ICQ6Toolbar\ICQ Service.exe -> [2010.06.02 16:58:20 |
000,246,520 | ---- | M | MD5 = 5C7D72EAB04B1DF8C5D2ACC6551FDE49] ()
(AntiVirService) Avira AntiVir Guard [Auto | Running] ->
C:\Programme\Avira\AntiVir Desktop\avguard.exe -> [2009.08.05 12:19:32 |
000,185,089 | ---- | M | MD5 = B8720A787C1223492E6F319465E996CE] (Avira
GmbH)
(AntiVirSchedulerService) Avira AntiVir Planer [Auto | Running] ->
C:\Programme\Avira\AntiVir Desktop\sched.exe -> [2009.06.12 23:47:16 |
000,108,289 | ---- | M | MD5 = 9015BC03F62940527EC92D45EE89E46F] (Avira
GmbH)
(CVPND) Cisco Systems, Inc. VPN Service [Auto | Running] ->
C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -> [2009.01.13 11:28:46
| 001,528,608 | ---- | M | MD5 = 5CE32922F8F74A0D2D6ECC30CDAD01E0]
(Cisco Systems, Inc.)
(vsmon) TrueVector Internet Monitor [Auto | Running] ->
C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2007.12.13 20:27:10 |
000,075,304 | ---- | M | MD5 = 4BB7862806BEA6BF50D618C5D593ED54] (Zone
Labs, LLC)
(RoxMediaDB9) RoxMediaDB9 [On_Demand | Running] ->
C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe -> [2006.11.05 13:15:12 |
000,880,640 | ---- | M | MD5 = EBCDE8B48FADC6479D96A56D0A432160] (Sonic
Solutions)
(RoxWatch9) Roxio Hard Drive Watcher 9 [Auto | Running] ->
C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
-> [2006.11.05 13:13:00 | 000,159,744 | ---- | M | MD5 =
AB2B1DE1C8F31EFCE2384B14B3DC4260] (Sonic Solutions)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] ->
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE ->
[2006.10.26 19:49:34 | 000,441,136 | ---- | M | MD5 =
84DE1DD996B48B05ACE31AD015FA108A] (Microsoft Corporation)
(ose) Office Source Engine [On_Demand | Stopped] ->
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
-> [2006.10.26 14:03:08 | 000,145,184 | ---- | M | MD5 =
5A432A042DAE460ABE7199B758E8606C] (Microsoft Corporation)
(stllssvr) stllssvr [Disabled | Stopped] -> C:\Programme\Gemeinsame
Dateien\SureThing Shared\stllssvr.exe -> [2006.09.14 16:54:34 |
000,073,728 | ---- | M | MD5 = 51778FD315C9882F1CBD932743E62A72]
(MicroVision Development, Inc.)
(CCALib8) Canon Camera Access Library 8 [Disabled | Stopped] ->
C:\Programme\Canon\CAL\CALMAIN.exe -> [2006.03.30 11:15:44 | 000,096,341
| ---- | M | MD5 = 20F89E232173985A455BC9A5F70D1166] (Canon Inc.)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] ->
C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel
32\IDriverT.exe -> [2004.10.22 05:24:18 | 000,073,728 | ---- | M | MD5 =
6F95324909B502E2651442C1548AB12F] (Macrovision Corporation)

[Driver Services - Safe List]
(kl1) kl1 [Kernel | Boot | Stopped] ->
C:\WINDOWS\System32\DRIVERS\kl1.sys -> File not found
(avgntflt) avgntflt [File_System | Auto | Running] ->
C:\WINDOWS\system32\drivers\avgntflt.sys -> [2009.12.08 15:04:43 |
000,056,816 | ---- | M | MD5 = 14FE36D8F2C6A2435275338D061A0B66] (Avira
GmbH)
(atksgt) atksgt [Kernel | Auto | Running] ->
C:\WINDOWS\system32\drivers\atksgt.sys -> [2009.09.12 17:15:05 |
000,281,760 | ---- | M | MD5 = F0D933B42CD0594048E4D5200AE9E417] ()
(lirsgt) lirsgt [Kernel | Auto | Running] ->
C:\WINDOWS\system32\drivers\lirsgt.sys -> [2009.09.12 17:15:04 |
000,025,888 | ---- | M | MD5 = F8A7212D0864EF5E9185FB95E6623F4D] ()
(sptd) sptd [Kernel | Boot | Running] ->
C:\WINDOWS\System32\Drivers\sptd.sys -> [2009.09.12 16:43:41 |
000,721,904 | ---- | M | Unable to obtain MD5] ()
(ssmdrv) ssmdrv [Kernel | System | Running] ->
C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2009.06.12 23:47:16 |
000,028,520 | ---- | M | MD5 = 5EC550B8952882EE856B862CF648522D] (Avira
GmbH)
(avipbb) avipbb [Kernel | System | Running] ->
C:\WINDOWS\system32\drivers\avipbb.sys -> [2009.03.30 10:33:03 |
000,096,104 | ---- | M | MD5 = 6D52060B59E7D79CD2A044B6ADD1F1EF] (Avira
GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Programme\Avira\AntiVir
Desktop\avgio.sys -> [2009.02.13 12:35:01 | 000,011,608 | ---- | M | MD5
= 0B497C79824F8E1BF22FA6AACD3DE3A0] (Avira GmbH)
(CVPNDRVA) Cisco Systems Inc. IPSec Driver [Kernel | Auto | Running] ->
C:\WINDOWS\system32\drivers\CVPNDRVA.sys -> [2009.01.13 11:27:38 |
000,306,811 | ---- | M | MD5 = D46B2E0EEAF349F2085F8B164E462156] (Cisco
Systems, Inc.)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand |
Running] -> C:\WINDOWS\system32\drivers\dne2000.sys -> [2008.08.28
17:17:38 | 000,131,856 | ---- | M | MD5 =
694616F813FB627A32C9E32DEC133078] (Deterministic Networks, Inc.)
(amdagp) AMD AGP-Bus-Filtertreiber [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008.04.13 20:36:39 |
000,043,008 | ---- | M | MD5 = 95B4FB835E28AA1336CEEB07FD5B9398]
(Advanced Micro Devices, Inc.)
(sisagp) SIS AGP-Bus-Filter [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008.04.13 20:36:39 |
000,040,960 | ---- | M | MD5 = 6B33D0EBD30DB32E27D1D78FE946A754]
(Silicon Integrated Systems Corporation)
(HDAudBus) Microsoft UAA-Bustreiber für High Definition Audio [Kernel |
On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys ->
[2008.04.13 18:36:05 | 000,144,384 | ---- | M | MD5 =
573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(vsdatant) vsdatant [Kernel | System | Running] ->
C:\WINDOWS\system32\vsdatant.sys -> [2007.12.13 20:27:14 | 000,394,952 |
---- | M | Unable to obtain MD5] (Zone Labs, LLC)
(srescan) srescan [Kernel | Boot | Running] ->
C:\WINDOWS\system32\ZoneLabs\srescan.sys -> [2007.10.18 21:18:44 |
000,051,176 | ---- | M | MD5 = EC4240C219452982A02391E2599AD043] (Zone
Labs, LLC)
(OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand |
Running] -> C:\WINDOWS\system32\drivers\OEM02Vfx.sys -> [2007.08.28
16:55:06 | 000,007,424 | ---- | M | MD5 =
86326062A90494BDD79CE383511D7D69] (EyePower Games Pte. Ltd.)
(OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running]
-> C:\WINDOWS\system32\drivers\OEM02Dev.sys -> [2007.08.28 16:54:56 |
000,235,520 | ---- | M | MD5 = 9D20FA5D8875F6063AA5E1C44446F698]
(Creative Technology Ltd.)
(ElbyCDIO) ElbyCDIO Driver [Kernel | System | Running] ->
C:\WINDOWS\system32\drivers\ElbyCDIO.sys -> [2007.08.07 21:48:33 |
000,025,160 | ---- | M | MD5 = AAA8999A169E39FB8B48AE49CD6AC30A]
(Elaborate Bytes AG)
(KLIF) KLIF [File_System | System | Running] ->
C:\WINDOWS\system32\drivers\klif.sys -> [2007.07.19 16:10:28 |
000,127,768 | ---- | M | MD5 = 2CF7C3DD0102A32A680EF97F3B1C861A]
(Kaspersky Lab)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] ->
C:\WINDOWS\system32\drivers\HSF_DPV.sys -> [2007.07.16 22:26:46 |
000,989,696 | ---- | M | MD5 = DDBD528E60F5961C142A490DC4EA7780]
(Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] ->
C:\WINDOWS\system32\drivers\HSF_CNXT.sys -> [2007.07.16 22:26:46 |
000,730,112 | ---- | M | MD5 = 96AFF1738271755A39B52EEF7E35F98F]
(Conexant Systems, Inc.)
(HSFHWAZL) HSFHWAZL [Kernel | On_Demand | Running] ->
C:\WINDOWS\system32\drivers\HSFHWAZL.sys -> [2007.07.16 22:26:46 |
000,209,152 | ---- | M | MD5 = B1526810210980BED9D22315946C919D]
(Conexant Systems, Inc.)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel
| On_Demand | Running] -> C:\WINDOWS\system32\drivers\bcm4sbxp.sys ->
[2007.07.10 17:07:56 | 000,045,568 | ---- | M | MD5 =
CD4646067CC7DCBA1907FA0ACF7E3966] (Broadcom Corporation)
(rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] ->
C:\WINDOWS\system32\drivers\rixdptsk.sys -> [2007.07.10 16:22:22 |
000,037,376 | ---- | M | MD5 = 6C1F93C0760C9F79A1869D07233DF39D] (REDC)
(rimsptsk) rimsptsk [Kernel | Auto | Running] ->
C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2007.07.10 16:22:20 |
000,043,520 | ---- | M | MD5 = DB8EB01C58C9FADA00C70B1775278AE0] (REDC)
(rimmptsk) rimmptsk [Kernel | Auto | Running] ->
C:\WINDOWS\system32\drivers\rimmptsk.sys -> [2007.07.10 16:22:18 |
000,032,256 | ---- | M | MD5 = D85E3FA9F5B1F29BB4ED185C450D1470] (REDC)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] ->
C:\WINDOWS\system32\drivers\SynTP.sys -> [2007.07.10 00:21:54 |
000,202,912 | ---- | M | MD5 = 936CD58395D36659BB798B961EF7357F]
(Synaptics, Inc.)
(STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand |
Running] -> C:\WINDOWS\system32\drivers\sthda.sys -> [2007.07.10
00:03:04 | 001,222,840 | ---- | M | MD5 =
58F855684E163466A5C565ADF0865536] (SigmaTel, Inc.)
(nv) nv [Kernel | On_Demand | Running] ->
C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2007.06.06 17:34:38 |
006,345,472 | ---- | M | MD5 = E531EAA795A273FC70C9DE3F195069C8] (NVIDIA
Corporation)
(BCM43XX) Treiber für Dell Wireless WLAN Karte [Kernel | On_Demand |
Running] -> C:\WINDOWS\system32\drivers\BCMWL5.SYS -> [2007.05.15
20:28:36 | 000,604,928 | ---- | M | MD5 =
B89BCF0A25AEB3B47030AC83287F894A] (Broadcom Corporation)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] ->
C:\WINDOWS\system32\drivers\iaStor.sys -> [2007.05.08 22:22:58 |
000,277,784 | ---- | M | MD5 = FD7F9D74C2B35DBDA400804A3F5ED5D8] (Intel
Corporation)
(ElbyCDFL) ElbyCDFL [Kernel | On_Demand | Running] ->
C:\WINDOWS\system32\drivers\ElbyCDFL.sys -> [2007.02.16 02:57:04 |
000,034,760 | ---- | M | MD5 = CE37E3D51912E59C80C6D84337C0B4CD]
(SlySoft, Inc.)
(CVirtA) Cisco Systems VPN Adapter [Kernel | On_Demand | Stopped] ->
C:\WINDOWS\system32\drivers\CVirtA.sys -> [2007.01.18 19:28:02 |
000,005,275 | ---- | M | MD5 = B5ECADF7708960F1818C7FA015F4C239] (Cisco
Systems, Inc.)
(DXEC02) DXEC02 [Kernel | On_Demand | Running] ->
C:\WINDOWS\system32\drivers\dxec02.sys -> [2006.11.02 14:31:38 |
000,103,168 | ---- | M | MD5 = 0C8762B91B967A91373E0E022B62ACFC]
(Knowles Acoustics)
(DLADResM) DLADResM [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLADResM.SYS -> [2006.08.18 15:18:06 |
000,009,400 | ---- | M | MD5 = A8DAB4D53FB6DC4977C1CA3D28001053] (Roxio)
(DLABMFSM) DLABMFSM [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLABMFSM.SYS -> [2006.08.18 15:17:46 |
000,035,096 | ---- | M | MD5 = 0659E6E0A95564F958D9DF7313F7701E] (Roxio)
(DLAUDF_M) DLAUDF_M [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -> [2006.08.18 15:17:44 |
000,097,848 | ---- | M | MD5 = 7DAB85C33135DF24419951DA4E7D38E5] (Roxio)
(DLAUDFAM) DLAUDFAM [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -> [2006.08.18 15:17:44 |
000,094,648 | ---- | M | MD5 = CCA4E121D599D7D1706A30F603731E59] (Roxio)
(DLAOPIOM) DLAOPIOM [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -> [2006.08.18 15:17:42 |
000,026,008 | ---- | M | MD5 = 840E7F6ABB885C72B9FFDDB022EF5B6D] (Roxio)
(DLABOIOM) DLABOIOM [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLABOIOM.SYS -> [2006.08.18 15:17:40 |
000,032,472 | ---- | M | MD5 = 8691C78908F0BD66170669DB268369F2] (Roxio)
(DLAIFS_M) DLAIFS_M [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -> [2006.08.18 15:17:38 |
000,104,472 | ---- | M | MD5 = 1AECA2AFA5005CE4A550CF8EB55A8C88] (Roxio)
(DLAPoolM) DLAPoolM [File_System | Auto | Running] ->
C:\WINDOWS\system32\DLA\DLAPoolM.SYS -> [2006.08.18 15:17:38 |
000,014,520 | ---- | M | MD5 = 0294D18731AC05DA80132CE88F8A876B] (Roxio)
(DRVNDDM) DRVNDDM [File_System | Auto | Running] ->
C:\WINDOWS\system32\drivers\DRVNDDM.SYS -> [2006.08.11 13:05:58 |
000,051,768 | ---- | M | MD5 = 6E6AB29D3C06E64CE81FEACDA85394B5] (Roxio)
(DLACDBHM) DLACDBHM [File_System | System | Running] ->
C:\WINDOWS\system32\drivers\DLACDBHM.SYS -> [2006.08.11 12:35:18 |
000,012,920 | ---- | M | MD5 = 76167B5EB2DFFC729EDC36386876B40B] (Roxio)
(DLARTL_M) DLARTL_M [File_System | System | Running] ->
C:\WINDOWS\system32\drivers\DLARTL_M.SYS -> [2006.08.11 12:35:16 |
000,028,184 | ---- | M | MD5 = 91886FED52A3F9966207BCE46CFD794F] (Roxio)
(DRVMCDB) DRVMCDB [Kernel | Boot | Running] ->
C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -> [2006.07.21 13:21:26 |
000,099,176 | ---- | M | MD5 = C00440385CF9F3D142917C63F989E244] (Sonic
Solutions)
(APPDRV) APPDRV [Kernel | System | Running] ->
C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -> [2005.08.12 19:50:46 |
000,016,128 | ---- | M | MD5 = EC94E05B76D033B74394E7B2175103CF] (Dell Inc)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001.08.18 06:22:54 |
000,006,656 | ---- | M | MD5 = C687F81290303D90099B027A6474F99F] (CMD
Technology, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001.08.17 16:07:44 |
000,019,072 | ---- | M | MD5 = 83C0F71F86D3BDAF915685F3D568B20E]
(Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001.08.17 16:07:42 |
000,030,688 | ---- | M | MD5 = BF4FAB949A382A8E105F46EBB4937058] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001.08.17 16:07:40 |
000,028,384 | ---- | M | MD5 = 80AC1C4ABBE2DF3B738BF15517A51F2C] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001.08.17 16:07:36 |
000,032,640 | ---- | M | MD5 = 070E001D95CF725186EF8B20335F933C] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001.08.17 16:07:34 |
000,016,256 | ---- | M | MD5 = 1FF3217614018630D0A6758630FC698C]
(Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001.08.17 15:52:22 |
000,036,736 | ---- | M | MD5 = 1B698A51CD528D8DA4FFAED66DFC51B9]
(Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001.08.17 15:52:20 |
000,045,312 | ---- | M | MD5 = 156ED0EF20C15114CA097A34A30D8A01] (QLogic
Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001.08.17 15:52:20 |
000,040,320 | ---- | M | MD5 = 0A63FB54039EB5662433CABA3B26DBA7] (QLogic
Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001.08.17 15:52:18 |
000,049,024 | ---- | M | MD5 = 907F0AEEA6BC451011611E732BD31FCF] (QLogic
Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001.08.17 15:52:16 |
000,179,584 | ---- | M | MD5 = E550E7418984B65A78299D248F0A7F36] (Mylex
Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001.08.17 15:52:12 |
000,017,280 | ---- | M | MD5 = 3F4BB95E5A44F3BE34824E8E7CAF0737]
(American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001.08.17 15:52:00 |
000,026,496 | ---- | M | MD5 = 62D318E9A0C8FC9B780008E724283707]
(Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001.08.17 15:51:58 |
000,014,848 | ---- | M | MD5 = 5D8DE112AA0254B907861E9E9C31D597]
(Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] ->
C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001.08.17 15:51:56 |
000,005,248 | ---- | M | MD5 = 1140AB9938809700B46BB88E46D72A96] (Acer
Laboratories Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > -> ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\: Main\\"Search
Page" -> ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\: Main\\"Start
Page" -> hxxp://start.icq.com/ ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\:
URLSearchHooks\\"" [HKLM] -> Reg Error: Key error. [] -> File not found
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\:
URLSearchHooks\\"{855F3B16-6D32-4fe6-8A56-BBB695989046}" [HKLM] ->
C:\Programme\ICQ6Toolbar\ICQToolBar.dll [ICQToolBar] -> [2010.06.02
16:58:20 | 001,018,616 | ---- | M | MD5 =
2A21B1EBEFE3A69D1E071F93DF95E0AC] (ICQ)
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\:
URLSearchHooks\\"{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" [HKLM] -> Reg
Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\:
URLSearchHooks\\"{EEE6C35D-6118-11DC-9C72-001320C79847}" [HKLM] -> Reg
Error: Key error. [Reg Error: Key error.] -> File not found
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\: "ProxyEnable"
-> 1 ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\:
"ProxyOverride" -> <local> ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\: "ProxyServer"
-> http=127.0.0.1:5643 ->
< FireFox Settings [Prefs.js] > -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\FireFox\Profiles\kkn2w0n1.default\prefs.js
->
browser.search.defaultenginename -> "ICQ Search" ->
browser.search.param.yahoo-fr -> "chr-greentree_ff&type=971163" ->
browser.search.selectedEngine -> "Search" ->
browser.search.suggest.enabled -> false ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "www.studivz.net" ->
extensions.enabledItems -> DTToolbar@toolbarnet.com:1.0.8.0552 ->
extensions.enabledItems -> {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.9 ->
extensions.enabledItems -> fdm_ffext@freedownloadmanager.org:1.3.4 ->
extensions.enabledItems -> {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6 ->
extensions.enabledItems -> {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8 ->
keyword.URL ->
"hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q="
->
sweetim.toolbar.previous.keyword.URL ->
"hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" ->
< FireFox Settings [User.js] > -> C:\Dokumente und
Einstellungen\Jenni\Anwendungsdaten\Mozilla\FireFox\Profiles\kkn2w0n1.default\user.js
->
browser.search.selectedEngine -> "Search" ->
keyword.URL ->
"hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q="
->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components ->
C:\Programme\Mozilla Firefox\components [C:\PROGRAMME\MOZILLA
FIREFOX\COMPONENTS] -> [2010.07.14 14:15:06 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins ->
C:\Programme\Mozilla Firefox\plugins [C:\PROGRAMME\MOZILLA
FIREFOX\PLUGINS] -> [2010.07.14 14:15:04 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions -> ->
HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components ->
C:\Programme\Mozilla Thunderbird\components [C:\PROGRAMME\MOZILLA
THUNDERBIRD\COMPONENTS] -> [2010.07.14 13:55:22 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins ->
C:\PROGRAMME\MOZILLA THUNDERBIRD\PLUGINS ->
< FireFox Extensions [User Folders] > ->
-> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
-> [2010.04.21 19:43:57 | 000,000,000 | ---D | M]
No name found -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
-> [2010.04.21 19:43:57 | 000,000,000 | ---D | M]
-> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions
-> [2010.07.14 13:45:52 | 000,000,000 | ---D | M]
FlashGot -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
-> [2009.11.23 16:35:18 | 000,000,000 | ---D | M]
Grand Green ( GG ) -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{1e78d6c6-55d1-11dc-8314-0800200c9a66}
-> [2007.11.24 00:43:29 | 000,000,000 | ---D | M]
No name found -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
-> [2010.07.05 15:02:26 | 000,000,000 | ---D | M]
Fasterfox -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
-> [2007.11.24 00:39:20 | 000,000,000 | ---D | M]
SweetIM Toolbar for Firefox -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
-> [2009.09.18 01:13:37 | 000,000,000 | ---D | M]
-> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\DTToolbar@toolbarnet.com
-> [2009.09.12 17:01:19 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
icqplugin-1.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-1.xml
-> [2010.07.09 07:42:10 | 000,000,961 | ---- | M | MD5 =
39D976342EAAB3EAAFA45B4E5A2B82F2] ()
icqplugin-2.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-2.xml
-> [2010.04.01 18:14:26 | 000,000,961 | ---- | M | MD5 =
0A09043B53C2D44C031F273E8DA32772] ()
icqplugin-3.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-3.xml
-> [2010.06.24 23:07:57 | 000,000,961 | ---- | M | MD5 =
0A09043B53C2D44C031F273E8DA32772] ()
icqplugin-4.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-4.xml
-> [2010.07.05 15:03:48 | 000,000,961 | ---- | M | MD5 =
0A09043B53C2D44C031F273E8DA32772] ()
icqplugin-5.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-5.xml
-> [2009.12.17 22:59:30 | 000,000,950 | ---- | M | MD5 =
EA7AD11F9C70363B2713FCFA244565FE] ()
icqplugin-6.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-6.xml
-> [2010.01.11 17:10:36 | 000,000,950 | ---- | M | MD5 =
EA7AD11F9C70363B2713FCFA244565FE] ()
icqplugin-7.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-7.xml
-> [2010.07.14 13:56:37 | 000,000,950 | ---- | M | MD5 =
EA7AD11F9C70363B2713FCFA244565FE] ()
icqplugin.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin.xml
-> [2010.05.12 18:40:06 | 000,001,042 | ---- | M | MD5 =
C7A7E4DD3B546A8C5FBAA988A070B97B] ()
wikipedia-de.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\wikipedia-de.xml
-> [2008.12.09 00:22:14 | 000,001,328 | ---- | M | MD5 =
3BB6E68DFB453996DE3D39855535153D] ()
wikipedia-en.xml -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\wikipedia-en.xml
-> [2008.09.02 15:41:23 | 000,001,108 | ---- | M | MD5 =
C4F592DB166D3EDCBA38696D5D86F113] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Programme\Mozilla Firefox\extensions -> [2010.07.14 14:15:18 |
000,000,000 | ---D | M]
< HOSTS File > ([2010.07.11 23:04:28 | 000,000,098 | ---- | M | MD5 =
F9C056369E96130CEAD3623A430D925F] - 2 lines) ->
C:\WINDOWS\system32\drivers\etc\Hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Programme\Gemeinsame
Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader] ->
[2006.10.23 00:08:42 | 000,062,080 | ---- | M | MD5 =
C11F6A1F61481E24BE3FDC06EA6F7D2A] (Adobe Systems Incorporated)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] ->
C:\Programme\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] ->
[2008.06.10 04:27:02 | 000,509,328 | ---- | M | MD5 =
F921D875A1CBD69A6A462BA2514BC831] (Sun Microsystems, Inc.)
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> C:\Programme\Free
Download Manager\iefdm2.dll [FDMIECookiesBHO Class] -> [2008.12.30
01:03:26 | 000,098,304 | ---- | M | MD5 =
635827CCBEF561E1E0CF9D97624CA225] ()
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} [HKLM] -> Reg Error: Key error.
[Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] -> C:\Programme\DAEMON
Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar] -> [2009.04.23
15:15:24 | 000,937,416 | ---- | M | MD5 =
843D11E1493782D5ED1C273D1310B1BD] ()
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" [HKLM] ->
C:\Programme\ICQ6Toolbar\ICQToolBar.dll [ICQToolBar] -> [2010.06.02
16:58:20 | 001,018,616 | ---- | M | MD5 =
2A21B1EBEFE3A69D1E071F93DF95E0AC] (ICQ)
< Internet Explorer ToolBars
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\Software\Microsoft\Internet
Explorer\Toolbar\ ->
WebBrowser\\"{32099AAC-C132-4136-9E9A-4E364A424E17}" [HKLM] ->
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll [DAEMON Tools Toolbar]
-> [2009.04.23 15:15:24 | 000,937,416 | ---- | M | MD5 =
843D11E1493782D5ED1C273D1310B1BD] ()
WebBrowser\\"{855F3B16-6D32-4FE6-8A56-BBB695989046}" [HKLM] ->
C:\Programme\ICQ6Toolbar\ICQToolBar.dll [ICQToolBar] -> [2010.06.02
16:58:20 | 001,018,616 | ---- | M | MD5 =
2A21B1EBEFE3A69D1E071F93DF95E0AC] (ICQ)
WebBrowser\\"{EEE6C35B-6118-11DC-9C72-001320C79847}" [HKLM] -> Reg
Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avgnt" -> C:\Programme\Avira\AntiVir Desktop\avgnt.exe
["C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2009.03.02
13:08:43 | 000,209,153 | ---- | M | MD5 =
29680A793F690EEF4AAA68479D2A6DF8] (Avira GmbH)
"EPSON Stylus DX4200 Series" ->
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE /F
"C:\WINDOWS\TEMP\E_S5D.tmp" /EF "HKLM"] -> [2005.03.08 04:00:00 |
000,098,304 | ---- | M | MD5 = 118506090766F47B0EAFE78E4680F30B] (SEIKO
EPSON CORPORATION)
"ISUSPM Startup" -> c:\Programme\Gemeinsame
Dateien\InstallShield\UpdateService\ISUSPM.exe
[c:\progra~1\gemein~1\instal~1\update~1\isuspm.exe -startup] ->
[2006.10.03 13:35:42 | 000,221,184 | ---- | M | MD5 =
9ABF687071C649609BF7E177062A9008] (Macrovision Corporation)
"ISUSScheduler" -> C:\Programme\Gemeinsame
Dateien\InstallShield\UpdateService\issch.exe ["C:\Programme\Gemeinsame
Dateien\InstallShield\UpdateService\issch.exe" -start] -> [2006.10.03
13:37:04 | 000,081,920 | ---- | M | MD5 =
FF3BF05021BFECC92DB81B8257EEB026] (Macrovision Corporation)
"KernelFaultCheck" -> [%systemroot%\system32\dumprep 0 -k] -> File not found
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2007.06.06 17:34:42 |
008,429,568 | ---- | M | MD5 = 8267546EDB3952890577598B2DBE6011] (NVIDIA
Corporation)
"RoxWatchTray" -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe ["C:\Programme\Gemeinsame
Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"] -> [2006.11.05
13:22:16 | 000,221,184 | ---- | M | MD5 =
1AAD451CCBECE62987591B35AE8037A8] (Sonic Solutions)
"ZoneAlarm Client" -> C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
["C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2007.12.13
20:27:10 | 000,919,016 | ---- | M | MD5 =
6B632BE30A0930421560A9A9C677ABD4] (Zone Labs, LLC)
< Run [HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
->
"DAEMON Tools Lite" -> C:\Programme\DAEMON Tools Lite\daemon.exe
["C:\Programme\DAEMON Tools Lite\daemon.exe" -autorun] -> [2009.04.23
15:51:38 | 000,691,656 | ---- | M | MD5 =
1542D48BEF0C07513453CDEF1577BB79] (DT Soft Ltd)
"Free Download Manager" -> C:\Programme\Free Download Manager\fdm.exe
["C:\Programme\Free Download Manager\fdm.exe" -autorun] -> [2009.01.31
02:45:14 | 003,399,727 | ---- | M | MD5 =
0B82EFCF8D6CA4B6AD91154DDBCD575A] (FreeDownloadManager.ORG)
"Thunderbird" -> C:\Programme\Mozilla Thunderbird\thunderbird.exe
["C:\Programme\Mozilla Thunderbird\thunderbird" -turbo] -> [2010.07.14
13:55:19 | 012,732,080 | ---- | M | MD5 =
C620B86D3607752BD74463186A1426FB] (Mozilla Messaging)
< Administrator Startup Folder > -> C:\Dokumente und
Einstellungen\Administrator\Startmenü\Programme\Autostart ->
< All Users Startup Folder > -> C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart ->
C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\VPN Client.lnk ->
C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico
-> [2009.10.15 16:56:00 | 000,006,144 | R--- | M | MD5 =
85AB6C3089BEE58999B434E114E8A64C] ()
< Default User Startup Folder > -> C:\Dokumente und
Einstellungen\Default User\Startmenü\Programme\Autostart ->
< Jenni Startup Folder > -> C:\Dokumente und
Einstellungen\Jenni\Startmenü\Programme\Autostart ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"HonorAutoRunSetting" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< Internet Explorer Menu Extensions
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\Software\Microsoft\Internet
Explorer\MenuExt\ ->
Alles mit FDM herunterladen -> C:\Programme\Free Download
Manager\dlall.htm [file://C:\Programme\Free Download Manager\dlall.htm]
-> [2007.06.02 12:25:02 | 000,000,893 | ---- | M | MD5 =
1E9A37CFE68C2B93CFB17111A6018079] ()
Auswahl mit FDM herunterladen -> C:\Programme\Free Download
Manager\dlselected.htm [file://C:\Programme\Free Download
Manager\dlselected.htm] -> [2007.06.02 12:25:02 | 000,000,463 | ---- | M
| MD5 = C0223CCCB70D4F5EFB2773C8FE3EE88A] ()
Datei mit FDM herunterladen -> C:\Programme\Free Download
Manager\dllink.htm [file://C:\Programme\Free Download
Manager\dllink.htm] -> [2007.06.02 12:25:02 | 000,002,140 | ---- | M |
MD5 = 782B6C12650C5D11906F8F88D58126B4] ()
Nach Microsoft E&xel exportieren -> C:\Programme\Microsoft
Office\Office12\EXCEL.EXE
[res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000] -> [2006.10.27
15:07:36 | 017,891,112 | ---- | M | MD5 =
0187BDAFBAFAF967BB91B4F2D8E33BC8] (Microsoft Corporation)
Videos mit FDM herunterladen -> C:\Programme\Free Download
Manager\dlfvideo.htm [file://C:\Programme\Free Download
Manager\dlfvideo.htm] -> [2007.07.27 00:34:42 | 000,001,706 | ---- | M |
MD5 = 8F7C980D450BA7D7ABDCFCE18AD804F2] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}
[HKLM] -> C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun
Java Konsole] -> [2008.06.10 04:27:02 | 000,132,496 | ---- | M | MD5 =
7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}:Exec [HKLM] ->
C:\Programme\ICQ7.2\ICQ.exe [Button: ICQ7.2] -> [2010.07.05 14:42:02 |
000,133,368 | ---- | M | MD5 = 5C2F10972BECA53D9FBE9F44CD567269] (ICQ, LLC.)
{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}:Exec [HKLM] ->
C:\Programme\ICQ7.2\ICQ.exe [Menu: ICQ7.2] -> [2010.07.05 14:42:02 |
000,133,368 | ---- | M | MD5 = 5C2F10972BECA53D9FBE9F44CD567269] (ICQ, LLC.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
[HKLM] -> C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL [Button:
Research] -> [2006.10.26 20:12:22 | 000,040,424 | ---- | M | MD5 =
7FC19DA1DC70C78D2FBD7A1D10942051] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > ->
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->
C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Konsole] ->
[2008.06.10 04:27:02 | 000,132,496 | ---- | M | MD5 =
7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > ->
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->
C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Konsole] ->
[2008.06.10 04:27:02 | 000,132,496 | ---- | M | MD5 =
7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
< Internet Explorer Extensions
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\Software\Microsoft\Internet
Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->
C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Konsole] ->
[2008.06.10 04:27:02 | 000,132,496 | ---- | M | MD5 =
7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
CmdMapping\\"{E59EB121-F339-4851-A3BA-FE49C35617C2}" [HKLM] -> [Reg
Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> hxxp://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet
Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] ->
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] ->
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
[Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] ->
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
[Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] ->
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
[Java Plug-in 1.6.0_07] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] ->
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
[Java Plug-in 1.6.0_07] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] ->
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
[Shockwave Flash Object] ->
< Name Servers [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.178.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
->
{77C1EBBC-CB17-488E-9539-5AECB9114F91}\\DhcpNameServer -> 192.168.178.1
(Dell Wireless 1390 WLAN Mini-Card) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008.04.14 04:22:45 |
001,036,800 | ---- | M | MD5 = 418045A93CD87A352098AB7DABE1B53E]
(Microsoft Corporation)
*MultiFile Done* -> ->
< Domain Profile Authorized Applications List > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
->
"C:\Programme\ICQ7.2\aolload.exe" -> C:\Programme\ICQ7.2\aolload.exe
[C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe] -> [2010.07.05
14:42:02 | 000,010,800 | ---- | M | MD5 =
212C58D4ED065EBB1A42B8F2602DD7CB] (AOL LLC)
"C:\Programme\ICQ7.2\ICQ.exe" -> C:\Programme\ICQ7.2\ICQ.exe
[C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2] -> [2010.07.05 14:42:02 |
000,133,368 | ---- | M | MD5 = 5C2F10972BECA53D9FBE9F44CD567269] (ICQ, LLC.)
< Standard Profile Authorized Applications List > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
->
"C:\Programme\Dell\MediaDirect\PCMService.exe" ->
C:\Programme\Dell\MediaDirect\PCMService.exe
[C:\Programme\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink
PowerCinema Resident Program] -> [2007.04.16 18:10:26 | 000,184,320 |
---- | M | MD5 = 8289C20BECBEA1348F7FF4D08F4C4F19] (CyberLink Corp.)
"C:\Programme\ICQ6.5\ICQ.exe" -> C:\Programme\ICQ6.5\ICQ.exe
[C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6] -> File not found
"C:\Programme\ICQ6\ICQ.exe" -> C:\Programme\ICQ6\ICQ.exe
[C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6] -> File not found
"C:\Programme\ICQ7.2\aolload.exe" -> C:\Programme\ICQ7.2\aolload.exe
[C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe] -> [2010.07.05
14:42:02 | 000,010,800 | ---- | M | MD5 =
212C58D4ED065EBB1A42B8F2602DD7CB] (AOL LLC)
"C:\Programme\ICQ7.2\ICQ.exe" -> C:\Programme\ICQ7.2\ICQ.exe
[C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2] -> [2010.07.05 14:42:02 |
000,133,368 | ---- | M | MD5 = 5C2F10972BECA53D9FBE9F44CD567269] (ICQ, LLC.)
"C:\spiele\WinBrick2000\Brick2K.exe" ->
C:\spiele\WinBrick2000\Brick2K.exe
[C:\spiele\WinBrick2000\Brick2K.exe:*:Enabled:WinBrick2000] -> File not
found
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" ->
C:\WINDOWS\System32\ZoneLabs\avsys\ScanningProcess.exe
[C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky
AV Scanner] -> [2007.09.11 22:09:16 | 000,135,168 | ---- | M | MD5 =
ACF1F8305B3922A3BE69241F908BB8E3] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM-Laufwerktreiber ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2004.08.13 14:54:56 |
000,000,000 | ---- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
< MountPoints2 [HKEY_CURRENT_USER] > ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
->
\{06577c5d-f223-11dd-84d3-001c23b64529}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06577c5d-f223-11dd-84d3-001c23b64529}\Shell\AutoRun
\{06577c5d-f223-11dd-84d3-001c23b64529}\Shell\AutoRun\\"" -> [Auto&Play]
-> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{06577c5d-f223-11dd-84d3-001c23b64529}\Shell\AutoRun\command
\{06577c5d-f223-11dd-84d3-001c23b64529}\Shell\AutoRun\command\\"" ->
[explorer .\index.html] -> File not found
< Registry Shell Spawning - Select to Repair > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->

Jenjen · 15.07.2010, 18:38

hier der zweite Teil

Code:

ATTFilter

[Registry - Additional Scans - Safe List]
< ActiveX StubPath [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\ ->
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} [KeyFileName] ->
C:\Programme\Java\jre1.6.0_07\bin\regutils.dll [(default): Java (Sun);
IsInstalled: 1] -> [2008.06.10 04:44:26 | 000,237,568 | ---- | M | MD5 =
8AEDA6095D274AF81C86712A3F80398C] (Sun Microsystems, Inc.)
{10072CEC-8CC1-11D1-986E-00A0C955B42F} [HKLM] -> Reg Error: Key error.
[(default): Vektorgrafik-Rendering (VML); IsInstalled: 01 00 00 00
[binary data]] -> File not found
{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} [StubPath] -> [ComponentID:
NetShow; IsInstalled: 1] ->
{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] -> [(default):
Microsoft Windows Media Player 6.4; IsInstalled: 1] ->
{283807B5-2C60-11D0-A31D-00AA00B92C03} [HKLM] -> Reg Error: Key error.
[(default): DirectAnimation; IsInstalled: 1] -> File not found
{2A3320D6-C805-4280-B423-B665BDE33D8F} [HKLM] -> Reg Error: Key error.
[(default): Microsoft .NET Framework 1.1 Security Update (KB979906);
IsInstalled: 1] -> File not found
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [StubPath] ->
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll [(default): Themes Setup; IsInstalled:
1] ->
{36f8ec70-c29a-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error.
[(default): Dynamic HTML-Datenbindung für Java; IsInstalled: 1] -> File
not found
{3af36230-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error.
[(default): Offline Browsing Pack; IsInstalled: 1] -> File not found
{3bf42070-b3b1-11d1-b5c5-0000f8051515} [HKLM] -> Reg Error: Key error.
[(default): Uniscribe; IsInstalled: 1] -> File not found
{411EDCF7-755D-414E-A74B-3DCD6583F589} [HKLM] -> Reg Error: Key error.
[(default): Microsoft .NET Framework 1.1 Service Pack 1 (KB867460);
IsInstalled: 1] -> File not found
{4278c270-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error.
[(default): Erweitertes Authoring; IsInstalled: 1] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [StubPath] ->
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user
/install [(default): Microsoft Outlook Express 6; IsInstalled: 1] ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [StubPath] -> rundll32.exe
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [(default):
NetMeeting 3.01; IsInstalled: 01 00 00 00 [binary data]] ->
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error.
[(default): DirectShow; IsInstalled: 1] -> File not found
{44BBA855-CC51-11CF-AAFA-00AA00B6015F} [HKLM] -> Reg Error: Key error.
[(default): DirectDrawEx; IsInstalled: 1] -> File not found
{45ea75a0-a269-11d1-b5bf-0000f8051515} [HKLM] -> Reg Error: Key error.
[(default): Internet Explorer Help; IsInstalled: 1] -> File not found
{4f216970-c90c-11d1-b5c7-0000f8051515} [HKLM] -> Reg Error: Key error.
[(default): DirectAnimation Java Classes; IsInstalled: 1] -> File not found
{4f645220-306d-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error.
[(default): Microsoft Windows Script 5.6; IsInstalled: 1] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [StubPath] -> rundll32.exe
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [(default): Windows
Messenger 4.7; IsInstalled: 1] ->
{5A8D6EE0-3E18-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error.
[ComponentID: ICW; IsInstalled: 1] -> File not found
{5fd399c0-a70a-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error.
[(default): Internet Explorer Setup Tools; IsInstalled: 1] -> File not found
{6BF52A52-394A-11d3-B153-00C04F79FAA6} [StubPath] -> rundll32.exe
advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
[(default): Microsoft Windows Media Player; IsInstalled: 1] ->
{6fab99d0-bab8-11d1-994a-00c04f98bbc9} [HKLM] -> Reg Error: Key error.
[(default): MSN Site Access; IsInstalled: 1] -> File not found
{73fa19d0-2d75-11d2-995d-00c04f98bbc9} [HKLM] -> Reg Error: Key error.
[(default): Web Folders; IsInstalled: 1] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [StubPath] ->
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT
/user /install [(default): Adressbuch 6; IsInstalled: 1] ->
{89820200-ECBD-11cf-8B85-00AA005B4340} [StubPath] -> regsvr32.exe /s /n
/i:U shell32.dll [(default): Windows Desktop-Update; IsInstalled: 1] ->
{89820200-ECBD-11cf-8B85-00AA005B4383} [StubPath] ->
C:\WINDOWS\system32\ie4uinit.exe -BaseSettings [(default): Internet
Explorer; IsInstalled: 1] ->
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [StubPath] ->
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\mscories.dll,Install [ComponentID: DOTNETFRAMEWORKS;
IsInstalled: 1] ->
{8b15971b-5355-4c82-8c07-7e181ea07608} [StubPath] -> rundll32.exe
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser [(default): Fax;
IsInstalled: 1] ->
{9381D8F2-0288-11D0-9501-00AA00B911A5} [HKLM] -> Reg Error: Key error.
[(default): Dynamic HTML Data Binding; IsInstalled: 1] -> File not found
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} [StubPath] -> [(default): Fax
Provider; IsInstalled: 1] ->
{C9E9A340-D1F1-11D0-821E-444553540600} [HKLM] -> Reg Error: Key error.
[(default): Internet Explorer Core Fonts; IsInstalled: 1] -> File not found
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} [HKLM] -> Reg Error: Key error.
[(default): .NET Framework] -> File not found
{CC2A9BA0-3BDD-11D0-821E-444553540000} [HKLM] -> Reg Error: Key error.
[(default): Taskplaner; IsInstalled: 1] -> File not found
{CDD7975E-60F8-41d5-8149-19E51D6F71D0} [HKLM] -> Reg Error: Key error.
[ComponentID: Windows Movie Maker v2.1; IsInstalled: 01 00 00 00 [binary
data]] -> File not found
{D27CDB6E-AE6D-11cf-96B8-444553540000} [HKLM] ->
C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx [(default): Adobe Flash
Player; IsInstalled: 01 00 00 00 [binary data]] -> [2007.11.21 02:04:14
| 002,987,392 | R--- | M | MD5 = D3C50535C26190FEAD7785A03499C0AC]
(Adobe Systems, Inc.)
{de5aed00-a4bf-11d1-9948-00c04f98bbc9} [HKLM] -> Reg Error: Key error.
[(default): HTML Help; IsInstalled: 1] -> File not found
{E78BFA60-5393-4C38-82AB-E8019E464EB4} [HKLM] -> Reg Error: Key error.
[(default): .NET Framework] -> File not found
{E92B03AB-B707-11d2-9CBD-0000F87A369E} [HKLM] -> Reg Error: Key error.
[(default): Active Directory Service Interface; IsInstalled: 01 00 00 00
[binary data]] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [StubPath] ->
C:\WINDOWS\system32\ieudinit.exe [(default): Versions-Update für
Internet Explorer; IsInstalled: 1] ->
>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} [StubPath] ->
C:\WINDOWS\inf\unregmp2.exe /ShowWMP [(default): Windows Media Player;
IsInstalled: 0] ->
>{26923b43-4d38-484f-9b9e-de460746276c} [StubPath] ->
C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig [(default): Internet
Explorer; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [StubPath] ->
"C:\WINDOWS\system32\rundll32.exe"
"C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [(default):
Browser Customizations; IsInstalled: 1] ->
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [StubPath] -> RunDLL32
IEDKCS32.DLL,BrandIE4 SIGNUP [(default): Browseranpassungen;
IsInstalled: 1] ->
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [StubPath] ->
%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [(default):
Outlook Express; IsInstalled: 1] ->
< ActiveX StubPath [HKEY_USERS\.DEFAULT\] > ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed
Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-18\] > ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Active Setup\Installed
Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-19\] > ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Active Setup\Installed
Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
< ActiveX StubPath [HKEY_USERS\S-1-5-20\] > ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Active Setup\Installed
Components\ ->
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
< ActiveX StubPath
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Active
Setup\Installed Components\ ->
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{44BBA840-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{44BBA842-CC51-11CF-AAFA-00AA00B6015B} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{44BBA848-CC51-11CF-AAFA-00AA00B6015C} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{5945c046-1e7d-11d1-bc44-00c04fd912be} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{7790769C-0471-11d2-AF11-00C04FA35D02} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4340} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{89820200-ECBD-11cf-8B85-00AA005B4383} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{89B4C1CD-B018-4511-B0A1-5476DBF70820} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{8b15971b-5355-4c82-8c07-7e181ea07608} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
{94de52c8-2d59-4f1b-883e-79663d2d9a8c} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
>{26923b43-4d38-484f-9b9e-de460746276c} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS [HKLM] -> Reg Error: Key
error. [(no name)] -> File not found
>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} [HKLM] -> Reg Error: Key error.
[(no name)] -> File not found
InitiallyClear [HKLM] -> Reg Error: Key error. [(no name)] -> File not found
< App Paths [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ ->
1602.exe -> C:\spiele\ANNO1602\1602.exe [C:\spiele\ANNO1602\1602.exe] ->
[2000.01.19 01:53:00 | 000,651,264 | ---- | M | MD5 =
6F1415DA126CE0473137EA420FDDD931] (MAX DESIGN)
AcroRd32.exe -> C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe
[C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe] -> [2007.05.11
04:06:38 | 000,341,616 | ---- | M | MD5 =
80660C611B596FFE8AF4074B31AA6FB7] (Adobe Systems Incorporated)
bckgzm.exe -> C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe
[C:\Programme\MSN Gaming Zone\Windows\bckgzm.exe] -> [2004.08.04
16:00:00 | 000,042,577 | ---- | M | MD5 =
201CA5901895B439557C945A73F213FD] (Microsoft Corporation)
ccleaner.exe -> C:\Programme\CCleaner\CCleaner.exe
[C:\Programme\CCleaner\ccleaner.exe] -> [2010.06.23 23:07:14 |
001,699,128 | ---- | M | MD5 = 33EF7A3E3B2004E9A225AF3D98D5BC21]
(Piriform Ltd)
chkrzm.exe -> C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe
[C:\Programme\MSN Gaming Zone\Windows\chkrzm.exe] -> [2004.08.04
16:00:00 | 000,042,575 | ---- | M | MD5 =
5CB19E77D8D7EDE3F803B52D3C8CDE16] (Microsoft Corporation)
CloneCD.exe -> C:\Programme\SlySoft\CloneCD\CloneCD.exe
[C:\Programme\SlySoft\CloneCD\CloneCD.exe] -> [2007.10.28 16:57:08 |
001,420,288 | ---- | M | MD5 = D13FB5D4CC4C38A7EBBFA49D7FF6F946]
(SlySoft, Inc.)
CloneCDTray.exe -> C:\Programme\SlySoft\CloneCD\CloneCDTray.exe
[C:\Programme\SlySoft\CloneCD\CloneCDTray.exe] -> [2006.09.28 21:21:04 |
000,057,344 | ---- | M | MD5 = D7779335B0EBC0A7B9C7D0E1105EA078]
(SlySoft, Inc.)
CONF.EXE -> C:\Programme\NetMeeting\conf.exe
[C:\Programme\NetMeeting\conf.exe] -> [2008.04.14 04:22:39 | 001,040,384
| ---- | M | MD5 = D52FA0554CC9A767299710BBE7454A35] (Microsoft Corporation)
CT4IM.exe -> C:\Programme\Creative\Creative Live! Cam\Live! Cam
Avatar\CT4IM.exe [C:\Programme\Creative\Creative Live! Cam\Live! Cam
Avatar\CT4IM.exe] -> [2007.04.11 16:11:20 | 000,917,504 | ---- | M | MD5
= E1A6AFFE6FCE75991AB9F7368C086420] ()
CtAfxApp.exe -> C:\Programme\Creative Live! Cam\AudioFX\CtAfxApp.exe
[C:\Programme\Creative Live! Cam\AudioFX\CtAfxApp.exe] -> [2006.08.15
03:00:02 | 000,024,576 | ---- | M | MD5 =
4DF738E0E559834185AB0DC44D9FD9CF] (Creative Technology Ltd.)
CTIEMain.exe -> C:\Programme\Creative\Creative Live! Cam\Live! Cam
Avatar Creator\CT Program\CTIEMain.exe [C:\Programme\Creative\Creative
Live! Cam\Live! Cam Avatar Creator\CT Program\CTIEMain.exe] ->
[2007.05.17 21:34:40 | 000,200,822 | ---- | M | MD5 =
674E3D3514A737B94B4386684F2A3673] (Reallusion Inc.)
DellWMgr.exe -> C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe
[C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe] -> [2007.07.27
18:43:34 | 000,118,784 | ---- | M | MD5 =
DAC9B43BBFA0359E252DDB0CB91DEA6D] (Creative Technology Ltd.)
dialer.exe -> C:\Programme\Windows NT\dialer.exe [C:\Programme\Windows
NT\dialer.exe] -> [2008.04.14 04:22:42 | 000,545,280 | ---- | M | MD5 =
32540B63C37A6592E0FEB8AE598154A7] (Microsoft Corporation)
DLG.exe -> C:\Programme\Digital Line Detect\DLG.exe
[C:\Programme\Digital Line Detect\DLG.exe] -> [2006.11.03 20:02:14 |
000,050,688 | ---- | M | MD5 = F03FFC962E18F36A922E61F96BE09925]
(Avanquest Software )
DModem.exe -> C:\Programme\Modem Diagnostic Tool\DModem.exe
[C:\PROGRA~1\MODEMD~1\DModem.exe] -> [2007.01.19 15:46:38 | 000,374,368
| ---- | M | MD5 = 47A2CF06EF41723E8C7C01AE899F2150] (Conexant Systems,
inc.)
DrgToDsc.exe -> C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe
[C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe] -> [2006.08.17 11:00:00 |
001,116,920 | ---- | M | MD5 = BD57A6AFA05DF87BCAE9BB11FB0C4DDE] (Roxio)
Eq2001.exe -> C:\Programme\Midas Interactive\Equestriad 2001\eq2001.exe
[C:\Programme\Midas Interactive\Equestriad 2001\Eq2001.exe] ->
[2000.11.11 01:27:38 | 000,450,560 | ---- | M | MD5 =
7CF797FEE257B53EA26CB667E8CB07EC] (Tantalus)
excel.exe -> C:\Programme\Microsoft Office\Office12\EXCEL.EXE
[C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE] -> [2006.10.27 15:07:36 |
017,891,112 | ---- | M | MD5 = 0187BDAFBAFAF967BB91B4F2D8E33BC8]
(Microsoft Corporation)
EyeCatcherEx.dll -> C:\Programme\Creative Live!
Cam\VideoFX\EyeCatcherEx.dll [C:\Programme\Creative Live!
Cam\VideoFX\EyeCatcherEx.dll] -> [2007.07.26 21:08:00 | 000,425,984 |
---- | M | MD5 = 27FAAE79F3094F2E4B4021A1EEDE76BA] ()
firefox.exe -> C:\Programme\Mozilla Firefox\firefox.exe
[C:\Programme\Mozilla Firefox\firefox.exe] -> [2010.06.26 10:43:35 |
000,910,296 | ---- | M | MD5 = 8FC4306F0FFAA592BBA29F9273293D22]
(Mozilla Corporation)
FreeDoko.exe -> C:\spiele\FreeDoko\FreeDoko.exe
[C:\Spiele\FreeDoko\FreeDoko.exe] -> [2008.10.26 14:07:24 | 006,908,315
| ---- | M | MD5 = F5F7C2985AE137AE1468570779666C0E] ()
gimp-2.6.exe -> C:\Programme\Gimp-2.0\bin\gimp-2.6.exe
[C:\Programme\Gimp-2.0\bin\gimp-2.6.exe] -> [2008.10.01 18:53:30 |
004,608,568 | ---- | M | MD5 = 80BC23519D823D7E9B664B20FB86C2E3] ()
HELPCTR.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
[C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe] -> [2008.04.14
04:22:47 | 000,769,024 | ---- | M | MD5 =
B63C804F5777FB0694D083F321ED6071] (Microsoft Corporation)
hrtzzm.exe -> C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe
[C:\Programme\MSN Gaming Zone\Windows\hrtzzm.exe] -> [2004.08.04
16:00:00 | 000,042,573 | ---- | M | MD5 =
3889F32864A1BCB40B52BAB8DAE7CD79] (Microsoft Corporation)
hypertrm.exe -> C:\Programme\Windows NT\hypertrm.exe
["C:\Programme\Windows NT\hypertrm.exe"] -> [2004.08.04 16:00:00 |
000,028,160 | ---- | M | MD5 = 8430D122A2889AEF9F2783B70A1312F0]
(Hilgraeve, Inc.)
ICQ.exe -> C:\Programme\ICQ7.2\ICQ.exe [C:\Programme\ICQ7.2\ICQ.exe] ->
[2010.07.05 14:42:02 | 000,133,368 | ---- | M | MD5 =
5C2F10972BECA53D9FBE9F44CD567269] (ICQ, LLC.)
ICWCONN1.EXE -> C:\Programme\Internet Explorer\Connection
Wizard\ICWCONN1.EXE ["C:\Programme\Internet Explorer\Connection
Wizard\ICWCONN1.EXE"] -> [2008.04.14 04:22:48 | 000,218,624 | ---- | M |
MD5 = 2E7A34FE32391BE7E355CF2112CBFDA2] (Microsoft Corporation)
ICWCONN2.EXE -> C:\Programme\Internet Explorer\Connection
Wizard\ICWCONN2.EXE ["C:\Programme\Internet Explorer\Connection
Wizard\ICWCONN2.EXE"] -> [2008.04.14 04:22:48 | 000,086,016 | ---- | M |
MD5 = BF8908D9736640CD2B568C360AABAAAD] (Microsoft Corporation)
INETWIZ.EXE -> C:\Programme\Internet Explorer\Connection
Wizard\INETWIZ.EXE ["C:\Programme\Internet Explorer\Connection
Wizard\INETWIZ.EXE"] -> [2008.04.14 04:22:49 | 000,020,480 | ---- | M |
MD5 = B0C09CCBD188660FBEC6780638F7D430] (Microsoft Corporation)
install.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File
not found
ISIGNUP.EXE -> C:\Programme\Internet Explorer\Connection
Wizard\ISIGNUP.EXE ["C:\Programme\Internet Explorer\Connection
Wizard\ISIGNUP.EXE"] -> [2004.08.04 16:00:00 | 000,016,384 | ---- | M |
MD5 = F692F7AAA0A5C08D7C86E9EB799D4FE8] (Microsoft Corporation)
javaws.exe -> C:\Programme\Java\jre1.6.0_07\bin\javaws.exe
[C:\Programme\Java\jre1.6.0_07\bin\javaws.exe] -> [2008.06.10 02:32:34 |
000,139,264 | ---- | M | MD5 = 3106718BBD9FF261C061AF1D86B5C56C] (Sun
Microsystems, Inc.)
LiveCamDe.exe -> C:\Programme\Dell\Dell Webcam Center\LiveCamDe.exe
[C:\Programme\Dell\Dell Webcam Center\LiveCamDe.exe] -> [2007.07.19
13:04:26 | 000,303,211 | ---- | M | MD5 =
E8BD16191FCCD3AAF7CC8F8E3E6E0E36] (Creative Technology Ltd)
mantispm.exe -> C:\Programme\Zone
Labs\ZoneAlarm\MailFrontier\mantispm.exe
[C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe] -> [2007.05.11
08:50:24 | 000,804,376 | ---- | M | MD5 =
45B259E816083E9F6616BF8885B817C3] ( )
mbam.exe -> C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
[C:\Programme\Malwarebytes' Anti-Malware\mbam.exe] -> [2010.04.29
12:19:18 | 001,090,952 | ---- | M | MD5 =
47EA3CF0F509480554A058C6D7641ED0] (Malwarebytes Corporation)
MDirect.exe -> C:\Programme\Dell\MediaDirect\MDirect.exe
[C:\Programme\Dell\MediaDirect\MDirect.exe] -> [2007.04.16 18:10:26 |
000,040,960 | ---- | M | MD5 = 0D6340BE0D39C430BF08867EBB7EEBB5]
(CyberLink Corp.)
MediaCapture9.exe -> C:\Programme\Roxio\Media Import 9\MediaCapture9.exe
[C:\Programme\Roxio\Media Import 9\MediaCapture9.exe] -> [2006.09.21
03:21:10 | 000,339,968 | ---- | M | MD5 =
151F8C8049D881757A92E41AD0463AED] (Sonic Solutions)
MFTBOX.EXE -> C:\Programme\Canon\MF Toolbox Ver4.7\MfTBox.exe
[C:\Programme\Canon\MF Toolbox Ver4.7\MFTBOX.EXE] -> [2004.11.12
13:15:04 | 000,548,864 | ---- | M | MD5 =
F081A2A9A32D918CFCD5D3A1EFF1028D] (CANON INC.)
migwiz.exe -> C:\WINDOWS\system32\usmt\migwiz.exe
[%SystemRoot%\system32\usmt\migwiz.exe] -> [2008.04.14 04:22:51 |
000,252,416 | ---- | M | MD5 = A85632ECE7174A730217BEA3B18FAE76]
(Microsoft Corporation)
MlfHook.dll -> C:\Programme\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
[C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\MlfHook.dll] -> [2007.05.11
08:50:26 | 000,012,312 | ---- | M | MD5 =
773327620B9021D2516809295EC73D7F] ()
MlfOE.dll -> C:\Programme\Zone Labs\ZoneAlarm\MailFrontier\MlfOE.dll
[C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\MlfOE.dll] -> [2007.05.11
08:50:56 | 000,685,592 | ---- | M | MD5 =
673F35A1B0D0F8D648398E19A86E3DDA] ( )
mlfoshim.dll -> C:\Programme\Zone
Labs\ZoneAlarm\MailFrontier\mlfoshim.dll
[C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfoshim.dll] -> [2007.05.11
08:50:40 | 000,726,552 | ---- | M | MD5 =
72D1B970A00004D05E65183D622A96F3] ( )
moviemk.exe -> C:\Programme\Movie Maker\moviemk.exe [C:\Programme\Movie
Maker\moviemk.exe] -> [2009.10.23 17:28:37 | 003,558,912 | ---- | M |
MD5 = E002A7E05185BD7FC7646CD229311B22] (Microsoft Corporation)
mplayer2.exe -> C:\Programme\Windows Media Player\mplayer2.exe
["C:\Programme\Windows Media Player\mplayer2.exe"] -> [2008.04.14
04:22:53 | 000,004,639 | ---- | M | MD5 =
74454AD03540B9E8B9C39563A4F10FB7] (Microsoft Corporation)
MSACCESS.EXE -> C:\Programme\Microsoft Office\Office12\MSACCESS.EXE
[C:\PROGRA~1\MICROS~3\Office12\MSACCESS.EXE] -> [2006.10.27 15:01:34 |
010,371,880 | ---- | M | MD5 = 68F21BF71D2AFF8D9AD6EC9604E97AC0]
(Microsoft Corporation)
MSCONFIG.EXE -> C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe
[C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe] -> [2008.04.14
04:22:53 | 000,172,544 | ---- | M | MD5 =
07224089294758E956FA1DBCBF51B801] (Microsoft Corporation)
msimn.exe -> C:\Programme\Outlook Express\msimn.exe
[%ProgramFiles%\Outlook Express\msimn.exe] -> [2008.04.14 04:22:53 |
000,060,416 | ---- | M | MD5 = 426DC783E4E718B9F38A4C31436154FA]
(Microsoft Corporation)
msinfo32.exe -> C:\Programme\Gemeinsame Dateien\Microsoft
Shared\MSInfo\msinfo32.exe [C:\Programme\Gemeinsame Dateien\Microsoft
Shared\MSInfo\MSInfo32.exe] -> [2004.08.04 16:00:00 | 000,040,448 | ----
| M | MD5 = 7A4FB4C5ABEB89628D69AEC1BFD68449] (Microsoft Corporation)
MsoHtmEd.exe -> Reg Error: Value error. [Reg Error: Value error.] ->
File not found
msoxmled.exe -> C:\Programme\Gemeinsame Dateien\Microsoft
Shared\OFFICE12\MSOXMLED.EXE [C:\Programme\Gemeinsame Dateien\Microsoft
Shared\OFFICE12\MSOXMLED.EXE] -> [2006.10.26 21:41:50 | 000,059,152 |
---- | M | MD5 = D62AF8D56065619E3189563099185C45] (Microsoft Corporation)
msworks.exe -> C:\Programme\Microsoft Works\MSWorks.exe
[C:\Programme\Microsoft Works\msworks.exe] -> [2006.06.02 00:46:22 |
000,565,248 | ---- | M | MD5 = 4209E07DCF7AB30B009B35645395192A]
(Microsoft® Corporation)
MyDVD9.exe -> C:\Programme\Roxio\VideoUI 9\MyDVD9.exe
[C:\Programme\Roxio\VideoUI 9\MyDVD9.exe] -> [2006.11.05 14:01:58 |
000,229,376 | ---- | M | MD5 = 7110F035EA40C8733763A1CEFA76649E] ()
netwaiting.exe -> C:\Programme\NetWaiting\NetWaiting.exe
[C:\Programme\NetWaiting\netwaiting.exe] -> [2007.01.08 15:48:58 |
000,026,152 | ---- | M | MD5 = 0B845CF1C6F98729DB07C4DBD6535AA6] (BVRP)
ois.exe -> C:\Programme\Microsoft Office\Office12\OIS.EXE
[C:\PROGRA~1\MICROS~3\Office12\OIS.EXE] -> [2006.10.26 20:00:08 |
000,274,744 | ---- | M | MD5 = FC3396B88F31636817D31F592A0DA848]
(Microsoft Corporation)
Origin81.exe -> C:\Programme\OriginLab\Origin81\Origin81.exe
[C:\Programme\OriginLab\Origin81\Origin81.exe] -> [2010.03.04 13:41:52 |
000,434,176 | ---- | M | MD5 = CCFC8F67E0E389E8D2663484AFF61231]
(OriginLab Corporation)
pbrush.exe -> C:\WINDOWS\system32\mspaint.exe
[%SystemRoot%\system32\mspaint.exe] -> [2009.12.17 09:40:01 |
000,346,624 | ---- | M | MD5 = 8B9D6800D0CAC42132CD1573A13CFE7B]
(Microsoft Corporation)
pinball.exe -> C:\Programme\Windows NT\Pinball\pinball.exe
[C:\Programme\Windows NT\Pinball\pinball.exe] -> [2008.04.14 04:22:57 |
000,282,624 | ---- | M | MD5 = 97738A3B0AC3CD5C52BB350CBEEC2F23]
(Cinematronics)
powerpnt.exe -> C:\Programme\Microsoft Office\Office12\POWERPNT.EXE
[C:\PROGRA~1\MICROS~3\Office12\POWERPNT.EXE] -> [2006.10.27 15:04:06 |
000,465,200 | ---- | M | MD5 = DC53BA349C9284775893B5377E860F2E]
(Microsoft Corporation)
RegCloneCD -> C:\Programme\SlySoft\CloneCD\RegCloneCD.exe
[C:\Programme\SlySoft\CloneCD\RegCloneCD.exe] -> [2007.05.21 21:24:11 |
000,089,288 | ---- | M | MD5 = 7FDDDB5A640C0AC15E64BBC1A00AA652]
(SlySoft, Inc.)
Roxio_Central33.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\Roxio Central33\Main\Roxio_Central33.exe
[C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\Roxio
Central33\Main\Roxio_Central33.exe] -> [2006.11.06 05:30:00 |
002,367,488 | ---- | M | MD5 = F354669460AF1397B7E54B374023655C] ()
RoxMediaDB9.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe [C:\Programme\Gemeinsame
Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe] -> [2006.11.05
13:15:12 | 000,880,640 | ---- | M | MD5 =
EBCDE8B48FADC6479D96A56D0A432160] (Sonic Solutions)
RoxWatch9.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe [C:\Programme\Gemeinsame
Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe] -> [2006.11.05
13:13:00 | 000,159,744 | ---- | M | MD5 =
AB2B1DE1C8F31EFCE2384B14B3DC4260] (Sonic Solutions)
RoxWatchTray9.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe [C:\Programme\Gemeinsame
Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe] -> [2006.11.05
13:22:16 | 000,221,184 | ---- | M | MD5 =
1AAD451CCBECE62987591B35AE8037A8] (Sonic Solutions)
RoxWizardLauncher9.exe -> C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWizardLauncher9.exe [C:\Programme\Gemeinsame
Dateien\Roxio Shared\9.0\SharedCom\RoxWizardLauncher9.exe] ->
[2006.11.05 13:22:02 | 000,126,976 | ---- | M | MD5 =
C32348D1C0BCAFD15F73EF8B7DC89CAD] (Sonic Solutions)
rvsezm.exe -> C:\Programme\MSN Gaming Zone\Windows\Rvsezm.exe
[C:\Programme\MSN Gaming Zone\Windows\rvsezm.exe] -> [2004.08.04
16:00:00 | 000,042,574 | ---- | M | MD5 =
155494D43CEDCCF40760ACB148A303E3] (Microsoft Corporation)
sbase.exe -> C:\Programme\OpenOffice.org 3\program\sbase.exe
[C:\Programme\OpenOffice.org 3\program\sbase.exe] -> [2008.09.19
19:32:44 | 000,304,128 | ---- | M | MD5 =
C0C1A4E70004BA32BB402C1DAE477794] ()
scalc.exe -> C:\Programme\OpenOffice.org 3\program\scalc.exe
[C:\Programme\OpenOffice.org 3\program\scalc.exe] -> [2008.09.19
19:32:32 | 000,304,128 | ---- | M | MD5 =
53702181EC97172030B4D822404A7C85] ()
sdraw.exe -> C:\Programme\OpenOffice.org 3\program\sdraw.exe
[C:\Programme\OpenOffice.org 3\program\sdraw.exe] -> [2008.09.19
19:32:34 | 000,304,128 | ---- | M | MD5 =
3BA7B20B2C3A01C2C76ED53220EA832A] ()
setup.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File
not found
shvlzm.exe -> C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe
[C:\Programme\MSN Gaming Zone\Windows\shvlzm.exe] -> [2004.08.04
16:00:00 | 000,042,573 | ---- | M | MD5 =
0C06802AE1870C4143021803079FCC99] (Microsoft Corporation)
simpress.exe -> C:\Programme\OpenOffice.org 3\program\simpress.exe
[C:\Programme\OpenOffice.org 3\program\simpress.exe] -> [2008.09.19
19:32:38 | 000,304,128 | ---- | M | MD5 =
D08888BF6B8F91C9336013EB9D7847A7] ()
Sims2.exe -> C:\spiele\EA GAMES\Die Sims 2\TSBin\Sims2.exe [C:\Spiele\EA
GAMES\Die Sims 2\TSBin\Sims2.exe] -> [2005.01.20 14:04:41 | 015,204,977
| ---- | M | MD5 = 755EF789B46C3E23EAF41801136F5611] (Maxis, a division
of Electronic Arts Inc.)
Sims2EP1.exe -> C:\spiele\EA GAMES\Die Sims 2 Wilde
Campus-Jahre\TSBin\Sims2EP1.exe [C:\Spiele\EA GAMES\Die Sims 2 Wilde
Campus-Jahre\TSBin\Sims2EP1.exe] -> [2005.02.15 06:43:08 | 015,757,472 |
---- | M | MD5 = 6BC08714840BE2B7BD686A9BDA128D8F] (Maxis, a division of
Electronic Arts Inc.)
Sims2EP2.exe -> C:\Programme\EA GAMES\Die Sims 2
Nightlife\TSBin\Sims2EP2.exe [C:\Programme\EA GAMES\Die Sims 2
Nightlife\TSBin\Sims2EP2.exe] -> [2005.08.18 02:56:01 | 016,569,658 |
---- | M | MD5 = FADD297A17DA4E5DE6F2A98049ACFA1C] (Maxis, a division of
Electronic Arts Inc.)
Sims2EP3.exe -> C:\spiele\EA GAMES\Die Sims 2 Open For
Business\TSBin\Sims2EP3.exe [C:\Spiele\EA GAMES\Die Sims 2 Open For
Business\TSBin\Sims2EP3.exe] -> [2006.02.07 02:40:36 | 016,760,654 |
---- | M | MD5 = 4662132AECB9D426B926E389719A7BF3] (Maxis, a division of
Electronic Arts Inc.)
Sims2EP4.exe -> C:\spiele\EA GAMES\Die Sims 2
Haustiere\TSBin\Sims2EP4.exe [C:\spiele\EA GAMES\Die Sims 2
Haustiere\TSBin\Sims2EP4.exe] -> [2006.09.09 10:07:17 | 017,565,619 |
---- | M | MD5 = 611962750D0980603D8210D44A8328E1] (Maxis, a division of
Electronic Arts Inc.)
Sims2SP2.exe -> C:\spiele\EA GAMES\Die Sims 2
Glamour-Accessoires\TSBin\Sims2SP2.exe
[C:\spiele\EAGAME~1\DIESIM~4\TSBin\Sims2SP2.exe] -> [2006.07.21 15:10:38
| 016,768,756 | ---- | M | MD5 = AD61848537EDF36D541A225EE88CBAE9]
(Maxis, a division of Electronic Arts Inc.)
smath.exe -> C:\Programme\OpenOffice.org 3\program\smath.exe
[C:\Programme\OpenOffice.org 3\program\smath.exe] -> [2008.09.19
19:32:40 | 000,304,128 | ---- | M | MD5 =
3279DC2F2DA182A22EC5FFD28A6FA155] ()
soffice.exe -> C:\Programme\OpenOffice.org 3\program\soffice.exe
[C:\Programme\OpenOffice.org 3\program\soffice.exe] -> [2008.09.30
17:49:34 | 007,424,000 | ---- | M | MD5 =
D9F39EB720E2E171AD1D1CE0BE1DEF2B] (OpenOffice.org)
StartFX.exe -> C:\Programme\Creative Live! Cam\VideoFX\StartFX.exe
[C:\Programme\Creative Live! Cam\VideoFX\StartFX.exe] -> [2007.07.27
11:23:12 | 000,020,480 | ---- | M | MD5 =
28A19E2D50CBCCFF375720FB14961A26] (Creative Technology Ltd.)
STAX.exe -> C:\Programme\Roxio\Express Labeler 2\stax.exe
[C:\Programme\Roxio\Express Labeler 2\stax.exe] -> [2006.09.14 16:54:36
| 001,175,552 | ---- | M | MD5 = 30CA022F4F5EADFFD7CA00529D580A50]
(MicroVision Development, Inc.)
swriter.exe -> C:\Programme\OpenOffice.org 3\program\swriter.exe
[C:\Programme\OpenOffice.org 3\program\swriter.exe] -> [2008.09.19
19:32:28 | 000,304,128 | ---- | M | MD5 =
4A63AE435D1D267852B6961D89719DA4] ()
table30.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File
not found
Tafelwerk.exe -> C:\Programme\Cornelsen\Das große Tafelwerk
interaktiv\Tafelwerk.exe [C:\Programme\Cornelsen\Das große Tafelwerk
interaktiv\Tafelwerk.exe] -> [2003.04.22 15:26:18 | 000,770,560 | ---- |
M | MD5 = 6A57153F59C397CA694E15487F28713B] (Cornelsen Verlag / VWV)
TextPad.exe -> C:\Programme\TextPad 5\TextPad.exe [C:\Programme\TextPad
5\TextPad.exe] -> [2008.03.10 13:55:50 | 003,005,952 | ---- | M | MD5 =
E7F7A64E1CB63AAA0312BF09ED19F1C1] (Helios Software Solutions)
thunderbird.exe -> C:\Programme\Mozilla Thunderbird\thunderbird.exe
[C:\Programme\Mozilla Thunderbird\thunderbird.exe] -> [2010.07.14
13:55:19 | 012,732,080 | ---- | M | MD5 =
C620B86D3607752BD74463186A1426FB] (Mozilla Messaging)
unopkg.exe -> C:\Programme\OpenOffice.org 3\program\unopkg.exe
[C:\Programme\OpenOffice.org 3\program\unopkg.exe] -> [2008.09.19
19:40:46 | 000,010,752 | ---- | M | MD5 =
258BED2FB2542B0C9930D1FE89AF4D05] ()
VCGProxyFileManager9.exe -> C:\Programme\Roxio\VideoCore
9\VCGProxyFileManager9.exe [C:\Programme\Roxio\VideoCore
9\VCGProxyFileManager9.exe] -> [2006.09.21 01:20:42 | 000,098,304 | ----
| M | MD5 = 203779C176DE443A0A9F80782291FE95] (Sonic Solutions)
VideoWave9.exe -> C:\Programme\Roxio\VideoUI 9\VideoWave9.exe
[C:\Programme\Roxio\VideoUI 9\VideoWave9.exe] -> [2006.11.05 14:03:50 |
001,347,584 | ---- | M | MD5 = FC4B230E4BD82A7275B534C4CE34571A] (Sonic
Solutions)
vpngui.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File
not found
wab.exe -> C:\Programme\Outlook Express\wab.exe [%ProgramFiles%\Outlook
Express\wab.exe] -> [2008.04.14 04:23:04 | 000,046,080 | ---- | M | MD5
= 72AD946DD359A5E3C69B90205007230B] (Microsoft Corporation)
wabmig.exe -> C:\Programme\Outlook Express\wabmig.exe
[%ProgramFiles%\Outlook Express\wabmig.exe] -> [2008.04.14 04:23:04 |
000,030,208 | ---- | M | MD5 = 06526C5E456F78B90593CEC8D4C955E8]
(Microsoft Corporation)
winnt32.exe -> Reg Error: Value error. [Reg Error: Value error.] -> File
not found
WinRAR.exe -> C:\Programme\WinRAR\WinRAR.exe
[C:\Programme\WinRAR\WinRAR.exe] -> [2007.09.20 20:34:22 | 000,936,960 |
---- | M | MD5 = 72A47494EEB5936657BED3B036391209] ()
Winword.exe -> C:\Programme\Microsoft Office\Office12\WINWORD.EXE
[C:\PROGRA~1\MICROS~3\Office12\WINWORD.EXE] -> [2006.10.27 15:23:04 |
000,347,432 | ---- | M | MD5 = CEAA5817A65E914AA178B28F12359A46]
(Microsoft Corporation)
WKPLMSTP.EXE -> C:\Programme\Microsoft Works\wkplmstp.exe
[C:\Programme\Microsoft Works\wkplmstp.exe] -> [2006.06.02 00:47:16 |
000,081,920 | ---- | M | MD5 = 9AB6D938912EF6A5963E701665246BE7]
(Microsoft Corporation)
WKSAB.EXE -> C:\Programme\Microsoft Works\wksab.exe
[C:\Programme\Microsoft Works\WKSAB.exe] -> [2006.06.02 00:47:20 |
000,009,728 | ---- | M | MD5 = 809D8EE1480085D2AF9C2D3A058397BC]
(Microsoft® Corporation)
wkscal.exe -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works
Shared\WksCal.exe [C:\Programme\Gemeinsame Dateien\Microsoft
Shared\Works Shared\wkscal.exe] -> [2006.06.02 00:48:26 | 000,114,688 |
---- | M | MD5 = 1BDED31DFDE2D4B0D833C6D06B1AF71E] (Microsoft® Corporation)
wksdb.exe -> C:\Programme\Microsoft Works\wksdb.exe
[C:\Programme\Microsoft Works\wksdb.exe] -> [2006.06.02 00:47:20 |
000,147,456 | ---- | M | MD5 = C37571F7C79C3972D641804F1DF7C0F5]
(Microsoft® Corporation)
WKSSB.EXE -> C:\Programme\Microsoft Works\WksSb.exe
[C:\Programme\Microsoft Works\WKSSB.exe] -> [2006.06.02 00:47:06 |
000,749,568 | ---- | M | MD5 = FE01A9088D1E62B0A4A31084CC6E43FC]
(Microsoft® Corporation)
wksss.exe -> C:\Programme\Microsoft Works\wksss.exe
[C:\Programme\Microsoft Works\wksss.exe] -> [2006.06.02 00:47:20 |
000,122,880 | ---- | M | MD5 = CE56C2B2D0EE4669F2C193147A83E6B7]
(Microsoft® Corporation)
wkswp.exe -> C:\Programme\Microsoft Works\WksWP.exe
[C:\Programme\Microsoft Works\wkswp.exe] -> [2006.06.02 00:47:06 |
000,126,976 | ---- | M | MD5 = 8A63E2C874514DE907AA47D629C6F48D]
(Microsoft® Corporation)
WKWCESTP.EXE -> C:\Programme\Microsoft Works\wkwcestp.exe
[C:\Programme\Microsoft Works\wkwcestp.exe] -> [2006.06.02 00:47:20 |
000,077,824 | ---- | M | MD5 = 60C51F1D270123998A457B0C1C38FAD5] ()
wmplayer.exe -> C:\Programme\Windows Media Player\wmplayer.exe
[C:\Programme\Windows Media Player\wmplayer.exe] -> [2008.04.14 04:23:06
| 000,073,728 | ---- | M | MD5 = 5C27B85537C32C899B4DF07769FAC023]
(Microsoft Corporation)
WORDPAD.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21
23:13:26 | 000,217,600 | ---- | M | MD5 =
A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation)
WRITE.EXE -> C:\Programme\Windows NT\Zubehör\WORDPAD.EXE
["%ProgramFiles%\Windows NT\Zubehör\WORDPAD.EXE"] -> [2008.04.21
23:13:26 | 000,217,600 | ---- | M | MD5 =
A03F64E664CDD7D51F75321FF32D7B92] (Microsoft Corporation)
< Approved Shell Extensions [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved ->
"{087B3AE3-E237-4467-B8DB-5A38AB959AC9}" [HKLM] ->
C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
[OpenOffice.org Infotip Handler] -> [2008.08.28 15:56:30 | 000,357,888 |
---- | M | MD5 = 3F12BDFC669499DAE6B0FBA152C94390] (Sun Microsystems, Inc.)
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" [HKLM] ->
C:\WINDOWS\system32\nvshell.dll [Desktop Explorer] -> [2007.06.06
17:35:02 | 000,466,944 | ---- | M | MD5 =
76DD76CAAEA90E5C12B32D2A3484496C] ()
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" [HKLM] ->
C:\WINDOWS\system32\nvshell.dll [Desktop Explorer Menu] -> [2007.06.06
17:35:02 | 000,466,944 | ---- | M | MD5 =
76DD76CAAEA90E5C12B32D2A3484496C] ()
"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" [HKLM] ->
C:\WINDOWS\system32\nvshell.dll [nView Desktop Context Menu] ->
[2007.06.06 17:35:02 | 000,466,944 | ---- | M | MD5 =
76DD76CAAEA90E5C12B32D2A3484496C] ()
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}" [HKLM] ->
C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll [Microsoft
Datenverknüpfung] -> [2008.04.14 04:22:23 | 000,487,424 | ---- | M | MD5
= 56330321BEF8767D8E952886EFD854E0] (Microsoft Corporation)
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" [HKLM] ->
C:\Programme\Synaptics\SynTP\SynTPCpl.dll [Synaptics Control Panel] ->
[2007.07.10 00:21:56 | 000,897,024 | ---- | M | MD5 =
BF3D62E50A480B14E1C12B50159CC194] (Synaptics, Inc.)
"{32714800-2E5F-11d0-8B85-00AA0044F941}" [HKLM] -> C:\Programme\Outlook
Express\wabfind.dll [&Nach Personen...] -> [2008.04.14 04:22:32 |
000,032,768 | ---- | M | MD5 = 77CD31AAC4A19DC893E613893DB9AA91]
(Microsoft Corporation)
"{3B092F0C-7696-40E3-A80F-68D74DA84210}" [HKLM] ->
C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
[OpenOffice.org Thumbnail Viewer] -> [2008.08.28 15:56:30 | 000,357,888
| ---- | M | MD5 = 3F12BDFC669499DAE6B0FBA152C94390] (Sun Microsystems,
Inc.)
"{42042206-2D85-11D3-8CFF-005004838597}" [HKLM] ->
C:\Programme\Microsoft Office\Office12\MSOHEVI.DLL [Microsoft Office
HTML Icon Handler] -> [2006.10.26 20:12:30 | 000,061,240 | ---- | M |
MD5 = 63368D3E65AACE7D26F69D8B29384243] (Microsoft Corporation)
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" [HKLM] -> [CPL-Erweiterung für
Anzeigeverschiebung] -> File not found
"{45AC2688-0253-4ED8-97DE-B5370FA7D48A}" [HKLM] ->
C:\Programme\Avira\AntiVir Desktop\shlext.dll [Shell Extension for
Malware scanning] -> [2009.06.12 23:47:16 | 000,286,977 | ---- | M | MD5
= 318B0D2CF5470F724B217498553D36E6] (Avira GmbH)
"{5E44E225-A408-11CF-B581-008029601108}" [HKLM] ->
C:\Programme\Roxio\Drag-to-Disc\Shellex.dll [Roxio DragToDisc Shell
Extension] -> [2006.08.17 11:00:00 | 000,367,352 | ---- | M | MD5 =
3080FDE0A83B388B87DA94E10E6764BA] (Roxio)
"{63542C48-9552-494A-84F7-73AA6A7C99C1}" [HKLM] ->
C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
[OpenOffice.org Property Sheet Handler] -> [2008.08.28 15:56:30 |
000,357,888 | ---- | M | MD5 = 3F12BDFC669499DAE6B0FBA152C94390] (Sun
Microsystems, Inc.)
"{764BF0E1-F219-11ce-972D-00AA00A14F56}" [HKLM] -> Reg Error: Key error.
[Shellerweiterungen für die Dateikomprimierung] -> File not found
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}" [HKLM] -> Reg Error: Key error.
[Kontextmenü für die Verschlüsselung] -> File not found
"{88895560-9AA2-1069-930E-00AA0030EBC8}" [HKLM] ->
C:\WINDOWS\system32\hticons.dll [Erweiterung für HyperTerminal-Icons] ->
[2004.08.04 16:00:00 | 000,044,544 | ---- | M | MD5 =
A0273EDC903D503BE8747A1DB6928879] (Hilgraeve, Inc.)
"{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}" [HKLM] ->
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll
[Microsoft Office Metadata Handler] -> [2006.10.26 20:13:06 |
000,932,688 | ---- | M | MD5 = CA27D8E333F8958C88909268C66D8701]
(Microsoft Corporation)
"{A70C977A-BF00-412C-90B7-034C51DA2439}" [HKLM] ->
C:\WINDOWS\system32\nvcpl.dll [NvCpl DesktopContext Class] ->
[2007.06.06 17:34:42 | 008,429,568 | ---- | M | MD5 =
8267546EDB3952890577598B2DBE6011] (NVIDIA Corporation)
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" [HKLM] ->
C:\Programme\WinRAR\RarExt.dll [WinRAR shell extension] -> [2007.09.20
20:34:58 | 000,129,024 | ---- | M | MD5 =
023707D932BA31314210E6844D33D500] ()
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" [HKLM] ->
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web
Folders\MSONSEXT.DLL [Web Folders] -> [2006.10.26 19:49:46 | 000,970,528
| ---- | M | MD5 = 43CE38570294FFF605161343E6C334C2] (Microsoft Corporation)
"{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}" [HKLM] ->
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\msoshext.dll
[Microsoft Office Thumbnail Handler] -> [2006.10.26 20:13:06 |
000,932,688 | ---- | M | MD5 = CA27D8E333F8958C88909268C66D8701]
(Microsoft Corporation)
"{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" [HKLM] ->
C:\Programme\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
[OpenOffice.org Column Handler] -> [2008.08.28 15:56:30 | 000,357,888 |
---- | M | MD5 = 3F12BDFC669499DAE6B0FBA152C94390] (Sun Microsystems, Inc.)
"{D5906221-A717-479B-9B49-CD848F9CE816}" [HKLM] ->
C:\Programme\BitZipper\BZSHLEXT.DLL [BitZipper32] -> [2009.05.24
13:31:26 | 000,123,032 | ---- | M | MD5 =
45BC3EC7A3F68DE30B4EF761155A5BE9] (Bitberry Software)
"{D9872D13-7651-4471-9EEE-F0A00218BEBB}" [HKLM] -> C:\Programme\Zone
Labs\ZoneAlarm\zlavscan.dll [Multiscan] -> [2007.12.13 20:26:58 |
000,050,664 | ---- | M | MD5 = 63BCAFE0C48D4E859E318653ACA6B555] (Zone
Labs, LLC)
"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" [HKLM] ->
C:\WINDOWS\system32\nvcpl.dll [Play on my TV helper] -> [2007.06.06
17:34:42 | 008,429,568 | ---- | M | MD5 =
8267546EDB3952890577598B2DBE6011] (NVIDIA Corporation)
< Approved Shell Extensions
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved\ ->
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> C:\Programme\Gemeinsame
Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL [Webordner] ->
[2006.10.26 19:49:46 | 000,970,528 | ---- | M | MD5 =
43CE38570294FFF605161343E6C334C2] (Microsoft Corporation)
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
"ALG" -> ->
"BITS" -> ->
"CCALib8" -> ->
"CiSvc" -> ->
"COMSysApp" -> ->
"dmadmin" -> ->
"dmserver" -> ->
"Dot3svc" -> ->
"DSBrokerService" -> ->
"EapHost" -> ->
"ERSvc" -> ->
"Fax" -> ->
"helpsvc" -> ->
"hkmsvc" -> ->
"HTTPFilter" -> ->
"mnmsrvc" -> ->
"MSDTC" -> ->
"Netlogon" -> ->
"RasAuto" -> ->
"RDSessMgr" -> ->
"RemoteRegistry" -> ->
"seclogon" -> ->
"SENS" -> ->
"Spooler" -> ->
"SSDPSRV" -> ->
"stisvc" -> ->
"stllssvr" -> ->
"SwPrv" -> ->
"SysmonLog" -> ->
"TermService" -> ->
"VSS" -> ->
"WmdmPmSN" -> ->
"wuauserv" -> ->
< Disabled MSConfig Folder Items [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared
Tools\MSConfig\startupfolder\ ->
C:^Dokumente und Einstellungen^All
Users^Startmenü^Programme^Autostart^Digital Line Detect.lnk ->
C:\Programme\Digital Line Detect\DLG.exe -> [2006.11.03 20:02:14 |
000,050,688 | ---- | M | MD5 = F03FFC962E18F36A922E61F96BE09925]
(Avanquest Software )
C:^Dokumente und
Einstellungen^xxx^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk
-> C:\Programme\OpenOffice.org 3\program\quickstart.exe -> [2008.09.12
18:49:52 | 000,384,000 | ---- | M | MD5 =
B2901E0C109652046ED3C210C47DA318] ()
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
%PROVIDERID% hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
Adobe Reader Speed Launcher hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe -> [2008.01.11
23:16:38 | 000,039,792 | ---- | M | MD5 =
8B9145D229D4E89D15ACB820D4A3A90F] (Adobe Systems Incorporated)
Broadcom Wireless Manager UI hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
CloneCDTray hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> C:\Programme\SlySoft\CloneCD\CloneCDTray.exe -> [2006.09.28 21:21:04
| 000,057,344 | ---- | M | MD5 = D7779335B0EBC0A7B9C7D0E1105EA078]
(SlySoft, Inc.)
CTFMON.EXE hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
DELL Webcam Manager hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe -> [2007.07.27
18:43:34 | 000,118,784 | ---- | M | MD5 =
DAC9B43BBFA0359E252DDB0CB91DEA6D] (Creative Technology Ltd.)
ISUSPM Startup hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
-> [2006.10.03 13:35:42 | 000,221,184 | ---- | M | MD5 =
9ABF687071C649609BF7E177062A9008] (Macrovision Corporation)
KADxMain hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> File not found
MSMSGS hkey=HKCU key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\Programme\Messenger\msmsgs.exe -> [2008.04.14 04:22:54 | 001,695,232
| ---- | M | MD5 = E2AA953ED6A296B6BF399A783B32CCDE] (Microsoft Corporation)
NvCplDaemon hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
NVHotkey hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
-> File not found
NvMediaCenter hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> -> File not found
nwiz hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> ->
File not found
OEM02Mon.exe hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> C:\WINDOWS\OEM02Mon.exe -> [2007.08.28 16:54:58 | 000,036,864 | ----
| M | MD5 = 23242FD6C7D4C61807E84FD3A79248C4] (Creative Technology Ltd.)
PCMService hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> C:\Programme\Dell\MediaDirect\PCMService.exe -> [2007.04.16 18:10:26
| 000,184,320 | ---- | M | MD5 = 8289C20BECBEA1348F7FF4D08F4C4F19]
(CyberLink Corp.)
RoxioDragToDisc hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\Programme\Roxio\Drag-to-Disc\DrgToDsc.exe -> [2006.08.17 11:00:00 |
001,116,920 | ---- | M | MD5 = BD57A6AFA05DF87BCAE9BB11FB0C4DDE] (Roxio)
SearchSettings hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\Programme\pdfforge Toolbar\SearchSettings.exe -> File not found
SigmatelSysTrayApp hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\WINDOWS\stsystra.exe -> [2007.07.10 00:03:06 | 000,405,504 | ---- | M
| MD5 = 127E7DD016305FF87B9B59189672C497] (SigmaTel, Inc.)
SunJavaUpdateSched hkey=HKLM
key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\Programme\Java\jre1.6.0_07\bin\jusched.exe -> [2008.06.10 04:27:04 |
000,144,784 | ---- | M | MD5 = 6AB4C021FBD36DC6764924C312428D97] (Sun
Microsystems, Inc.)
SynTPEnh hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
C:\Programme\Synaptics\SynTP\SynTPEnh.exe -> [2007.07.10 00:21:56 |
000,851,968 | ---- | M | MD5 = 4E4B8F8E44F786FC4126D884E6AD892C]
(Synaptics, Inc.)
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 2 ->
"services" -> 2 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< Drivers32 [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax
[C:\WINDOWS\system32\iac25_32.ax] -> [2008.04.14 04:23:07 | 000,199,680
| ---- | M | MD5 = 793600E335B7D7936FCBE9EB38BA3E0B] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm
[C:\WINDOWS\system32\l3codeca.acm] -> [2010.01.29 16:43:35 | 000,307,260
| ---- | M | MD5 = BBD34DCBCEC28E415F634E03C0AB4DF4] (Fraunhofer
Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] ->
[2008.04.14 04:21:29 | 000,086,016 | ---- | M | MD5 =
07C878A1F49E5BD6677366664F68561D] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] ->
[2004.08.04 16:00:00 | 000,008,192 | ---- | M | MD5 =
E5BECBCCE3AC3E8D594FCBE9A0338DF5] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] ->
[2008.04.14 04:22:31 | 000,054,272 | ---- | M | MD5 =
5B8DD211BBEA1410CE4D7B57BD6BB872] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] ->
[2008.04.14 04:22:12 | 000,080,384 | ---- | M | MD5 =
032958A69BB93CB042FECAFC7498BBDE] (Radius Inc.)
"vidc.DIVX" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2009.11.14
02:47:28 | 000,696,320 | ---- | M | MD5 =
3E57706D1AD3E2FAFEBAA72EBE12939B] (DivX, Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] ->
[2004.08.04 16:00:00 | 000,199,168 | ---- | M | MD5 =
CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] ->
[2004.08.04 16:00:00 | 000,199,168 | ---- | M | MD5 =
CF159355DE2C8B4633172353CC22ED89] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] ->
[2008.04.14 04:23:07 | 000,848,384 | ---- | M | MD5 =
CADC53118EA7B95D1EA7EBB068871689] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] ->
[2008.04.14 04:22:12 | 000,755,200 | ---- | M | MD5 =
E92343AC6AA48A062FE970FA9E5CCF23] (Intel Corporation)
"vidc.VP60" -> C:\WINDOWS\system32\vp6vfw.dll
[C:\WINDOWS\system32\vp6vfw.dll] -> [2004.08.18 10:34:07 | 000,442,368 |
R--- | M | MD5 = 4D6F38D3CDA2D0BA502BC1C499A622CF] (On2.com)
"vidc.VP61" -> C:\WINDOWS\system32\vp6vfw.dll
[C:\WINDOWS\system32\vp6vfw.dll] -> [2004.08.18 10:34:07 | 000,442,368 |
R--- | M | MD5 = 4D6F38D3CDA2D0BA502BC1C499A622CF] (On2.com)
"vidc.yv12" -> C:\WINDOWS\System32\DivX.dll [DivX.dll] -> [2009.11.14
02:47:28 | 000,696,320 | ---- | M | MD5 =
3E57706D1AD3E2FAFEBAA72EBE12939B] (DivX, Inc.)
< File Associations - Select to Repair > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.html [@ = Reg Error: Value error.] -> Reg Error: Key error. -> File not
found
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Classes\<extension>\
->
.html [@ = FirefoxHTML] -> C:\Programme\Mozilla Firefox\firefox.exe ->
[2010.06.26 10:43:35 | 000,910,296 | ---- | M | MD5 =
8FC4306F0FFAA592BBA29F9273293D22] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found
*MultiFile Done* -> ->
< Protocol Filters [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ ->
text/xml:{807563E5-5146-11D5-A672-00B0D022E945} [HKLM] ->
C:\Programme\Gemeinsame Dateien\Microsoft
Shared\OFFICE12\MSOXMLMF.DLL[Microsoft Office InfoPath XML Mime Filter]
-> [2006.10.26 21:41:48 | 000,044,344 | ---- | M | MD5 =
1264F787E46DC572FA274CA09B446E01] (Microsoft Corporation)
< Protocol Handlers [HKEY_LOCAL_MACHINE] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ ->
ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] ->
C:\Programme\Gemeinsame Dateien\System\Ole
DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2006.10.26 19:49:48 | 001,011,488 |
---- | M | MD5 = EDA5ACA3FE63A4FAB4ADB3181A687A59] (Microsoft Corporation)
msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} [HKLM] ->
C:\Programme\Gemeinsame Dateien\System\Ole
DB\MSDAIPP.DLL[MSDAMON.BINDER] -> [2006.10.26 19:49:48 | 001,011,488 |
---- | M | MD5 = EDA5ACA3FE63A4FAB4ADB3181A687A59] (Microsoft Corporation)
msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} [HKLM] ->
C:\Programme\Gemeinsame Dateien\System\Ole
DB\MSDAIPP.DLL[MSDAIPP.BINDER] -> [2006.10.26 19:49:48 | 001,011,488 |
---- | M | MD5 = EDA5ACA3FE63A4FAB4ADB3181A687A59] (Microsoft Corporation)
ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} [HKLM] ->
C:\Programme\Gemeinsame Dateien\Microsoft
Shared\Help\hxds.dll[HxProtocol Class] -> [2006.10.26 13:45:02 |
000,873,216 | ---- | M | MD5 = 9E7370CC3D6A43942433F85D0E2BBDD8]
(Microsoft Corporation)
ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} [HKLM] ->
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information
Retrieval\msitss.dll[Microsoft Infotech Storage Protocol for IE 4.0] ->
[2006.06.02 00:48:04 | 000,221,184 | ---- | M | MD5 =
FBFEF8D1CCFE1B12C0303F0C4B67EB97] (Microsoft Corporation)
skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} [HKLM] ->
C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll[IEProtocolHandler
Class] -> [2009.09.02 15:27:36 | 001,959,208 | R--- | M | MD5 =
1E79B48BC50B99FDC0066860BCEFBC23] (Skype Technologies)
< Security Center Settings > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
\\"FirstRunDisabled" -> [1] -> File not found
\\"AntiVirusDisableNotify" -> [0] -> File not found
\\"FirewallDisableNotify" -> [0] -> File not found
\\"UpdatesDisableNotify" -> [0] -> File not found
\\"AntiVirusOverride" -> [0] -> File not found
\\"FirewallOverride" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\AhnlabAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ComputerAssociatesAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\KasperskyAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SophosAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TinyFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendAntiVirus\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ZoneLabsFirewall\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ZoneLabsFirewall
\Monitoring\ZoneLabsFirewall\\"DisableMonitoring" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
\\"EnableFirewall" -> [0] -> File not found
\\"DoNotAllowExceptions" -> [0] -> File not found
\\"DisableNotifications" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\
-> ->
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\
-> ->
< Uninstall List [HKEY_LOCAL_MACHINE\] > ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} -> PDFCreator
{01521746-02A6-4A72-00BD-A285DF6B80C6} -> Die Sims 2: Wilde Campus-Jahre
{01B93B3A-283F-411B-A648-69CABCACC986} -> Canon MF-Treiber
{0394CDC8-FABD-4ed8-B104-03393876DFDF} -> Roxio Creator Tools
{04B45310-A5FE-4425-BFCA-1A6D8920DE74} -> OpenOffice.org 3.0
{0D397393-9B50-4c52-84D5-77E344289F87} -> Roxio Creator Data
{0FDD9B5C-1133-48E2-9B9A-2E5A303D3F5B} -> Origin81
{11801011-D30E-4120-9A89-9A873B1D72DF} -> Canon MF5700-Serie
{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E} -> Canon MF-Toolbox 4.7.0.0.mf04
{18D10072035C4515918F7E37EAFAACFC} -> AutoUpdate
{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995} -> Live! Cam Avatar
{1E04F83B-2AB9-4301-9EF7-E86307F79C72} -> Google Earth
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} -> Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.4148
{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668} -> Roxio Drag-to-Disc
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Roxio Update Manager
{3248F0A8-6813-11D6-A77B-00B0D0150060} -> J2SE Runtime Environment 5.0
Update 6
{3248F0A8-6813-11D6-A77B-00B0D0160030} -> Java(TM) 6 Update 3
{3248F0A8-6813-11D6-A77B-00B0D0160070} -> Java(TM) 6 Update 7
{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227} -> WebFldrs XP
{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0} -> Sonic Activation Module
{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6} -> Das große Tafelwerk interaktiv
{3F92ABBB-6BBF-11D5-B229-002078017FBF} -> NetWaiting
{3FC7CBBC4C1E11DCA1A752EA55D89593} -> DivX Version Checker
{4817189D-1785-4627-A33C-39FD90919300} -> Die Sims™ 2 Haustiere
{4C781ED5-4C2A-4495-875B-85CC9266F1F0} -> ANNO 1602
{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3} -> Microsoft Works
{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748} -> Skype web features
{5EE7D259-D137-4438-9A5F-42F432EC0421} -> VC80CRTRedist - 8.0.50727.4053
{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048} -> Roxio Creator Copy
{65D0C510-D7B6-4438-9FC8-E6B91115AB0D} -> Live! Cam Avatar Creator
{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -> Roxio Express Labeler
{6E7DD182-9FC6-4651-0095-2E666CC6AF35} -> Die Sims 2
{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -> ICQ7.2
{74F7662C-B1DB-489E-A8AC-07A06B24978B} -> Dell System Restore
{7B3577F5-1D82-4C9B-008B-69D026FD8BCA} -> Die Sims 2: Open For Business
{7B63B2922B174135AFC0E1377DD81EC2} -> DivX Codec
{83FFCFC7-88C6-41c6-8752-958A45325C82} -> Roxio Creator Audio
{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC} -> Roxio Creator BDAV Plugin
{90120000-0010-0407-0000-0000000FF1CE} -> Microsoft Software Update for
Web Folders (German) 12
{90120000-0015-0407-0000-0000000FF1CE} -> Microsoft Office Access MUI
(German) 2007
{90120000-0016-0407-0000-0000000FF1CE} -> Microsoft Office Excel MUI
(German) 2007
{90120000-0018-0407-0000-0000000FF1CE} -> Microsoft Office PowerPoint
MUI (German) 2007
{90120000-0019-0407-0000-0000000FF1CE} -> Microsoft Office Publisher MUI
(German) 2007
{90120000-001A-0407-0000-0000000FF1CE} -> Microsoft Office Outlook MUI
(German) 2007
{90120000-001B-0407-0000-0000000FF1CE} -> Microsoft Office Word MUI
(German) 2007
{90120000-001F-0407-0000-0000000FF1CE} -> Microsoft Office Proof
(German) 2007
{90120000-001F-0409-0000-0000000FF1CE} -> Microsoft Office Proof
(English) 2007
{90120000-001F-040C-0000-0000000FF1CE} -> Microsoft Office Proof
(French) 2007
{90120000-001F-0410-0000-0000000FF1CE} -> Microsoft Office Proof
(Italian) 2007
{90120000-002C-0407-0000-0000000FF1CE} -> Microsoft Office Proofing
(German) 2007
{90120000-0030-0000-0000-0000000FF1CE} -> Microsoft Office Enterprise 2007
{90120000-0044-0407-0000-0000000FF1CE} -> Microsoft Office InfoPath MUI
(German) 2007
{90120000-006E-0407-0000-0000000FF1CE} -> Microsoft Office Shared MUI
(German) 2007
{90120000-00A1-0407-0000-0000000FF1CE} -> Microsoft Office OneNote MUI
(German) 2007
{90120000-00B2-0407-0000-0000000FF1CE} -> Microsoft – Speichern als PDF
oder XPS – Add-In für 2007 Microsoft Office-Programme
{90120000-00BA-0407-0000-0000000FF1CE} -> Microsoft Office Groove MUI
(German) 2007
{9A25302D-30C0-39D9-BD6F-21E6EC160475} -> Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.17
{9BDEF074-020E-458D-ADC5-8FF68E0C9B56} -> OutlookAddinSetup
{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745} -> MediaDirect
{9CDBC303-3EED-40b0-8E41-A7C65AA96C26} -> Die Sims™ 2: Glamour-Accessoires
{A3CA5549-E07C-4CF3-99FB-C42C50DFC5CD} -> ANNO 1602 NINA
{A912021A-FEDD-4DA3-8DB4-245EBDA84778} -> OriginPro 8G
{A96E97134CA649888820BCDE5E300BBD} -> H.264 Decoder
{AAC389499AEF40428987B3D30CFC76C9} -> MKV Splitter
{AC76BA86-7AD7-1031-7B44-A81200000003} -> Adobe Reader 8.1.2 - Deutsch
{AEF9DC35ADDF4825B049ACBFD1C6EB37} -> AAC Decoder
{B6EC7388-E277-4A5B-8C8F-71067A41BA64} -> TextPad 5
{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B} -> pdfforge Toolbar v1.0
{C014E2EB-1FEA-48F8-AE36-912D8FA659DB} -> OriginPro 8.1G
{C5074CC4-0E26-4716-A307-960272A90040} -> QuickSet
{C8B0680B-CDAE-4809-9F91-387B6DE00F7C} -> Roxio Creator DE
{C99C0593-3B48-41D9-B42F-6E035B320449} -> Broadcom Management Programs
{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} -> Microsoft .NET Framework 1.1
{D103C4BA-F905-437A-8049-DB24763BBE36} -> Skype™ 4.1
{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370} -> IntelliSonic Speech Enhancement
{D639085F-4B6E-4105-9F37-A0DBB023E2FB} -> Roxio MyDVD DE
{E55E016B-8254-4A3F-ACEB-FE9988CD880F} -> Origin8
{E646DCF0-5A68-11D5-B229-002078017FBF} -> Digital Line Detect
{E78BFA60-5393-4C38-82AB-E8019E464EB4} -> Microsoft .NET Framework 1.1
German Language Pack
{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579} -> Cisco Systems VPN Client
5.0.05.0290
{F63A3748-B93D-4360-9AD4-B064481A5C7B} -> Modem-Diagnose-Tool
{F7529650-B9DB-481B-0089-A2AC3C2821C1} -> Die Sims 2: Nightlife
Adobe Flash Player ActiveX -> Adobe Flash Player ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
Advanced Audio FX Engine -> Advanced Audio FX Engine
Advanced Video FX Engine -> Advanced Video FX Engine
Advent 1.6.0.2 -> Advent 1.6.0.2
Avira AntiVir Desktop -> Avira AntiVir Personal - Free Antivirus
BitZipper_is1 -> BitZipper 2009
BKChem_is1 -> BKChem-0.13.0
Bridge Builder -> Bridge Builder
Broadcom 802.11b Network Adapter -> Dell Wireless WLAN Card
CAL -> Canon Camera Access Library
CameraWindowDVC5 -> Canon Camera Window DC_DV 5 for ZoomBrowser EX
CameraWindowDVC6 -> Canon Camera Window DC_DV 6 for ZoomBrowser EX
CameraWindowMC -> Canon Camera Window MC 6 for ZoomBrowser EX
Canon G.726 WMP-Decoder -> Canon G.726 WMP-Decoder
CANON iMAGE GATEWAY Task -> CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX -> Canon Internet Library for
ZoomBrowser EX
CCleaner -> CCleaner
CDex -> CDex extraction audio
CloneCD -> CloneCD
Creative OEM002 -> Laptop Integrated Webcam Driver (1.03.02.0719)
CSCLIB -> Canon Camera Support Core Library
DAEMON Tools Toolbar -> DAEMON Tools Toolbar
Dell Webcam Center -> Dell Webcam Center
Dell Webcam Manager -> Dell Webcam Manager
Diablo II -> Diablo II
DivX Plus DirectShow Filters -> DivX Plus DirectShow Filters
ENTERPRISE -> Microsoft Office Enterprise 2007
EOS Utility -> Canon Utilities EOS Utility
EPSON Printer and Utilities -> EPSON-Drucker-Software
Equestriad 2001 -> Equestriad 2001
Free Download Manager_is1 -> Free Download Manager 3.0
FreeDoko -> FreeDoko 0.7.5
ICQToolbar -> ICQ Toolbar
IDNMitigationAPIs -> Microsoft Internationalized Domain Names Mitigation
APIs
ie7 -> Windows Internet Explorer 7
ie8 -> Windows Internet Explorer 8
Install WinBrick2000 v3.17.0 Shareware -> WinBrick2000
Malwarebytes' Anti-Malware_is1 -> Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1 (1033) -> Microsoft .NET Framework 1.1
MovieEditTask -> Canon MovieEdit Task for ZoomBrowser EX
Mozilla Firefox (3.6.6) -> Mozilla Firefox (3.6.6)
Mozilla Thunderbird (3.1) -> Mozilla Thunderbird (3.1)
NLSDownlevelMapping -> Microsoft National Language Support Downlevel APIs
NVIDIA Drivers -> NVIDIA Drivers
Orbital Viewer -> Orbital Viewer
PhotoStitch -> Canon Utilities PhotoStitch
R for Windows 2.9.2_is1 -> R for Windows 2.9.2
RAW Image Task -> Canon RAW Image Task for ZoomBrowser EX
RemoteCaptureTask -> Canon RemoteCapture Task for ZoomBrowser EX
Rommé 1 -> Rommé 1
ST5UNST #1 -> Mühle von JMMG Communications
ST6UNST #1 -> Der Restaurant-Manager 1.5 Vollversion.de Edition
SynTPDeinstKey -> Dell Touchpad
VLC media player -> VLC media player 1.0.5
Windows Media Format Runtime -> Windows Media Format Runtime
Windows XP Service Pack -> Windows XP Service Pack 3
WinGimp-2.0_is1 -> Gimp 2.6.0
WinRAR archiver -> WinRAR
ZoneAlarm -> ZoneAlarm
ZoomBrowser EX -> Canon Utilities ZoomBrowser EX
< Uninstall List
[HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\] > ->
HKEY_USERS\S-1-5-21-1269871099-218545957-1124453212-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
->
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 28.06.2010 09:02:45 Computer Name = LAPTOPJENNI |
Source = Application Error | ID = 1000 -> Description = Fehlgeschlagene
Anwendung gimp-2.6.exe, Version 0.0.0.0, fehlgeschlagenes Modul
gimp-2.6.exe, Version 0.0.0.0, Fehleradresse 0x000252ce.
Application [ Error ] 11.07.2010 05:21:43 Computer Name = LAPTOPJENNI |
Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der
Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei
bei
<hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat
befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen
Systemzeit oder dem Zeitstempel in der signierten Datei. .
Application [ Error ] 11.07.2010 05:21:43 Computer Name = LAPTOPJENNI |
Source = crypt32 | ID = 131083 -> Description = Die Extrahierung der
Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei
bei
<hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat
befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen
Systemzeit oder dem Zeitstempel in der signierten Datei. .
Application [ Error ] 11.07.2010 17:18:06 Computer Name = LAPTOPJENNI |
Source = ESENT | ID = 490 -> Description = svchost (1176) Versuch, Datei
"C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32
(0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie
von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032
(0xfffffbf8) beim Öffnen von Dateien.
Application [ Error ] 13.07.2010 08:23:44 Computer Name = LAPTOPJENNI |
Source = ESENT | ID = 490 -> Description = svchost (1196) Versuch, Datei
"C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32
(0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie
von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032
(0xfffffbf8) beim Öffnen von Dateien.
Application [ Error ] 13.07.2010 16:07:55 Computer Name = LAPTOPJENNI |
Source = Application Error | ID = 1000 -> Description = Fehlgeschlagene
Anwendung acrord32.exe, Version 8.1.0.137, fehlgeschlagenes Modul
3difr.x3d, Version 8.1.0.0, Fehleradresse 0x0001d3ee.
System [ Error ] 15.07.2010 02:15:51 Computer Name = LAPTOPJENNI |
Source = Service Control Manager | ID = 7001 -> Description = Der Dienst
"TrueVector Internet Monitor" ist vom Dienst "vsdatant" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%31
System [ Error ] 15.07.2010 02:15:51 Computer Name = LAPTOPJENNI |
Source = Service Control Manager | ID = 7001 -> Description = Der Dienst
"IPSEC-Dienste" ist vom Dienst "IPSEC-Treiber" abhängig, der aufgrund
folgenden Fehlers nicht gestartet wurde: %%31
System [ Error ] 15.07.2010 02:15:51 Computer Name = LAPTOPJENNI |
Source = Service Control Manager | ID = 7026 -> Description = Das Laden
folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: AFD APPDRV
avgio avipbb ElbyCDIO Fips intelppm IPSec kl1 KLIF MRxSmb NetBIOS NetBT
RasAcd Rdbss ssmdrv Tcpip vsdatant
System [ Error ] 15.07.2010 02:15:54 Computer Name = LAPTOPJENNI |
Source = DCOM | ID = 10005 -> Description = Bei DCOM ist der Fehler
"%1084" aufgetreten, als der Dienst "netman" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
System [ Error ] 15.07.2010 02:16:16 Computer Name = LAPTOPJENNI |
Source = DCOM | ID = 10005 -> Description = Bei DCOM ist der Fehler
"%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 15.07.2010 02:17:05 Computer Name = LAPTOPJENNI |
Source = DCOM | ID = 10005 -> Description = Bei DCOM ist der Fehler
"%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 15.07.2010 02:47:30 Computer Name = LAPTOPJENNI |
Source = DCOM | ID = 10005 -> Description = Bei DCOM ist der Fehler
"%1084" aufgetreten, als der Dienst "EventSystem" mit den Argumenten ""
gestartet wurde, um den folgenden Server zu verwenden:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
System [ Error ] 15.07.2010 12:09:30 Computer Name = LAPTOPJENNI |
Source = Ftdisk | ID = 262189 -> Description = Das System konnte den
Treiber für das Speicherabbild nicht laden.
System [ Error ] 15.07.2010 12:09:30 Computer Name = LAPTOPJENNI |
Source = Ftdisk | ID = 262193 -> Description = Die Konfiguration der
Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen Sie
sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist
und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
System [ Error ] 15.07.2010 12:09:42 Computer Name = LAPTOPJENNI |
Source = Service Control Manager | ID = 7026 -> Description = Das Laden
folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: kl1

[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\OTS.exe ->
[2010.07.15 18:23:04 | 000,640,512 | ---- | C | MD5 =
13AEC6A0F3E63C3A4BAEB03A98B811EF] (OldTimer Tools)
IECompatCache -> C:\Dokumente und Einstellungen\xxx\IECompatCache ->
[2010.07.15 00:00:11 | 000,000,000 | -HSD | C]
Mozilla Firefox -> C:\Programme\Mozilla Firefox -> [2010.07.14 14:15:03
| 000,000,000 | ---D | C]
Recent -> C:\Dokumente und Einstellungen\xxx\Recent -> [2010.07.13
23:30:34 | 000,000,000 | RH-D | C]
Macromedia -> C:\Dokumente und
Einstellungen\NetworkService\Anwendungsdaten\Macromedia -> [2010.07.13
22:20:27 | 000,000,000 | ---D | C]
Adobe -> C:\Dokumente und
Einstellungen\NetworkService\Anwendungsdaten\Adobe -> [2010.07.13
22:20:26 | 000,000,000 | ---D | C]
PrivacIE -> C:\Dokumente und Einstellungen\xxx\PrivacIE -> [2010.07.13
22:17:12 | 000,000,000 | -HSD | C]
jhbtfvbrp -> C:\Dokumente und Einstellungen\xxx\Lokale
Einstellungen\Anwendungsdaten\jhbtfvbrp -> [2010.07.13 22:07:58 |
000,000,000 | ---D | C]
EPSON -> C:\Programme\EPSON -> [2010.07.13 14:42:07 | 000,000,000 | ---D
| C]
E_DCINST.DLL -> C:\WINDOWS\System32\E_DCINST.DLL -> [2010.07.13 14:42:00
| 000,049,152 | ---- | C | MD5 = 1129871724A26B1DD6678DE88B7FE941]
(SEIKO EPSON CORP.)
E_FLMAEE.DLL -> C:\WINDOWS\System32\E_FLMAEE.DLL -> [2010.07.13 14:41:57
| 000,079,679 | ---- | C | MD5 = 7AEC176A5DE912D440E3B37120E2E38F]
(SEIKO EPSON CORPORATION)
E_FBCBAEE.DLL -> C:\WINDOWS\System32\E_FBCBAEE.DLL -> [2010.07.13
14:41:57 | 000,064,000 | ---- | C | MD5 =
287D9CFC80A94E62437E7CAC7EB32979] (SEIKO EPSON CORPORATION)
E_FBCHAEE.DLL -> C:\WINDOWS\System32\E_FBCHAEE.DLL -> [2010.07.13
14:41:57 | 000,034,304 | ---- | C | MD5 =
3670675EEA8136995287DFB1B7650A5D] (SEIKO EPSON CORPORATION)
DRVSTORE -> C:\WINDOWS\System32\DRVSTORE -> [2010.07.13 14:41:29 |
000,000,000 | ---D | C]
EPSON -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
-> [2010.07.13 14:41:01 | 000,000,000 | ---D | C]
BitZipper -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\BitZipper -> [2010.07.13 14:34:31 |
000,000,000 | ---D | C]
BitZipper -> C:\Programme\BitZipper -> [2010.07.13 14:34:24 |
000,000,000 | ---D | C]
IETldCache -> C:\Dokumente und Einstellungen\xxx\IETldCache ->
[2010.07.13 13:19:37 | 000,000,000 | -HSD | C]
ie8 -> C:\WINDOWS\ie8 -> [2010.07.13 13:11:29 | 000,000,000 | -H-D | C]
MSXML 4.0 -> C:\Programme\MSXML 4.0 -> [2010.07.12 21:08:06 |
000,000,000 | ---D | C]
aclayers.dll -> C:\WINDOWS\System32\dllcache\aclayers.dll -> [2010.07.12
16:45:56 | 000,471,552 | ---- | C | MD5 =
3820842AC55DCE6B4F8AA1355A6C6255] (Microsoft Corporation)
fontsub.dll -> C:\WINDOWS\System32\dllcache\fontsub.dll -> [2010.07.12
16:45:14 | 000,081,920 | ---- | C | MD5 =
0E5928210CAF6EC213F77A75694F1743] (Microsoft Corporation)
t2embed.dll -> C:\WINDOWS\System32\dllcache\t2embed.dll -> [2010.07.12
16:45:13 | 000,119,808 | ---- | C | MD5 =
316587BBA95A33B771F128308E668F27] (Microsoft Corporation)
moviemk.exe -> C:\WINDOWS\System32\dllcache\moviemk.exe -> [2010.07.12
16:44:50 | 003,558,912 | ---- | C | MD5 =
E002A7E05185BD7FC7646CD229311B22] (Microsoft Corporation)
browserchoice.exe -> C:\WINDOWS\System32\browserchoice.exe ->
[2010.07.12 16:43:19 | 000,293,376 | ---- | C | MD5 =
DA1919D896DBD5895E138932AE9E398B] (Microsoft Corporation)
ESET -> C:\Programme\ESET -> [2010.07.12 16:41:36 | 000,000,000 | ---D | C]
_OTL -> C:\_OTL -> [2010.07.11 23:04:23 | 000,000,000 | ---D | C]
Malwarebytes -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Malwarebytes -> [2010.07.11 21:39:10 |
000,000,000 | ---D | C]
CCleaner -> C:\Programme\CCleaner -> [2010.07.11 20:26:19 | 000,000,000
| ---D | C]
CSC -> C:\WINDOWS\CSC -> [2010.07.11 20:24:38 | 000,000,000 | ---D | C]
OTL.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe ->
[2010.07.11 19:23:42 | 000,574,976 | ---- | C | MD5 =
C211F9A393E84EF65AA595261A382489] (OldTimer Tools)
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys ->
[2010.07.11 19:23:37 | 000,038,224 | ---- | C | MD5 =
7364D8A830F91C487F430A57FDBD2BBB] (Malwarebytes Corporation)
Malwarebytes -> C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\Malwarebytes -> [2010.07.11 19:23:31 | 000,000,000
| ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010.07.11 19:23:30
| 000,020,952 | ---- | C | MD5 = A02C631493AB553A1112A6B699FE61B3]
(Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Programme\Malwarebytes' Anti-Malware ->
[2010.07.11 19:23:28 | 000,000,000 | ---D | C]
AOL -> C:\Dokumente und Einstellungen\xxx\Lokale
Einstellungen\Anwendungsdaten\AOL -> [2010.07.05 14:43:35 | 000,000,000
| ---D | C]
ICQ7.2 -> C:\Programme\ICQ7.2 -> [2010.07.05 14:41:53 | 000,000,000 |
---D | C]
.jenny -> C:\Dokumente und Einstellungen\xxx\.xxy -> [2010.06.28
16:39:38 | 000,000,000 | ---D | C]
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files/Folders - Modified Within 30 Days]
fidbox.dat -> C:\WINDOWS\System32\drivers\fidbox.dat -> [2010.07.15
18:27:04 | 074,776,608 | -HS- | M | Unable to obtain MD5] ()
OTS.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\OTS.exe ->
[2010.07.15 18:23:04 | 000,640,512 | ---- | M | MD5 =
13AEC6A0F3E63C3A4BAEB03A98B811EF] (OldTimer Tools)
VPN Client.lnk -> C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\VPN Client.lnk -> [2010.07.15
18:15:47 | 000,002,423 | ---- | M | MD5 =
B4849AF00C0A9FF0BC18A1F2A96E6735] ()
nvModes.001 -> C:\WINDOWS\System32\nvModes.001 -> [2010.07.15 18:15:46 |
000,222,883 | ---- | M | MD5 = 8A7F0500C8A4FEC04D5713903D0E61B6] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010.07.15 18:15:32 |
000,002,206 | ---- | M | MD5 = 25EB87A7CF6BF78E299B54FB5390176E] ()
PerfStringBackup.INI -> C:\WINDOWS\System32\PerfStringBackup.INI ->
[2010.07.15 18:13:45 | 000,884,200 | ---- | M | MD5 =
9E8457DF7CE107223F268CEA150FD851] ()
perfh007.dat -> C:\WINDOWS\System32\perfh007.dat -> [2010.07.15 18:13:45
| 000,386,302 | ---- | M | MD5 = F63BF1C1E551A2DC9E98EC3C411CAFFE] ()
perfh009.dat -> C:\WINDOWS\System32\perfh009.dat -> [2010.07.15 18:13:45
| 000,375,740 | ---- | M | MD5 = C1E065F01843D11110426D1C9839CC21] ()
perfc007.dat -> C:\WINDOWS\System32\perfc007.dat -> [2010.07.15 18:13:45
| 000,062,364 | ---- | M | MD5 = CB2A8F757D4B9C9714147DCC230A1B8D] ()
perfc009.dat -> C:\WINDOWS\System32\perfc009.dat -> [2010.07.15 18:13:45
| 000,051,538 | ---- | M | MD5 = B1F7A043B077AEEC430D30088D173963] ()
vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010.07.15 18:09:21
| 000,358,829 | ---- | M | Unable to obtain MD5] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010.07.15 18:09:21 | 000,000,006
| -H-- | M | MD5 = F1A6CD5ADAAB953A6764EA364E17BFB8] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010.07.15 18:09:13 |
000,002,048 | --S- | M | MD5 = 6A2CB42966136854F4464516FBB4AE72] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010.07.15 18:09:01 | 1071,239,168 |
-HS- | M | Unable to obtain MD5] ()
NTUSER.DAT -> C:\Dokumente und Einstellungen\xxx\NTUSER.DAT ->
[2010.07.15 08:47:31 | 007,340,032 | -H-- | M | Unable to obtain MD5] ()
ntuser.ini -> C:\Dokumente und Einstellungen\xxx\ntuser.ini ->
[2010.07.15 08:47:31 | 000,000,190 | -HS- | M | MD5 =
3437668D99DBC2C3B952F11649E2AD49] ()
fidbox.idx -> C:\WINDOWS\System32\drivers\fidbox.idx -> [2010.07.15
08:13:19 | 000,878,192 | -HS- | M | Unable to obtain MD5] ()
EPISMG00.SWB -> C:\WINDOWS\EPISMG00.SWB -> [2010.07.13 22:41:57 |
000,012,862 | ---- | M | MD5 = 48928C58587872859DC7340562A0068D] ()
FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010.07.13 07:26:56
| 000,290,888 | ---- | M | MD5 = FE4D6AE32582DEAF19B3ED26849A269A] ()
.recently-used.xbel -> C:\Dokumente und
Einstellungen\xxx\.recently-used.xbel -> [2010.07.12 20:05:37 |
000,010,656 | ---- | M | MD5 = AC1C9348BB6D3B5A160BD6AA0802E58D] ()
WVCheck.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\WVCheck.exe ->
[2010.07.12 15:16:01 | 003,513,237 | ---- | M | MD5 =
7B982D1D4D8C261AFEA098D57A06E976] ()
Hosts -> C:\WINDOWS\System32\drivers\etc\Hosts -> [2010.07.11 23:04:28 |
000,000,098 | ---- | M | MD5 = F9C056369E96130CEAD3623A430D925F] ()
Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All
Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.07.11 20:13:26 |
000,000,676 | ---- | M | MD5 = 43A8CB8BF2CBB2104EA14809651025D9] ()
OTL.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe ->
[2010.07.11 19:23:49 | 000,574,976 | ---- | M | MD5 =
C211F9A393E84EF65AA595261A382489] (OldTimer Tools)
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Dokumente und
Einstellungen\xxx\Lokale
Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
-> [2010.06.28 11:56:06 | 000,144,384 | ---- | M | MD5 =
1B03A753AA3F77BB8CB3A96BCF12765C] ()
Blumengießplan.pdf -> C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.pdf -> [2010.06.20 21:42:44 |
000,178,791 | ---- | M | MD5 = 6A206AD920F7E9335F20621A7A10AE2B] ()
Blumengießplan.docx -> C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.docx -> [2010.06.20 21:42:38 |
000,012,132 | ---- | M | MD5 = D86173535271E25B4CAEC121851FEA22] ()
1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->

[Files - No Company Name]
hiberfil.sys -> C:\hiberfil.sys -> [2010.07.15 18:09:01 | 1071,239,168 |
-HS- | C | Unable to obtain MD5] ()
EPISMG00.SWB -> C:\WINDOWS\EPISMG00.SWB -> [2010.07.13 22:41:57 |
000,012,862 | ---- | C | MD5 = 48928C58587872859DC7340562A0068D] ()
.recently-used.xbel -> C:\Dokumente und
Einstellungen\xxx\.recently-used.xbel -> [2010.07.12 20:05:37 |
000,010,656 | ---- | C | MD5 = AC1C9348BB6D3B5A160BD6AA0802E58D] ()
sysmain.sdb -> C:\WINDOWS\System32\dllcache\sysmain.sdb -> [2010.07.12
16:39:58 | 001,206,508 | ---- | C | MD5 =
DB46D0795811616B5EB2C5F352236486] ()
WVCheck.exe -> C:\Dokumente und Einstellungen\xxx\Desktop\WVCheck.exe ->
[2010.07.12 15:15:21 | 003,513,237 | ---- | C | MD5 =
7B982D1D4D8C261AFEA098D57A06E976] ()
Malwarebytes' Anti-Malware.lnk -> C:\Dokumente und Einstellungen\All
Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010.07.11 19:23:42 |
000,000,676 | ---- | C | MD5 = 43A8CB8BF2CBB2104EA14809651025D9] ()
Blumengießplan.pdf -> C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.pdf -> [2010.06.20 21:42:43 |
000,178,791 | ---- | C | MD5 = 6A206AD920F7E9335F20621A7A10AE2B] ()
Blumengießplan.docx -> C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.docx -> [2010.06.20 21:42:37 |
000,012,132 | ---- | C | MD5 = D86173535271E25B4CAEC121851FEA22] ()
LTDLGFILE14N.INI -> C:\WINDOWS\LTDLGFILE14N.INI -> [2010.06.06 00:32:54
| 000,000,059 | ---- | C | MD5 = A254BBDB96D6C21D56470F06D5D90A8E] ()
pdfcmnnt.dll -> C:\WINDOWS\System32\pdfcmnnt.dll -> [2010.04.11 19:52:46
| 000,116,224 | ---- | C | MD5 = 1574DD9D409F2DC45CF82C22B99164A4] ()
sptd.sys -> C:\WINDOWS\System32\drivers\sptd.sys -> [2009.09.12 16:43:41
| 000,721,904 | ---- | C | Unable to obtain MD5] ()
diqp2981.sys -> C:\WINDOWS\System32\diqp2981.sys -> [2009.05.26 22:39:19
| 000,000,045 | ---- | C | MD5 = C1E72EF977D05FAE21AAD1EB0C1108C9] ()
vswin.ini -> C:\WINDOWS\vswin.ini -> [2009.05.26 22:39:19 | 000,000,000
| ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
u2s8i.ini -> C:\WINDOWS\u2s8i.ini -> [2009.05.26 22:39:18 | 000,000,028
| ---- | C | MD5 = 01D7535D902E40FFFB70A6AB30666736] ()
CNCMFP12.INI -> C:\WINDOWS\System32\CNCMFP12.INI -> [2009.05.09 20:02:01
| 000,000,367 | ---- | C | MD5 = E1C3925D2621BE6C737FDFAA180F1468] ()
mamba.ini -> C:\WINDOWS\mamba.ini -> [2009.03.24 22:31:36 | 000,000,596
| ---- | C | MD5 = A5F98D341DD12E72B4B47419F2EB2714] ()
dokop301.ini -> C:\WINDOWS\dokop301.ini -> [2009.03.03 21:16:17 |
000,000,976 | ---- | C | MD5 = 02BEA76A5D9F4C5067D3D7A13AA15B5F] ()
SBINET.INI -> C:\WINDOWS\SBINET.INI -> [2009.03.03 21:16:17 |
000,000,024 | ---- | C | MD5 = FC8A5861A3D528340A4CE63756BF5C06] ()
mupkernps11.dll -> C:\WINDOWS\System32\mupkernps11.dll -> [2009.01.13
21:59:19 | 000,057,344 | ---- | C | MD5 =
C1701FCA31AD91C0F868268A5D712B0D] ()
vpnapi.dll -> C:\WINDOWS\System32\vpnapi.dll -> [2009.01.13 11:29:00 |
000,197,408 | ---- | C | MD5 = 0EA75188212358DC46C3BEFAA861F48E] ()
CSGina.dll -> C:\WINDOWS\System32\CSGina.dll -> [2009.01.13 11:28:44 |
000,193,312 | ---- | C | MD5 = 74818C1AEC5562430B1D2873498C401D] ()
SIntfNT.dll -> C:\WINDOWS\System32\SIntfNT.dll -> [2008.06.26 17:03:50 |
000,021,840 | ---- | C | MD5 = 222810667D9FC2FAB1BEF82A8E510A1B] ()
SIntf32.dll -> C:\WINDOWS\System32\SIntf32.dll -> [2008.06.26 17:03:50 |
000,017,212 | ---- | C | MD5 = 9A7A95E48E629A075C6D883D0EE524C8] ()
SIntf16.dll -> C:\WINDOWS\System32\SIntf16.dll -> [2008.06.26 17:03:50 |
000,012,067 | ---- | C | MD5 = C72263A0B16B36E0B4BD2FD442FFFD54] ()
imsinstall_loc0407.dll -> C:\WINDOWS\System32\imsinstall_loc0407.dll ->
[2007.12.29 21:42:41 | 000,021,904 | ---- | C | MD5 =
038AD1101DB9FF257F444B1F876637C3] ()
imslsp_install_loc0407.dll ->
C:\WINDOWS\System32\imslsp_install_loc0407.dll -> [2007.12.29 21:42:41 |
000,017,808 | ---- | C | MD5 = 698D7F648E87FCADD8F1BD3229880508] ()
libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll ->
[2007.12.29 21:42:09 | 000,796,048 | ---- | C | MD5 =
237DA013653DE8CEC807B47EA9FFC34C] ()
WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2007.12.25 17:43:57 |
000,000,754 | ---- | C | MD5 = 1A18B1069E20042FADDD3FDF03699A54] ()
atksgt.sys -> C:\WINDOWS\System32\drivers\atksgt.sys -> [2007.12.08
13:15:40 | 000,281,760 | ---- | C | MD5 =
F0D933B42CD0594048E4D5200AE9E417] ()
lirsgt.sys -> C:\WINDOWS\System32\drivers\lirsgt.sys -> [2007.12.08
13:15:40 | 000,025,888 | ---- | C | MD5 =
F8A7212D0864EF5E9185FB95E6623F4D] ()
Romme.INI -> C:\WINDOWS\Romme.INI -> [2007.12.08 13:12:41 | 000,000,307
| ---- | C | MD5 = 6579C48186856375911C9A8B11C58642] ()
TETRIS.INI -> C:\WINDOWS\TETRIS.INI -> [2007.12.02 12:50:51 |
000,000,038 | ---- | C | MD5 = 38836595D0BB1B6A4831546A3A1B81F9] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2007.11.18 15:41:25 |
000,000,061 | ---- | C | MD5 = C0759373CABA4620D082671DC8B0B919] ()
_psisdecd.dll -> C:\WINDOWS\System32\_psisdecd.dll -> [2007.11.18
15:36:23 | 000,198,144 | ---- | C | MD5 =
DCCF363DADFCF9BC838C7F81702A51B7] ()
DLAAPI_W.DLL -> C:\WINDOWS\System32\DLAAPI_W.DLL -> [2007.11.18 15:33:27
| 000,056,056 | ---- | C | MD5 = 378894E833489C07AAE541BE974CB59B] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2007.11.18 15:33:27 |
000,000,120 | ---- | C | MD5 = 123782FDAC6072948187E119D3355191] ()
preflib.dll -> C:\WINDOWS\System32\preflib.dll -> [2007.11.18 15:29:22 |
000,086,016 | ---- | C | MD5 = 2A5A6D43CFE2FB2C89B175E4F07FF635] ()
bcm1xsup.dll -> C:\WINDOWS\System32\bcm1xsup.dll -> [2007.11.18 15:29:20
| 000,757,760 | ---- | C | MD5 = 4E8964A5564D27BE3F336AAD47D5D6E8] ()
rixdicon.dll -> C:\WINDOWS\System32\rixdicon.dll -> [2007.11.18 15:00:28
| 000,016,480 | ---- | C | MD5 = F95EA7FEF807F995B1D1136AF68F5BFF] ()
nvwimg.dll -> C:\WINDOWS\System32\nvwimg.dll -> [2007.11.18 15:00:15 |
001,019,904 | ---- | C | MD5 = 933E09C36538E196C8A99AF488B20879] ()
nvwdmcpl.dll -> C:\WINDOWS\System32\nvwdmcpl.dll -> [2007.11.18 15:00:14
| 001,703,936 | ---- | C | MD5 = 1F9F8D75A6F7C95B7FB6234A0A702706] ()
nvshell.dll -> C:\WINDOWS\System32\nvshell.dll -> [2007.11.18 15:00:14 |
000,466,944 | ---- | C | MD5 = 76DD76CAAEA90E5C12B32D2A3484496C] ()
nview.dll -> C:\WINDOWS\System32\nview.dll -> [2007.11.18 15:00:13 |
001,474,560 | ---- | C | MD5 = 842D0968906CA259EAA1700752D2D6D5] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2007.11.18 14:58:57 |
000,001,504 | ---- | C | MD5 = 75BE19F1BE28D1D3C25B1B6316EAE9D8] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2006.11.07 06:25:58 |
000,000,000 | ---- | C | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
CddbPlaylist2Roxio.dll -> C:\WINDOWS\System32\CddbPlaylist2Roxio.dll ->
[2006.09.17 01:36:50 | 000,520,192 | ---- | C | MD5 =
04D589D10843AB801BF20AA8238EF030] ()
CddbFileTaggerRoxio.dll -> C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
-> [2006.09.17 01:36:50 | 000,204,800 | ---- | C | MD5 =
F33FE25F897D6E8BF79D996F973A36CE] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004.08.13 15:04:30 |
000,000,849 | ---- | C | MD5 = E843BF2B7B481E0772DE3BD2CF06BC80] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2004.08.13 14:51:43 |
000,003,776 | ---- | C | MD5 = 221FCC75D1FB9664146B8C682ECF094D] ()

[File - Lop Check]
DAEMON Tools Lite -> C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\DAEMON Tools Lite -> [2009.09.12 17:01:39 |
000,000,000 | ---D | M]
EPSON -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
-> [2010.07.13 14:41:01 | 000,000,000 | ---D | M]
FreeDownloadManager.ORG -> C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\FreeDownloadManager.ORG -> [2009.05.02 16:42:33 |
000,000,000 | ---D | M]
ICQ -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ ->
[2010.07.05 15:02:23 | 000,000,000 | ---D | M]
MailFrontier -> C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\MailFrontier -> [2007.12.29 21:42:55 | 000,000,000
| ---D | M]
OriginLab -> C:\Dokumente und Einstellungen\All
Users\Anwendungsdaten\OriginLab -> [2010.04.19 14:56:46 | 000,000,000 |
---D | M]
Tages -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
-> [2009.09.12 17:17:38 | 000,000,000 | ---D | M]
BitZipper -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\BitZipper -> [2010.07.13 14:34:31 |
000,000,000 | ---D | M]
bkchem -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\bkchem ->
[2009.10.29 22:20:59 | 000,000,000 | ---D | M]
Canon -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon ->
[2008.03.29 19:26:08 | 000,000,000 | ---D | M]
cerasus.media -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\cerasus.media -> [2007.12.09 02:19:39
| 000,000,000 | ---D | M]
DAEMON Tools Lite -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Lite -> [2009.09.12
17:03:26 | 000,000,000 | ---D | M]
DAEMON Tools Pro -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Pro -> [2009.09.12
16:49:16 | 000,000,000 | ---D | M]
Free Download Manager -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Free Download Manager -> [2010.07.15
18:32:31 | 000,000,000 | ---D | M]
FreeDoko -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FreeDoko
-> [2009.03.13 13:46:46 | 000,000,000 | ---D | M]
GetRightToGo -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\GetRightToGo -> [2009.05.09 20:07:46 |
000,000,000 | ---D | M]
gtk-2.0 -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0 ->
[2010.07.12 16:57:52 | 000,000,000 | ---D | M]
Helios -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Helios ->
[2009.05.02 15:36:49 | 000,000,000 | ---D | M]
ICQ -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ ->
[2010.07.07 23:27:02 | 000,000,000 | ---D | M]
ICQ Toolbar -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ
Toolbar -> [2007.11.22 19:59:11 | 000,000,000 | ---D | M]
ImgBurn -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ImgBurn ->
[2007.12.11 13:50:45 | 000,000,000 | ---D | M]
Jomedia -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Jomedia ->
[2009.03.08 20:08:24 | 000,000,000 | ---D | M]
OpenOffice.org -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\OpenOffice.org -> [2008.11.16 01:31:00
| 000,000,000 | ---D | M]
pdfforge -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pdfforge
-> [2009.08.07 14:18:05 | 000,000,000 | ---D | M]
Search Settings -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Search Settings -> [2009.03.09
01:15:55 | 000,000,000 | ---D | M]
Template -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Template
-> [2007.12.03 23:56:25 | 000,000,000 | ---D | M]
Thunderbird -> C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Thunderbird -> [2010.04.21 19:43:48 |
000,000,000 | ---D | M]
Ubisoft -> C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ubisoft ->
[2009.09.12 17:30:00 | 000,000,000 | ---D | M]

[File - Purity Scan]

[Custom Scans]
< %SYSTEMDRIVE%\*.exe >
< %systemroot%\*. /mp /s >
Restore point Set: OTS Restore Point (0)
< %systemroot%\system32\*.dll /lockedfiles >
expsrv.dll : Unable to obtain MD5 -> C:\WINDOWS\system32\expsrv.dll ->
[2008.04.14 04:22:10 | 000,380,445 | ---- | M | Unable to obtain MD5]
(Microsoft Corporation)
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
mbam.sys -> C:\WINDOWS\system32\drivers\mbam.sys -> [2010.04.29 12:19:14
| 000,020,952 | ---- | M | MD5 = A02C631493AB553A1112A6B699FE61B3]
(Malwarebytes Corporation)
mbamswissarmy.sys -> C:\WINDOWS\system32\drivers\mbamswissarmy.sys ->
[2010.04.29 12:19:24 | 000,038,224 | ---- | M | MD5 =
7364D8A830F91C487F430A57FDBD2BBB] (Malwarebytes Corporation)
< %systemroot%\system32\ws2help.dll /md5 >
ws2help.dll : MD5=C7D8A0517CBF16B84F657DE87EBE9D4B ->
C:\WINDOWS\system32\ws2help.dll -> [2008.04.14 04:22:32 | 000,019,968 |
---- | M | MD5 = C7D8A0517CBF16B84F657DE87EBE9D4B] (Microsoft Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
Reg Error: Key
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU\
not found. -> ->
<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install\\LastSuccessTime -> 2010-07-13 11:23:30 ->

[Alternate Data Streams]
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\dum di dum:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\für Rob:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\Irland CD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\MPlayer-1.0rc2-gui:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\DSA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\EA Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\jenni-kram:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\kalender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\mietvertrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\OriginLab:Roxio EMC Stream
< End of report >

Larusso · 15.07.2010, 19:08

windows + r taste --> notepad (hinein schreiben) --> OK

Reiter Ansicht und gehe sicher das bei Zeilenumbruch kein Hacken ist.

Deine Logfiles sind irgendwie verschnörkelt, so funzt kein Script

Jenjen · 16.07.2010, 08:34

hi,

das war bei mir alles genau so wie du mir das gerade beschrieben hast. ich hab das an meinem computer als text in eine email kopiert und an mich selbst verschickt. hab das ganze an diesem computer abgerufen und in ein textdokument eingefügt. zeilenumbrüche sind nicht aktiviert, aber das ganze ist 139 KB groß und dementsprechend kann ich das hier nicht anhängen.

und was meinst du mit verschnörkelt? kann das von der e-mail kommen? ich trau mich nur nicht, die original-logfile anzuhängen, weil ich angst habe, dass der computer hier dann auch den virus bekommt. oder kann ich das wagen?

Larusso · 16.07.2010, 12:33

Klar passt ein Email Client ein Textdokument an wie es ihm passt.

Registry Einträge ändern, löschen oder erstellen
1
Start--> ausführen--> notepad (reinschreiben)--> ok

Kopiere nun bitte folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable"=dword:00000000
"ProxyServer"=""

Speichere es nun unter regfix.reg
achte darauf, dass bei Datei-Typ "Alle Dateien" angegeben ist
nun sollte auf Deinem Desktop erscheinen
Mache nun einen Doppelklick auf die Datei regfix.reg
Bestätige mit Ja, dann drücke OK
Starte den Rechner neu auf

Hier findest Du eine bebilderte Anleitung

Wenn Du wieder ins Internet kannst, dann Schritt 2 Sonst berichte mir wenns nicht geht

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Jenjen · 16.07.2010, 14:57

also mein internet funktioniert wieder, allerdings kann ich hier im forum keine antworten erstellen. da bekomme ich immer einen seitenladefehler. deshalb jetzt nochmal vom anderen computer:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 16.07.2010 15:40:16 - Run 4
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Dokumente und
Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -
Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:
dd.MM.yyyy

1.022,00 Mb Total Physical Memory | 518,00 Mb Available Physical Memory
| 51,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging
File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Programme
Drive C: | 143,44 Gb Total Space | 16,32 Gb Free Space | 11,37% Space
Free | Partition Type: NTFS
Drive D: | 667,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free
| Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPTOP
Current User Name: xxx
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame
Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Jenni\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
(Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir
Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco
Systems, Inc.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (RoxMediaDB9) -- C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft
Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source
Engine\OSE.EXE (Microsoft Corporation)
SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing
Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame
Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision
Corporation)


========== Driver Services (SafeList) ==========

DRV - (kl1) -- C:\WINDOWS\System32\DRIVERS\kl1.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco
Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic
Networks, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro
Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon
Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows
(R) Server 2003 DDK provider)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower
Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative
Technology Ltd.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate
Bytes AG)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant
Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant
Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant
Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom
Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom
Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems,
Inc.)
DRV - (DXEC02) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD
Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios
Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise
Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic
Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic
Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic
Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex
Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American
Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System
Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced
System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer
Laboratories Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
ICQ.com Suche
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} -
C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg
Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg
Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.studivz.net"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems:
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.9
FF - prefs.js..extensions.enabledItems:
fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems:
{800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems:
{EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..keyword.URL:
"hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL:
"hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - user.js..browser.search.selectedEngine: "Search"
FF - user.js..keyword.URL:
"hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components:
C:\Programme\Mozilla Firefox\components [2010.07.14 14:15:06 |
000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins:
C:\Programme\Mozilla Firefox\plugins [2010.07.14 14:15:04 | 000,000,000
| ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird
3.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components
[2010.07.14 13:55:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins:
C:\Programme\Mozilla Thunderbird\plugins

[2010.04.21 19:43:57 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2010.04.21 19:43:57 | 000,000,000 | ---D | M] (No name found) --
C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.14 13:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions
[2009.11.23 16:35:18 | 000,000,000 | ---D | M] (FlashGot) --
C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2007.11.24 00:43:29 | 000,000,000 | ---D | M] (Grand Green ( GG )) --
C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{1e78d6c6-55d1-11dc-8314-0800200c9a66}
[2010.07.05 15:02:26 | 000,000,000 | ---D | M] (No name found) --
C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007.11.24 00:39:20 | 000,000,000 | ---D | M] (Fasterfox) --
C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009.09.18 01:13:37 | 000,000,000 | ---D | M] (SweetIM Toolbar for
Firefox) -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.09.12 17:01:19 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\DTToolbar@toolbarnet.com
[2010.07.09 07:42:10 | 000,000,961 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-1.xml
[2010.04.01 18:14:26 | 000,000,961 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-2.xml
[2010.06.24 23:07:57 | 000,000,961 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-3.xml
[2010.07.05 15:03:48 | 000,000,961 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-4.xml
[2009.12.17 22:59:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-5.xml
[2010.01.11 17:10:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-6.xml
[2010.07.14 13:56:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-7.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin.xml
[2008.12.09 00:22:14 | 000,001,328 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\wikipedia-de.xml
[2008.09.02 15:41:23 | 000,001,108 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\wikipedia-en.xml
[2010.07.14 14:15:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla
Firefox\extensions
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () --
C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () --
C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () --
C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () --
C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () --
C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.07.11 23:04:28 | 000,000,098 | ---- | M]) -
C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
(Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FDMIECookiesBHO Class) -
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download
Manager\iefdm2.dll ()
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID
value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) -
{32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools
Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) -
{855F3B16-6D32-4fe6-8A56-BBB695989046} -
C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) -
{32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools
Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) -
{855F3B16-6D32-4FE6-8A56-BBB695989046} -
C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Avira GmbH)
O4 - HKLM..\Run: [EPSON Stylus DX4200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEE.EXE (SEIKO EPSON
CORPORATION)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame
Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame
Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA
Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio
Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone
Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools
Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Download Manager] C:\Programme\Free Download
Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [Thunderbird] C:\Programme\Mozilla
Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\VPN Client.lnk =
C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico
()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Alles mit FDM herunterladen -
C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen -
C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen -
C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren -
C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen -
C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} -
C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 -
{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe
(ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
(Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
(Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
(Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
(Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
(Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
(Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
192.168.178.1
O18 - Protocol\Handler\http\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61}
- C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft
Corporation)
O18 - Protocol\Handler\https\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb
{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb
{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
(Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information
Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
- C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} -
C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
(Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe
(Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale
Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale
Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () -
C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{06577c5d-f223-11dd-84d3-001c23b64529}\Shell\AutoRun
- "" = Auto&Play
O33 -
MountPoints2\{06577c5d-f223-11dd-84d3-001c23b64529}\Shell\AutoRun\command -
"" = explorer .\index.html
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days
==========

[2010.07.15 18:23:04 | 000,640,512 | ---- | C] (OldTimer Tools) --
C:\Dokumente und Einstellungen\xxx\Desktop\OTS.exe
[2010.07.15 00:00:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und
Einstellungen\xxx\IECompatCache
[2010.07.14 14:15:03 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla
Firefox
[2010.07.13 23:30:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und
Einstellungen\xxx\Recent
[2010.07.13 22:20:27 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.13 22:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.13 22:17:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und
Einstellungen\xxx\PrivacIE
[2010.07.13 22:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\jhbtfvbrp
[2010.07.13 14:42:07 | 000,000,000 | ---D | C] -- C:\Programme\EPSON
[2010.07.13 14:41:29 | 000,000,000 | ---D | C] --
C:\WINDOWS\System32\DRVSTORE
[2010.07.13 14:41:01 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.07.13 14:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\BitZipper
[2010.07.13 14:34:24 | 000,000,000 | ---D | C] -- C:\Programme\BitZipper
[2010.07.13 13:19:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und
Einstellungen\xxx\IETldCache
[2010.07.13 13:11:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.07.12 21:08:06 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2010.07.12 16:41:36 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.07.11 23:04:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.11 21:39:10 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2010.07.11 20:26:19 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.11 20:24:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.07.11 19:23:42 | 000,574,976 | ---- | C] (OldTimer Tools) --
C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.07.11 19:23:37 | 000,038,224 | ---- | C] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.11 19:23:31 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.11 19:23:30 | 000,020,952 | ---- | C] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.11 19:23:28 | 000,000,000 | ---D | C] --
C:\Programme\Malwarebytes' Anti-Malware
[2010.07.05 14:43:35 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AOL
[2010.07.05 14:41:53 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.06.28 16:39:38 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\.xxy
[2010.05.25 22:32:53 | 000,000,000 | ---D | C] -- C:\Programme\MSECache
[2010.05.04 20:03:51 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\mietvertrag
[2010.04.30 22:35:53 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\dvdcss
[2010.04.30 22:35:50 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\vlc
[2010.04.27 22:51:22 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2010.04.27 22:49:06 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\LocalService\Anwendungsdaten\DivX
[2010.04.26 11:35:29 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
Visual Studio
[2010.04.26 11:35:29 | 000,000,000 | ---D | C] --
C:\Programme\Gemeinsame Dateien\DESIGNER
[2010.04.26 11:34:25 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.04.26 11:31:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.04.26 11:31:18 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2010.04.26 11:30:57 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\Microsoft Help
[2010.04.26 11:30:30 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.04.19 14:57:08 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\OriginLab
[2010.04.19 14:56:46 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\OriginLab
[2010.04.19 14:51:40 | 000,000,000 | ---D | C] -- C:\Programme\Origin
81Sr2 Setup Files
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010.07.16 15:41:08 | 000,375,740 | ---- | M] () --
C:\WINDOWS\System32\perfh009.dat
[2010.07.16 15:41:08 | 000,051,538 | ---- | M] () --
C:\WINDOWS\System32\perfc009.dat
[2010.07.16 15:41:07 | 000,386,302 | ---- | M] () --
C:\WINDOWS\System32\perfh007.dat
[2010.07.16 15:41:07 | 000,062,364 | ---- | M] () --
C:\WINDOWS\System32\perfc007.dat
[2010.07.16 15:41:06 | 000,884,200 | ---- | M] () --
C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.16 15:40:19 | 074,799,136 | -HS- | M] () --
C:\WINDOWS\System32\drivers\fidbox.dat
[2010.07.16 15:37:11 | 000,002,206 | ---- | M] () --
C:\WINDOWS\System32\wpa.dbl
[2010.07.16 15:36:32 | 000,222,883 | ---- | M] () --
C:\WINDOWS\System32\nvModes.001
[2010.07.16 15:36:06 | 000,002,423 | ---- | M] () -- C:\Dokumente und
Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.07.16 15:35:52 | 000,358,829 | ---- | M] () --
C:\WINDOWS\System32\vsconfig.xml
[2010.07.16 15:35:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.16 15:35:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.16 15:35:33 | 1071,239,168 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.16 15:34:51 | 007,340,032 | -H-- | M] () -- C:\Dokumente und
Einstellungen\xxx\NTUSER.DAT
[2010.07.16 15:34:51 | 000,878,600 | -HS- | M] () --
C:\WINDOWS\System32\drivers\fidbox.idx
[2010.07.16 15:33:46 | 000,000,169 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\regfix.reg
[2010.07.15 18:23:04 | 000,640,512 | ---- | M] (OldTimer Tools) --
C:\Dokumente und Einstellungen\Jenni\Desktop\OTS.exe
[2010.07.15 08:47:31 | 000,000,190 | -HS- | M] () -- C:\Dokumente und
Einstellungen\xxx\ntuser.ini
[2010.07.13 22:41:57 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB
[2010.07.13 07:26:56 | 000,290,888 | ---- | M] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.12 20:05:37 | 000,010,656 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\.recently-used.xbel
[2010.07.12 15:16:01 | 003,513,237 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\WVCheck.exe
[2010.07.11 23:04:28 | 000,000,098 | ---- | M] () --
C:\WINDOWS\System32\drivers\etc\Hosts
[2010.07.11 20:13:26 | 000,000,676 | ---- | M] () -- C:\Dokumente und
Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 19:23:49 | 000,574,976 | ---- | M] (OldTimer Tools) --
C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.06.28 11:56:06 | 000,144,384 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Lokale
Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.20 21:42:44 | 000,178,791 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.pdf
[2010.06.20 21:42:38 | 000,012,132 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.docx
[2010.06.06 00:32:54 | 000,000,059 | ---- | M] () --
C:\WINDOWS\LTDLGFILE14N.INI
[2010.06.03 18:26:05 | 000,077,000 | ---- | M] () -- C:\Dokumente und
Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.26 11:22:37 | 000,000,375 | ---- | M] () --
C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.04.22 09:15:47 | 000,000,477 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.22 09:15:47 | 000,000,235 | RHS- | M] () -- C:\boot.ini
[2010.04.22 09:15:47 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.16 15:33:46 | 000,000,169 | ---- | C] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\regfix.reg
[2010.07.15 18:09:01 | 1071,239,168 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.13 22:41:57 | 000,012,862 | ---- | C] () -- C:\WINDOWS\EPISMG00.SWB
[2010.07.12 20:05:37 | 000,010,656 | ---- | C] () -- C:\Dokumente und
Einstellungen\xxx\.recently-used.xbel
[2010.07.12 15:15:21 | 003,513,237 | ---- | C] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\WVCheck.exe
[2010.07.11 19:23:42 | 000,000,676 | ---- | C] () -- C:\Dokumente und
Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.20 21:42:43 | 000,178,791 | ---- | C] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.pdf
[2010.06.20 21:42:37 | 000,012,132 | ---- | C] () -- C:\Dokumente und
Einstellungen\xxx\Desktop\Blumengießplan.docx
[2010.06.06 00:32:54 | 000,000,059 | ---- | C] () --
C:\WINDOWS\LTDLGFILE14N.INI
[2010.04.11 19:52:46 | 000,116,224 | ---- | C] () --
C:\WINDOWS\System32\pdfcmnnt.dll
[2009.09.12 16:43:41 | 000,721,904 | ---- | C] () --
C:\WINDOWS\System32\drivers\sptd.sys
[2009.05.26 22:39:19 | 000,000,045 | ---- | C] () --
C:\WINDOWS\System32\diqp2981.sys
[2009.05.26 22:39:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vswin.ini
[2009.05.26 22:39:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\u2s8i.ini
[2009.05.09 20:02:01 | 000,000,367 | ---- | C] () --
C:\WINDOWS\System32\CNCMFP12.INI
[2009.03.24 22:31:36 | 000,000,596 | ---- | C] () -- C:\WINDOWS\mamba.ini
[2009.03.03 21:16:17 | 000,000,976 | ---- | C] () -- C:\WINDOWS\dokop301.ini
[2009.03.03 21:16:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SBINET.INI
[2009.01.13 21:59:19 | 000,057,344 | ---- | C] () --
C:\WINDOWS\System32\mupkernps11.dll
[2009.01.13 11:29:00 | 000,197,408 | ---- | C] () --
C:\WINDOWS\System32\vpnapi.dll
[2009.01.13 11:28:44 | 000,193,312 | ---- | C] () --
C:\WINDOWS\System32\CSGina.dll
[2008.06.26 17:03:50 | 000,021,840 | ---- | C] () --
C:\WINDOWS\System32\SIntfNT.dll
[2008.06.26 17:03:50 | 000,017,212 | ---- | C] () --
C:\WINDOWS\System32\SIntf32.dll
[2008.06.26 17:03:50 | 000,012,067 | ---- | C] () --
C:\WINDOWS\System32\SIntf16.dll
[2007.12.29 21:42:41 | 000,021,904 | ---- | C] () --
C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.12.29 21:42:41 | 000,017,808 | ---- | C] () --
C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.12.29 21:42:09 | 000,796,048 | ---- | C] () --
C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.12.25 17:43:57 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.12.08 13:15:40 | 000,281,760 | ---- | C] () --
C:\WINDOWS\System32\drivers\atksgt.sys
[2007.12.08 13:15:40 | 000,025,888 | ---- | C] () --
C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.12.08 13:12:41 | 000,000,307 | ---- | C] () -- C:\WINDOWS\Romme.INI
[2007.12.02 12:50:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TETRIS.INI
[2007.11.18 15:41:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.11.18 15:36:23 | 000,198,144 | ---- | C] () --
C:\WINDOWS\System32\_psisdecd.dll
[2007.11.18 15:33:27 | 000,056,056 | ---- | C] () --
C:\WINDOWS\System32\DLAAPI_W.DLL
[2007.11.18 15:33:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.11.18 15:29:22 | 000,086,016 | ---- | C] () --
C:\WINDOWS\System32\preflib.dll
[2007.11.18 15:29:20 | 000,757,760 | ---- | C] () --
C:\WINDOWS\System32\bcm1xsup.dll
[2007.11.18 15:00:28 | 000,016,480 | ---- | C] () --
C:\WINDOWS\System32\rixdicon.dll
[2007.11.18 15:00:15 | 001,019,904 | ---- | C] () --
C:\WINDOWS\System32\nvwimg.dll
[2007.11.18 15:00:14 | 001,703,936 | ---- | C] () --
C:\WINDOWS\System32\nvwdmcpl.dll
[2007.11.18 15:00:14 | 000,466,944 | ---- | C] () --
C:\WINDOWS\System32\nvshell.dll
[2007.11.18 15:00:13 | 001,474,560 | ---- | C] () --
C:\WINDOWS\System32\nview.dll
[2007.11.18 14:58:57 | 000,001,504 | ---- | C] () --
C:\WINDOWS\System32\OEMINFO.INI
[2006.11.07 06:25:58 | 000,000,000 | ---- | C] () --
C:\WINDOWS\System32\px.ini
[2006.09.17 01:36:50 | 000,520,192 | ---- | C] () --
C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006.09.17 01:36:50 | 000,204,800 | ---- | C] () --
C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004.08.13 15:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.13 14:51:43 | 000,003,776 | ---- | C] () --
C:\WINDOWS\System32\fxsperf.ini

========== LOP Check ==========

[2009.09.12 17:01:39 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.07.13 14:41:01 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.05.02 16:42:33 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2010.07.05 15:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\ICQ
[2007.12.29 21:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2010.04.19 14:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\OriginLab
[2009.09.12 17:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\Tages
[2010.07.13 14:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\BitZipper
[2009.10.29 22:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\bkchem
[2008.03.29 19:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Canon
[2007.12.09 02:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\cerasus.media
[2009.09.12 17:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Lite
[2009.09.12 16:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Pro
[2010.07.16 15:43:16 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Free Download Manager
[2009.03.13 13:46:46 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\FreeDoko
[2009.05.09 20:07:46 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\GetRightToGo
[2010.07.12 16:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\gtk-2.0
[2009.05.02 15:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Helios
[2010.07.07 23:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\ICQ
[2007.11.22 19:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\ICQ Toolbar
[2007.12.11 13:50:45 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\ImgBurn
[2009.03.08 20:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Jomedia
[2008.11.16 01:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\OpenOffice.org
[2009.08.07 14:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\pdfforge
[2009.03.09 01:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Search Settings
[2007.12.03 23:56:25 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Template
[2010.04.21 19:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Thunderbird
[2009.09.12 17:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\xxx\Anwendungsdaten\Ubisoft

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004.08.13 14:54:56 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010.04.22 09:15:47 | 000,000,235 | RHS- | M] () -- C:\boot.ini
[2004.08.04 16:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2004.08.13 14:54:56 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007.11.18 15:03:26 | 000,006,669 | RH-- | M] () -- C:\dell.sdr
[2010.07.16 15:35:33 | 1071,239,168 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.23 21:33:18 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004.08.13 14:54:56 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004.08.13 14:54:56 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004.08.04 16:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008.10.23 20:09:14 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010.07.16 15:35:32 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008.04.14 04:22:10 | 000,380,445 | ---- | M] (Microsoft
Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\expsrv.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004.08.13 14:46:20 | 000,094,208 | ---- | M] () --
C:\WINDOWS\system32\config\default.sav
[2004.08.13 14:46:20 | 000,663,552 | ---- | M] () --
C:\WINDOWS\system32\config\software.sav
[2004.08.13 14:46:20 | 000,417,792 | ---- | M] () --
C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

< %systemroot%\system32\user32.dll /md5 >
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation)
MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation)
MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation)
MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll

<
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
>

<
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install\\LastSuccessTime: 2010-07-13 11:23:30

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\OriginLab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\mietvertrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\kalender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\jenni-kram:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\EA Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\DSA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Eigene Dateien\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\MPlayer-1.0rc2-gui:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\Irland CD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\für Rob:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und
Einstellungen\xxx\Desktop\dum di dum:Roxio EMC Stream
< End of report >

--- --- ---

Larusso · 16.07.2010, 21:40

Schritt 1

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

Schritt 2

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte poste in Deiner nächsten Antwort
ComboFix.txt

Jenjen · 16.07.2010, 22:56

hier ist das log. leider hat sich nach dem neustart mein antivir mit gestartet und hat nebenbei sogar eine trojaner-warnung ausgegeben. ich habe zugriff verweigern gewählt. ich hoffe, das war in ordnung..

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-07-15.05 - xxx 16.07.2010  23:37:04.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.1022.649 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\xxx\Desktop\Combozeugs.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

Achtung - Auf diesem PC ist keine Wiederherstellungskonsole installiert !!
.

(((((((((((((((((((((((   Dateien erstellt von 2010-06-16 bis 2010-07-16  ))))))))))))))))))))))))))))))
.

2010-07-15 06:16 . 2010-07-15 06:16	--------	d-sh--w-	c:\dokumente und einstellungen\Administrator\IETldCache
2010-07-14 22:00 . 2010-07-14 22:00	--------	d-sh--w-	c:\dokumente und einstellungen\xxx\IECompatCache
2010-07-13 20:20 . 2010-07-13 20:20	--------	d-sh--w-	c:\dokumente und einstellungen\NetworkService\IETldCache
2010-07-13 20:17 . 2010-07-13 20:17	--------	d-sh--w-	c:\dokumente und einstellungen\xxx\PrivacIE
2010-07-13 20:07 . 2010-07-14 05:07	--------	d-----w-	c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\jhbtfvbrp
2010-07-13 12:42 . 2010-07-13 12:42	--------	d-----w-	c:\programme\EPSON
2010-07-13 12:42 . 2004-09-10 18:12	49152	----a-w-	c:\windows\system32\E_DCINST.DLL
2010-07-13 12:41 . 2004-11-25 03:07	79679	----a-w-	c:\windows\system32\E_FLMAEE.DLL
2010-07-13 12:41 . 2003-05-21 00:27	64000	----a-w-	c:\windows\system32\E_FBCBAEE.DLL
2010-07-13 12:41 . 2000-06-06 23:01	34304	----a-w-	c:\windows\system32\E_FBCHAEE.DLL
2010-07-13 12:41 . 2010-07-13 12:41	--------	dc----w-	c:\windows\system32\DRVSTORE
2010-07-13 12:41 . 2010-07-13 12:41	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\EPSON
2010-07-13 12:34 . 2010-07-13 12:34	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\BitZipper
2010-07-13 12:34 . 2010-07-13 12:34	--------	d-----w-	c:\programme\BitZipper
2010-07-13 11:19 . 2010-07-13 11:19	--------	d-sh--w-	c:\dokumente und einstellungen\xxx\IETldCache
2010-07-13 11:19 . 2010-07-13 11:19	--------	d-sh--w-	c:\dokumente und einstellungen\LocalService\IETldCache
2010-07-13 11:11 . 2010-07-13 11:13	--------	dc-h--w-	c:\windows\ie8
2010-07-12 19:08 . 2010-07-12 19:08	--------	d-----w-	c:\programme\MSXML 4.0
2010-07-12 14:45 . 2009-11-21 15:54	471552	------w-	c:\windows\system32\dllcache\aclayers.dll
2010-07-12 14:45 . 2009-10-15 16:28	81920	------w-	c:\windows\system32\dllcache\fontsub.dll
2010-07-12 14:45 . 2009-10-15 16:28	119808	------w-	c:\windows\system32\dllcache\t2embed.dll
2010-07-12 14:45 . 2009-03-06 14:19	286720	------w-	c:\windows\system32\dllcache\pdh.dll
2010-07-12 14:45 . 2009-02-09 11:21	111104	------w-	c:\windows\system32\dllcache\services.exe
2010-07-12 14:45 . 2009-02-06 10:10	227840	------w-	c:\windows\system32\dllcache\wmiprvse.exe
2010-07-12 14:45 . 2009-02-09 10:51	401408	------w-	c:\windows\system32\dllcache\rpcss.dll
2010-07-12 14:45 . 2009-02-09 10:51	678400	------w-	c:\windows\system32\dllcache\advapi32.dll
2010-07-12 14:45 . 2009-02-09 10:51	473600	------w-	c:\windows\system32\dllcache\fastprox.dll
2010-07-12 14:45 . 2009-02-09 10:51	453120	------w-	c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-12 14:45 . 2009-02-06 10:39	35328	------w-	c:\windows\system32\dllcache\sc.exe
2010-07-12 14:45 . 2009-02-09 10:51	740352	------w-	c:\windows\system32\dllcache\ntdll.dll
2010-07-12 14:44 . 2009-06-21 21:45	153088	------w-	c:\windows\system32\dllcache\triedit.dll
2010-07-12 14:44 . 2009-10-23 15:28	3558912	------w-	c:\windows\system32\dllcache\moviemk.exe
2010-07-12 14:43 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-07-12 14:41 . 2010-07-12 14:41	--------	d-----w-	c:\programme\ESET
2010-07-12 14:39 . 2008-04-21 21:13	217600	------w-	c:\windows\system32\dllcache\wordpad.exe
2010-07-11 21:04 . 2010-07-11 21:04	--------	d-----w-	C:\_OTL
2010-07-11 19:39 . 2010-07-11 19:39	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\Malwarebytes
2010-07-11 18:26 . 2010-07-11 18:26	--------	d-----w-	c:\programme\CCleaner
2010-07-11 18:13 . 2010-07-11 18:13	--------	d-----w-	c:\dokumente und einstellungen\Administrator\Anwendungsdaten\Malwarebytes
2010-07-11 17:23 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 17:23 . 2010-07-11 17:23	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-07-11 17:23 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-11 17:23 . 2010-07-11 18:13	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2010-07-05 12:43 . 2010-07-05 12:43	--------	d-----w-	c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AOL
2010-07-05 12:41 . 2010-07-05 13:03	--------	d-----w-	c:\programme\ICQ7.2
2010-06-28 14:39 . 2010-06-28 14:46	--------	d-----w-	c:\dokumente und einstellungen\xxx\.xxy

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-16 21:46 . 2007-12-29 19:42	74985504	--sha-w-	c:\windows\system32\drivers\fidbox.dat
2010-07-16 21:35 . 2004-08-13 12:40	62364	----a-w-	c:\windows\system32\perfc007.dat
2010-07-16 21:35 . 2004-08-13 12:40	386302	----a-w-	c:\windows\system32\perfh007.dat
2010-07-16 21:30 . 2007-12-29 19:42	880448	--sha-w-	c:\windows\system32\drivers\fidbox.idx
2010-07-16 21:18 . 2009-05-02 14:42	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\Free Download Manager
2010-07-14 11:55 . 2009-10-27 13:18	--------	d-----w-	c:\programme\Mozilla Thunderbird
2010-07-13 20:39 . 2010-07-13 20:39	0	--sh--w-	c:\windows\S5EA9C9FB.tmp
2010-07-13 20:24 . 2009-07-14 15:33	--------	d-----w-	c:\programme\ICQ6Toolbar
2010-07-12 14:57 . 2008-10-03 14:41	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\gtk-2.0
2010-07-11 23:21 . 2010-04-30 20:35	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\vlc
2010-07-07 21:27 . 2007-11-22 17:57	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\ICQ
2010-07-05 13:02 . 2007-11-18 13:27	--------	d--h--w-	c:\programme\InstallShield Installation Information
2010-07-05 13:02 . 2009-07-14 15:33	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\ICQ
2010-06-13 20:02 . 2008-11-15 23:31	1	----a-w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-03 16:26 . 2007-11-20 20:17	77000	----a-w-	c:\dokumente und einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-06-01 12:10 . 2009-09-28 18:40	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\Skype
2010-06-01 12:09 . 2009-09-28 18:43	--------	d-----w-	c:\dokumente und einstellungen\xxx\Anwendungsdaten\skypePM
2010-05-25 20:32 . 2010-05-25 20:32	--------	d-----w-	c:\programme\MSECache
2010-05-22 17:57 . 2008-05-31 16:14	15472532	-c--a-w-	c:\windows\Internet Logs\tvDebug.zip
2010-05-22 10:07 . 2010-04-26 09:30	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft Help
2010-05-02 08:05 . 2004-08-13 12:40	1851392	----a-w-	c:\windows\system32\win32k.sys
2010-04-27 05:41 . 2010-04-27 11:55	2549760	----a-w-	c:\windows\Internet Logs\xDB9.tmp
2010-04-20 05:29 . 2004-08-13 12:40	285696	----a-w-	c:\windows\system32\atmfd.dll
2007-11-18 13:28 . 2007-11-18 13:28	76	-csh--r-	c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird"="c:\programme\Mozilla Thunderbird\thunderbird -turbo" [X]
"Free Download Manager"="c:\programme\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"DAEMON Tools Lite"="c:\programme\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"="c:\programme\Zone Labs\ZoneAlarm\zlclient.exe" [2007-12-13 919016]
"RoxWatchTray"="c:\programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 221184]
"ISUSScheduler"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"avgnt"="c:\programme\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-06 8429568]
"ISUSPM Startup"="c:\progra~1\gemein~1\instal~1\update~1\isuspm.exe" [2006-10-03 221184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
VPN Client.lnk - c:\windows\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico [2009-10-15 6144]

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Digital Line Detect.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^xxx^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk]
path=c:\dokumente und einstellungen\Jenni\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16	39792	----a-w-	c:\programme\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2007-05-15 18:28	1392640	----a-w-	c:\windows\system32\WLTRAY.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
2006-09-28 19:21	57344	----a-w-	c:\programme\SlySoft\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 02:22	15360	----a-w-	c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 16:43	118784	------w-	c:\programme\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-10-03 11:35	221184	----a-w-	c:\progra~1\GEMEIN~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KADxMain]
2006-11-02 14:05	282624	----a-w-	c:\windows\system32\KADxMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 02:22	1695232	----a-w-	c:\programme\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-06-06 15:34	8429568	----a-w-	c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVHotkey]
2007-06-06 15:34	67584	----a-w-	c:\windows\system32\nvhotkey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-06-06 15:34	81920	----a-w-	c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-06-06 15:35	1626112	----a-w-	c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]
2007-08-28 14:54	36864	----a-w-	c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-04-16 16:10	184320	------w-	c:\programme\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
2006-08-17 09:00	1116920	----a-w-	c:\programme\Roxio\Drag-to-Disc\DrgToDsc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-07-09 22:03	405504	----a-w-	c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2008-06-10 02:27	144784	----a-w-	c:\programme\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2007-07-09 22:21	851968	----a-w-	c:\programme\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"WmdmPmSN"=3 (0x3)
"VSS"=3 (0x3)
"TermService"=3 (0x3)
"SysmonLog"=3 (0x3)
"stisvc"=2 (0x2)
"SSDPSRV"=3 (0x3)
"Spooler"=2 (0x2)
"SENS"=2 (0x2)
"seclogon"=2 (0x2)
"RemoteRegistry"=2 (0x2)
"RDSessMgr"=3 (0x3)
"RasAuto"=3 (0x3)
"Netlogon"=3 (0x3)
"MSDTC"=3 (0x3)
"HTTPFilter"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"Fax"=2 (0x2)
"ERSvc"=2 (0x2)
"DSBrokerService"=3 (0x3)
"dmserver"=3 (0x3)
"dmadmin"=3 (0x3)
"CiSvc"=3 (0x3)
"CCALib8"=2 (0x2)
"BITS"=3 (0x3)
"SwPrv"=3 (0x3)
"stllssvr"=3 (0x3)
"mnmsrvc"=3 (0x3)
"EapHost"=3 (0x3)
"Dot3svc"=3 (0x3)
"COMSysApp"=3 (0x3)
"ALG"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Dell\\MediaDirect\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\avsys\\ScanningProcess.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\ICQ7.2\\ICQ.exe"=
"c:\\Programme\\ICQ7.2\\aolload.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\programme\Avira\AntiVir Desktop\sched.exe [05.05.2009 19:45 108289]
R2 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe [14.07.2009 17:33 246520]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.09.2009 16:43 721904]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
IE: Alles mit FDM herunterladen - file://c:\programme\Free Download Manager\dlall.htm
IE: Auswahl mit FDM herunterladen - file://c:\programme\Free Download Manager\dlselected.htm
IE: Datei mit FDM herunterladen - file://c:\programme\Free Download Manager\dllink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Videos mit FDM herunterladen - file://c:\programme\Free Download Manager\dlfvideo.htm
IE: {{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - c:\programme\ICQ7.2\ICQ.exe
FF - ProfilePath - c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\
FF - prefs.js: browser.startup.homepage - www.studivz.net
FF - prefs.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q=
FF - component: c:\dokumente und einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\programme\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll

---- FIREFOX Richtlinien ----

FF - user.js: keyword.URL - hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q=
c:\programme\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\programme\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\programme\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\programme\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
MSConfigStartUp-%PROVIDERID% - bin\sprtcmd.exe
MSConfigStartUp-SearchSettings - c:\programme\pdfforge Toolbar\SearchSettings.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-07-16 23:46
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2010-07-16  23:49:43
ComboFix-quarantined-files.txt  2010-07-16 21:49

Vor Suchlauf: 11 Verzeichnis(se), 17.370.054.656 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 17.302.540.288 Bytes frei

Current=15 Default=15 Failed=14 LastKnownGood=16 Sets=11,12,13,14,15,16
- - End Of File - - CCA054A1F6D4E50FE751D49701509B2E

--- --- ---

Larusso · 17.07.2010, 14:01

Registry Einträge ändern, löschen oder erstellen
1
Start--> ausführen--> notepad (reinschreiben)--> ok

Kopiere nun bitte folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=""

Speichere es nun unter regfix.reg
achte darauf, dass bei Datei-Typ "Alle Dateien" angegeben ist
nun sollte auf Deinem Desktop erscheinen
Mache nun einen Doppelklick auf die Datei regfix.reg
Bestätige mit Ja, dann drücke OK
Starte den Rechner neu auf

Hier findest Du eine bebilderte Anleitung

Kannst Du bitte einmal versuchen, von deinem PC ne OTL Logfile zu posten !!

Jenjen · 17.07.2010, 15:25

soll ich otl nochmal laufen lassen und davon die logfile nehmen? die combofix-log war von meinem computer aus gepostet. mit internet explorer gings.

Jenjen · 18.07.2010, 19:17

ich hab jetzt das otl nochmal komplett durchlaufen lassen. hier sind die ergebnisse:

otl.txt

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.07.2010 20:01:31 - Run 6
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 427,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,44 Gb Total Space | 15,92 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Drive D: | 667,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
PRC - C:\Programme\Cisco Systems\VPN Client\vpngui.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)
PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (RoxMediaDB9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)
SRV - (RoxWatch9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (CCALib8) -- C:\Programme\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (kl1) -- C:\WINDOWS\System32\DRIVERS\kl1.sys File not found
DRV - (catchme) -- C:\DOKUME~1\xxx\LOKALE~1\Temp\catchme.sys File not found
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (OEM02Vfx) -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\WINDOWS\system32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (DXEC02) -- C:\WINDOWS\system32\drivers\dxec02.sys (Knowles Acoustics)
DRV - (DLADResM) -- C:\WINDOWS\system32\DLA\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Roxio)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Roxio)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio)
DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.studivz.net"
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.9
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.8
FF - prefs.js..keyword.URL: "hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - user.js..keyword.URL: "hxxp://www.seanca.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&rls=kpGyNU0t&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.14 14:15:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.14 14:15:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.07.14 13:55:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
 
[2010.04.21 19:43:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions
[2010.04.21 19:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.18 12:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions
[2009.11.23 16:35:18 | 000,000,000 | ---D | M] (FlashGot) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2007.11.24 00:43:29 | 000,000,000 | ---D | M] (Grand Green ( GG )) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{1e78d6c6-55d1-11dc-8314-0800200c9a66}
[2010.07.05 15:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007.11.24 00:39:20 | 000,000,000 | ---D | M] (Fasterfox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2009.09.18 01:13:37 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.09.12 17:01:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\extensions\DTToolbar@toolbarnet.com
[2010.07.16 15:56:52 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-1.xml
[2010.04.01 18:14:26 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-2.xml
[2010.06.24 23:07:57 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-3.xml
[2010.07.05 15:03:48 | 000,000,961 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-4.xml
[2009.12.17 22:59:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-5.xml
[2010.01.11 17:10:36 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-6.xml
[2010.07.14 13:56:37 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin-7.xml
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\icqplugin.xml
[2008.12.09 00:22:14 | 000,001,328 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\wikipedia-de.xml
[2008.09.02 15:41:23 | 000,001,108 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Mozilla\Firefox\Profiles\kkn2w0n1.default\searchplugins\wikipedia-en.xml
[2010.07.14 14:15:18 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.07.11 23:04:28 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Download Manager] C:\Programme\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [Thunderbird] C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 14:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.17 09:11:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.07.17 00:02:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.07.16 23:54:50 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010.07.16 23:54:31 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010.07.16 23:20:41 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.07.16 23:20:41 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.07.16 23:20:41 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.07.16 23:20:41 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.07.16 23:19:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.07.16 23:16:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.16 23:02:36 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\TFC.exe
[2010.07.15 18:23:04 | 000,640,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTS.exe
[2010.07.15 00:00:11 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\IECompatCache
[2010.07.14 14:15:03 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.07.13 23:30:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\xxx\Recent
[2010.07.13 22:20:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.07.13 22:20:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.07.13 22:17:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\PrivacIE
[2010.07.13 22:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\jhbtfvbrp
[2010.07.13 14:42:07 | 000,000,000 | ---D | C] -- C:\Programme\EPSON
[2010.07.13 14:42:00 | 000,049,152 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\E_DCINST.DLL
[2010.07.13 14:41:57 | 000,079,679 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FLMAEE.DLL
[2010.07.13 14:41:57 | 000,064,000 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FBCBAEE.DLL
[2010.07.13 14:41:57 | 000,034,304 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\E_FBCHAEE.DLL
[2010.07.13 14:41:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.07.13 14:41:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.07.13 14:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\BitZipper
[2010.07.13 14:34:24 | 000,000,000 | ---D | C] -- C:\Programme\BitZipper
[2010.07.13 13:19:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\xxx\IETldCache
[2010.07.13 13:11:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.07.12 21:08:06 | 000,000,000 | ---D | C] -- C:\Programme\MSXML 4.0
[2010.07.12 16:45:56 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.07.12 16:45:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010.07.12 16:45:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010.07.12 16:44:50 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.07.12 16:43:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.07.12 16:41:36 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.07.11 23:04:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.07.11 21:39:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Malwarebytes
[2010.07.11 20:26:19 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.07.11 20:24:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.07.11 19:23:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.07.11 19:23:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.11 19:23:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.07.11 19:23:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.11 19:23:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.07.05 14:43:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\AOL
[2010.07.05 14:41:53 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2
[2010.06.28 16:39:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\xxx\.xxy
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.18 18:49:36 | 000,375,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.07.18 18:49:35 | 000,884,200 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.07.18 18:49:35 | 000,386,302 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.07.18 18:49:35 | 000,062,364 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.07.18 18:49:35 | 000,051,538 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.07.18 18:45:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.18 18:44:51 | 000,222,883 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010.07.18 18:44:40 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2010.07.18 18:44:26 | 000,358,829 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.07.18 18:44:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.18 18:44:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.18 18:44:07 | 1071,239,168 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.18 18:20:59 | 075,096,096 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.07.18 17:15:10 | 000,881,792 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.07.18 13:03:43 | 007,340,032 | -H-- | M] () -- C:\Dokumente und Einstellungen\xxx\NTUSER.DAT
[2010.07.17 00:05:23 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.07.17 00:01:25 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\xxx\ntuser.ini
[2010.07.16 23:46:36 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.07.16 23:15:30 | 003,738,072 | R--- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Combozeugs.exe
[2010.07.16 23:02:40 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\TFC.exe
[2010.07.15 18:23:04 | 000,640,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTS.exe
[2010.07.13 22:41:57 | 000,012,862 | ---- | M] () -- C:\WINDOWS\EPISMG00.SWB
[2010.07.13 07:26:56 | 000,290,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.12 20:05:37 | 000,010,656 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\.recently-used.xbel
[2010.07.12 15:16:01 | 003,513,237 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\WVCheck.exe
[2010.07.11 23:04:28 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010.07.11 20:13:26 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 19:23:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\xxx\Desktop\OTL.exe
[2010.06.28 11:56:06 | 000,144,384 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.20 21:42:44 | 000,178,791 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Blumengießplan.pdf
[2010.06.20 21:42:38 | 000,012,132 | ---- | M] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Blumengießplan.docx
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.17 00:02:16 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.07.16 23:20:41 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.07.16 23:20:41 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.07.16 23:20:41 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.07.16 23:20:41 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.07.16 23:20:41 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.07.16 23:15:02 | 003,738,072 | R--- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Combozeugs.exe
[2010.07.15 18:09:01 | 1071,239,168 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.13 22:41:57 | 000,012,862 | ---- | C] () -- C:\WINDOWS\EPISMG00.SWB
[2010.07.12 20:05:37 | 000,010,656 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\.recently-used.xbel
[2010.07.12 15:15:21 | 003,513,237 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\WVCheck.exe
[2010.07.11 19:23:42 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.20 21:42:43 | 000,178,791 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Blumengießplan.pdf
[2010.06.20 21:42:37 | 000,012,132 | ---- | C] () -- C:\Dokumente und Einstellungen\xxx\Desktop\Blumengießplan.docx
[2010.06.06 00:32:54 | 000,000,059 | ---- | C] () -- C:\WINDOWS\LTDLGFILE14N.INI
[2010.04.11 19:52:46 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.09.12 16:43:41 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.05.26 22:39:19 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\diqp2981.sys
[2009.05.26 22:39:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vswin.ini
[2009.05.26 22:39:18 | 000,000,028 | ---- | C] () -- C:\WINDOWS\u2s8i.ini
[2009.05.09 20:02:01 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP12.INI
[2009.03.24 22:31:36 | 000,000,596 | ---- | C] () -- C:\WINDOWS\mamba.ini
[2009.03.03 21:16:17 | 000,000,976 | ---- | C] () -- C:\WINDOWS\dokop301.ini
[2009.03.03 21:16:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\SBINET.INI
[2009.01.13 21:59:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mupkernps11.dll
[2009.01.13 11:29:00 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009.01.13 11:28:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008.06.26 17:03:50 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2008.06.26 17:03:50 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2008.06.26 17:03:50 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007.12.29 21:42:41 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2007.12.29 21:42:41 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2007.12.29 21:42:09 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007.12.25 17:43:57 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.12.08 13:15:40 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.12.08 13:15:40 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.12.08 13:12:41 | 000,000,307 | ---- | C] () -- C:\WINDOWS\Romme.INI
[2007.12.02 12:50:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\TETRIS.INI
[2007.11.18 15:41:25 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.11.18 15:36:23 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007.11.18 15:33:27 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2007.11.18 15:33:27 | 000,000,120 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007.11.18 15:29:22 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007.11.18 15:29:20 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007.11.18 15:00:28 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007.11.18 15:00:15 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.11.18 15:00:14 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.11.18 15:00:14 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.11.18 15:00:13 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.11.18 14:58:57 | 000,001,504 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006.11.07 06:25:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006.09.17 01:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006.09.17 01:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004.08.13 15:04:30 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.08.13 14:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
 
========== LOP Check ==========
 
[2009.09.12 17:01:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.07.13 14:41:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2009.05.02 16:42:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2010.07.05 15:02:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2007.12.29 21:42:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2010.04.19 14:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OriginLab
[2009.09.12 17:17:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2010.07.13 14:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\BitZipper
[2009.10.29 22:20:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\bkchem
[2008.03.29 19:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Canon
[2007.12.09 02:19:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\cerasus.media
[2009.09.12 17:03:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Lite
[2009.09.12 16:49:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\DAEMON Tools Pro
[2010.07.18 20:03:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Free Download Manager
[2009.03.13 13:46:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\FreeDoko
[2009.05.09 20:07:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\GetRightToGo
[2010.07.12 16:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\gtk-2.0
[2009.05.02 15:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Helios
[2010.07.18 17:31:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ
[2007.11.22 19:59:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ICQ Toolbar
[2007.12.11 13:50:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\ImgBurn
[2009.03.08 20:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Jomedia
[2008.11.16 01:31:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\OpenOffice.org
[2009.08.07 14:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pdfforge
[2009.03.09 01:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Search Settings
[2007.12.03 23:56:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Template
[2010.04.21 19:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Thunderbird
[2009.09.12 17:30:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Ubisoft
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\OriginLab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\mietvertrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\kalender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\jenni-kram:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\EA Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\DSA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\MPlayer-1.0rc2-gui:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\Irland CD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\für Rob:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\dum di dum:Roxio EMC Stream
< End of report >

--- --- ---

extras.txt

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.07.2010 20:01:31 - Run 6
OTL by OldTimer - Version 3.2.9.0     Folder = C:\Dokumente und Einstellungen\xxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.022,00 Mb Total Physical Memory | 427,00 Mb Available Physical Memory | 42,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,44 Gb Total Space | 15,92 Gb Free Space | 11,10% Space Free | Partition Type: NTFS
Drive D: | 667,47 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LAPTOP
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Dell\MediaDirect\PCMService.exe" = C:\Programme\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe" = C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe:*:Enabled:Kaspersky AV Scanner -- ()
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{01B93B3A-283F-411B-A648-69CABCACC986}" = Canon MF-Treiber
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0FDD9B5C-1133-48E2-9B9A-2E5A303D3F5B}" = Origin81
"{11801011-D30E-4120-9A89-9A873B1D72DF}" = Canon MF5700-Serie
"{132CA5D9-C745-4B0B-A3B2-8C7A6EC3EE7E}" = Canon MF-Toolbox 4.7.0.0.mf04
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3749D33C-26C8-4669-ACAA-DA3B0ADA67B6}" = Das große Tafelwerk interaktiv
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4C781ED5-4C2A-4495-875B-85CC9266F1F0}" = ANNO 1602
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = Die Sims 2
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00B2-0407-0000-0000000FF1CE}" = Microsoft – Speichern als PDF oder XPS – Add-In für 2007 Microsoft Office-Programme
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{A3CA5549-E07C-4CF3-99FB-C42C50DFC5CD}" = ANNO 1602 NINA
"{A912021A-FEDD-4DA3-8DB4-245EBDA84778}" = OriginPro 8G
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B6EC7388-E277-4A5B-8C8F-71067A41BA64}" = TextPad 5
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{C014E2EB-1FEA-48F8-AE36-912D8FA659DB}" = OriginPro 8.1G
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{E55E016B-8254-4A3F-ACEB-FE9988CD880F}" = Origin8
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}" = Cisco Systems VPN Client 5.0.05.0290
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem-Diagnose-Tool
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = Die Sims 2: Nightlife
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Advent 1.6.0.2" = Advent 1.6.0.2
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitZipper_is1" = BitZipper 2009
"BKChem_is1" = BKChem-0.13.0
"Bridge Builder" = Bridge Builder
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CloneCD" = CloneCD
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)  
"CSCLIB" = Canon Camera Support Core Library
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Diablo II" = Diablo II
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Equestriad 2001" = Equestriad 2001
"Free Download Manager_is1" = Free Download Manager 3.0
"FreeDoko" = FreeDoko 0.7.5
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Install WinBrick2000 v3.17.0 Shareware" = WinBrick2000
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.1)" = Mozilla Thunderbird (3.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Orbital Viewer" = Orbital Viewer
"PhotoStitch" = Canon Utilities PhotoStitch
"R for Windows 2.9.2_is1" = R for Windows 2.9.2
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Rommé 1" = Rommé 1
"ST5UNST #1" = Mühle von JMMG Communications
"ST6UNST #1" = Der Restaurant-Manager 1.5  Vollversion.de Edition
"SynTPDeinstKey" = Dell Touchpad
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.0
"WinRAR archiver" = WinRAR
"ZoneAlarm" = ZoneAlarm
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.06.2010 09:02:45 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung gimp-2.6.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul gimp-2.6.exe, Version 0.0.0.0, Fehleradresse 0x000252ce.
 
Error - 11.07.2010 05:21:43 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 11.07.2010 05:21:43 | Computer Name = LAPTOP | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich 
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
 in der signierten Datei.  .
 
Error - 11.07.2010 17:18:06 | Computer Name = LAPTOP | Source = ESENT | ID = 490
Description = svchost (1176) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 13.07.2010 08:23:44 | Computer Name = LAPTOP | Source = ESENT | ID = 490
Description = svchost (1196) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
 für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
 Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
 wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
 
Error - 13.07.2010 16:07:55 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 8.1.0.137, fehlgeschlagenes
 Modul 3difr.x3d, Version 8.1.0.0, Fehleradresse 0x0001d3ee.
 
[ System Events ]
Error - 17.07.2010 03:08:41 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 17.07.2010 03:08:45 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   kl1
 
Error - 18.07.2010 06:32:28 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 18.07.2010 06:32:34 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   kl1
 
Error - 18.07.2010 11:12:48 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 18.07.2010 11:12:52 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   kl1
 
Error - 18.07.2010 11:16:57 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 18.07.2010 11:17:03 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   kl1
 
Error - 18.07.2010 12:45:07 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 18.07.2010 12:45:13 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   kl1
 
 
< End of report >

--- --- ---

Larusso · 18.07.2010, 19:29

Mit dem FF gehts nicht ?

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2009.08.07 14:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\pdfforge
[2009.03.09 01:15:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\xxx\Anwendungsdaten\Search Settings
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\OriginLab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\My Music:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\mietvertrag:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\kalender:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\jenni-kram:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\ICQ:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\EA Games:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\DSA:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Eigene Dateien\Dell Webcam Center:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\MPlayer-1.0rc2-gui:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\Irland CD:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\für Rob:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Dokumente und Einstellungen\xxx\Desktop\dum di dum:Roxio EMC Stream

:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Deinstalliere bitte
pdfforge Toolbar v1.0

Schritt 3

Starte bitte Adobe Reader.
Im Reiter Help klicke bitte auch Check for Updates

Schritt 4

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt 5

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
OTLFix Log
OTL.txt
Extras.txt
Berichte wie der Rechner läuft

15.07.2010, 19:08	#21
Larusso /// Selecta Jahrusso	windows system alert windows + r taste --> notepad (hinein schreiben) --> OK Reiter Ansicht und gehe sicher das bei Zeilenumbruch kein Hacken ist. Deine Logfiles sind irgendwie verschnörkelt, so funzt kein Script __________________ --> windows system alert

windows system alert

Plagegeister aller Art und deren Bekämpfung: windows system alert