| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.08.2010, 19:32
| #61 |
| /// Malware-holic   |  Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) deinstaliere mal stop zilla und instaliere es neu. reinige mit otcleanit: http://oldtimer.geekstogo.com/OTM.exe Klicke cleanup! dein pc wird evtl. neu starten programm löscht sich selbst, + die verwendeten tools rechtsklick arbeitsplatz, eigenschaften, systemwiederherstellung, auf allen laufwerken deaktivieren, übernehmen, ok 5 min warten, wieder einschalten, zeigt stopzilla noch was an? |
|
06.08.2010, 19:32
| #62 |
 | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) Hier das Eventlog von STOzilla:
__________________Block/Extraction NT Service enforcer 2010-08-06 20:20:58 Disabled service: messenger - Information Internet ExplorerSiteguard 2010-08-06 20:20:57 Inspecting registered Internet Explorer toolbars Block/Extraction Registry enforcer 2010-08-06 20:20:57 Deleting WinLogon registry Information Registry enforcer 2010-08-06 20:20:57 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 20:20:50 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 20:20:50 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 20:20:49 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 20:20:44 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 20:20:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 20:20:38 Disabled service: messenger - Information Process enforcer 2010-08-06 20:20:36 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 18:31:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 18:31:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 18:31:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 17:43:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 17:43:10 Disabled service: messenger - Information Home page protection 2010-08-06 17:41:27 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 17:41:21 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 17:41:20 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 17:41:19 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 17:41:19 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 17:41:12 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 17:41:11 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 17:41:11 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 17:41:05 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 17:41:01 Disabled service: messenger - Information Process enforcer 2010-08-06 17:41:00 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 15:36:32 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:36:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:36:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:03:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 15:00:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:58:47 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 14:58:44 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 14:58:44 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 14:58:44 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 14:58:39 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 14:58:39 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 14:58:38 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 14:58:38 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 14:58:27 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:58:21 Disabled service: messenger - Information Process enforcer 2010-08-06 14:58:21 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 14:56:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:52:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:52:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:45:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:45:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:44:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:44:16 Disabled service: messenger - Information Home page protection 2010-08-06 14:43:56 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 14:43:53 Disabled service: messenger - Information Internet ExplorerSiteguard 2010-08-06 14:43:49 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 14:43:49 Inspecting registered Explorer bars Block/Extraction Registry enforcer 2010-08-06 14:43:49 Deleting WinLogon registry Information Registry enforcer 2010-08-06 14:43:42 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 14:43:42 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 14:43:42 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 14:43:32 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:43:28 Disabled service: messenger - Information Process enforcer 2010-08-06 14:43:28 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 14:41:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:41:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:40:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:40:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:39:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:39:02 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:24:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:24:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:23:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:23:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:40 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:12:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:07:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:07:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:03:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 14:03:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:50:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:50:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:02 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:47:02 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:20 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:20 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:46:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:43:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:43:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:40:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:40:16 Disabled service: messenger - Information Home page protection 2010-08-06 13:38:18 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 13:38:14 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 13:38:11 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 13:38:10 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 13:38:10 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 13:38:00 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 13:37:59 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 13:37:59 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 13:37:50 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:37:45 Disabled service: messenger - Information Process enforcer 2010-08-06 13:37:44 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 13:35:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:35:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:34:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:34:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:33:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:33:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:46 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:46 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:32:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:31:44 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 13:31:40 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 13:31:40 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 13:31:40 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 13:31:33 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 13:31:33 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 13:31:32 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 13:31:28 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 13:31:23 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:31:20 Disabled service: messenger - Information Process enforcer 2010-08-06 13:31:19 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 13:28:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:47 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:29 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:29 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:14 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:28:13 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:08:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:08:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:07:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:07:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:06:05 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:06:05 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:01:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:01:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:00:27 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 13:00:27 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:54:44 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:54:43 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:51:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 12:51:15 Disabled service: messenger - Information Home page protection 2010-08-06 12:48:20 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 12:48:17 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 12:48:12 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 12:48:11 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 12:48:11 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-06 12:48:03 Disabled service: messenger - Information Registry enforcer 2010-08-06 12:47:57 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 12:47:57 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 12:47:57 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 12:47:41 Disabled service: messenger - Information Process enforcer 2010-08-06 12:47:40 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 10:57:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 10:57:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 09:23:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 09:23:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:50:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:50:18 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:49:06 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:49:06 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:42:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:42:24 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:40:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:40:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:59 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:59 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:34:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:32:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:32:04 Disabled service: messenger - Information Home page protection 2010-08-06 08:30:28 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 08:30:20 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 08:30:18 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 08:30:18 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 08:30:18 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 08:30:14 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 08:30:11 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 08:30:11 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-06 08:30:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:29:58 Disabled service: messenger - Information Process enforcer 2010-08-06 08:29:57 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 08:27:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:27:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:18:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:18:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:16:53 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-06 08:16:51 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-06 08:16:50 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-06 08:16:50 Inspecting registered Explorer bars Information Registry enforcer 2010-08-06 08:16:46 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-06 08:16:46 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-06 08:16:46 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-06 08:16:46 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-06 08:16:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 08:16:32 Disabled service: messenger - Information Process enforcer 2010-08-06 08:16:31 Starting process watcher Block/Extraction NT Service enforcer 2010-08-06 06:22:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 06:22:31 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 06:16:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 06:14:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:54:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:54:16 Disabled service: messenger - Information Home page protection 2010-08-05 22:50:33 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 22:50:31 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-05 22:50:29 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 22:50:28 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 22:50:28 Inspecting registered Explorer bars Information Registry enforcer 2010-08-05 22:50:22 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 22:50:21 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 22:50:21 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-05 22:50:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:50:13 Disabled service: messenger - Information Process enforcer 2010-08-05 22:50:12 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 22:33:39 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:33:39 Disabled service: messenger - Block/Extraction File enforcer 2010-08-05 22:32:45 Deleted file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction NT Service enforcer 2010-08-05 22:32:44 Disabled service: messenger - Block/Extraction File enforcer 2010-08-05 22:32:43 Suppressed file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction NT Service enforcer 2010-08-05 22:32:43 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:14 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:14 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:31:10 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-05 22:29:27 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 22:29:27 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 22:29:27 Inspecting registered Explorer bars Information Registry enforcer 2010-08-05 22:29:21 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 22:29:21 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 22:29:21 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-05 22:29:18 Disabled service: messenger - Information Home page protection 2010-08-05 22:29:16 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 22:29:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 22:29:10 Disabled service: messenger - Information Process enforcer 2010-08-05 22:29:08 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 14:30:23 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:29:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:29:16 Removed service: pxlyypow - Block/Extraction Registry enforcer 2010-08-05 14:29:14 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Services\pxlyypow Block/Extraction File enforcer 2010-08-05 14:29:13 Deleted file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction Registry enforcer 2010-08-05 14:29:11 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PXLYYPOW Block/Extraction NT Service enforcer 2010-08-05 14:29:11 Disabled service: messenger - Block/Extraction File enforcer 2010-08-05 14:29:11 Quarantined file: c:\dokume~1\gerhar~1\lokale~1\temp\pxlyypow.sys Block/Extraction NT Service enforcer 2010-08-05 14:27:27 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-05 14:27:26 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 14:27:26 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 14:27:26 Inspecting registered Explorer bars Information Registry enforcer 2010-08-05 14:27:18 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 14:27:18 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 14:27:18 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-05 14:27:18 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 14:26:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:26:51 Disabled service: messenger - Information Process enforcer 2010-08-05 14:26:49 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 14:23:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:23:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:23:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:23:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:22:49 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:22:49 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:16:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:16:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:15:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:15:00 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:11:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:11:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:10:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:07:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:07:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:05:08 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:05:08 Disabled service: messenger - Information Internet ExplorerSiteguard 2010-08-05 14:03:21 Inspecting registered Internet Explorer toolbars Block/Extraction Registry enforcer 2010-08-05 14:03:21 Deleting WinLogon registry Information Registry enforcer 2010-08-05 14:03:21 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-05 14:03:18 Disabled service: messenger - Information Registry enforcer 2010-08-05 14:03:17 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 14:03:17 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 14:03:16 Inspecting registered Browser Helper Objects (BHOs) Information Home page protection 2010-08-05 14:03:11 Checking homepage... OK Block/Extraction NT Service enforcer 2010-08-05 14:03:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 14:03:03 Disabled service: messenger - Information Process enforcer 2010-08-05 14:03:03 Starting process watcher Block/Extraction NT Service enforcer 2010-08-05 10:32:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:32:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:31:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:31:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:29:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:29:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-05 10:27:12 Disabled service: messenger - Block/Extraction Home page protection 2010-08-05 10:27:07 Resetting Homepage back to www.sach-fach.de Block/Extraction Registry enforcer 2010-08-05 10:27:02 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-05 10:27:02 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-05 10:27:02 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-05 10:27:01 Disabled service: messenger - Information Registry enforcer 2010-08-05 10:26:55 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-05 10:26:55 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-05 10:26:54 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-05 10:26:44 Disabled service: messenger - Information Process enforcer 2010-08-05 10:26:43 Starting process watcher Block/Extraction NT Service enforcer 2010-08-04 23:35:37 Disabled service: messenger - Information Registry enforcer 2010-08-04 23:23:01 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 23:23:00 Inspecting WinSock registry (LSP Chain) Information Internet ExplorerSiteguard 2010-08-04 23:23:00 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-04 23:23:00 Inspecting registered Explorer bars Information Registry enforcer 2010-08-04 23:23:00 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 23:23:00 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-04 23:22:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:56 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:22:52 Disabled service: messenger - Information General 2010-08-04 23:22:52 Anti-Virus definition update 12.62.3.0 successfully applied. Information General 2010-08-04 23:22:50 Request to update definitions completed successfully. Information General 2010-08-04 23:22:46 Anti-Spyware Incremental definition update 5.0.71.9 successfully applied. Information General 2010-08-04 23:22:45 Anti-Spyware Incremental definition update 5.0.71.8 successfully applied. Block/Extraction NT Service enforcer 2010-08-04 23:04:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 23:04:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:57:45 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:57:33 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 22:57:32 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-04 22:57:32 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-04 22:57:32 Inspecting registered Explorer bars Information Registry enforcer 2010-08-04 22:57:27 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-04 22:57:26 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 22:57:26 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-04 22:57:15 Disabled service: messenger - Information Process enforcer 2010-08-04 22:57:14 Starting process watcher Block/Extraction NT Service enforcer 2010-08-04 22:23:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:23:55 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:23:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:23:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:16:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 22:16:28 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:58:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:58:10 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:57:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:57:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:36:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 21:36:09 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:30:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:30:03 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:17 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:28:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:24:58 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 20:24:50 Deleting WinLogon registry Information Internet ExplorerSiteguard 2010-08-04 20:24:49 Inspecting registered Internet Explorer toolbars Information Registry enforcer 2010-08-04 20:24:49 Inspecting registered Explorer bars Block/Extraction NT Service enforcer 2010-08-04 20:24:48 Disabled service: messenger - Information Registry enforcer 2010-08-04 20:24:45 Inspecting WinLogon notification handlers and modules loaded by WinLogon Information Registry enforcer 2010-08-04 20:24:45 Inspecting WinSock registry (LSP Chain) Information Registry enforcer 2010-08-04 20:24:44 Inspecting registered Browser Helper Objects (BHOs) Block/Extraction NT Service enforcer 2010-08-04 20:24:33 Disabled service: messenger - Information Process enforcer 2010-08-04 20:24:32 Starting process watcher Block/Extraction NT Service enforcer 2010-08-04 20:22:08 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:22:06 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:18:01 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 20:18:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:18:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:17:59 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 20:17:58 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 20:17:58 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 19:33:12 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 19:33:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 19:33:12 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:46:52 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:46:51 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:46:51 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:37 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:37:37 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:37 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 18:37:36 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon Block/Extraction Registry enforcer 2010-08-04 18:37:36 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:37:36 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:37:36 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:37:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:19 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:37:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:37:19 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:59 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:59 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:59 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 18:32:58 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon Block/Extraction Registry enforcer 2010-08-04 18:32:58 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:32:58 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:32:57 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:57 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:56 Disabled service: messenger - Block/Extraction File enforcer 2010-08-04 18:32:54 Deleted file: c:\windows\mbr.exe Block/Extraction Process enforcer 2010-08-04 18:32:53 Terminated process: (2548) c:\windows\mbr.exe Block/Extraction File enforcer 2010-08-04 18:32:53 Quarantined file: c:\windows\mbr.exe Block/Extraction NT Service enforcer 2010-08-04 18:32:49 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:49 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:48 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:42 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction Registry enforcer 2010-08-04 18:32:42 Deleted registry value DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:32:42 Detected malicious registry entry DisableRegistryTools in hklm\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:32:42 Deleted registry value system in hklm\software\microsoft\windows nt\currentversion\winlogon Block/Extraction NT Service enforcer 2010-08-04 18:32:42 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:37 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:32:37 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:32:37 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:43 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:25:43 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:43 Disabled service: messenger - Block/Extraction File enforcer 2010-08-04 18:25:42 Deleted file: c:\combofix\mbr.cfxxe Block/Extraction Process enforcer 2010-08-04 18:25:41 Terminated process: (1844) c:\combofix\mbr.cfxxe Block/Extraction File enforcer 2010-08-04 18:25:41 Quarantined file: c:\combofix\mbr.cfxxe Block/Extraction NT Service enforcer 2010-08-04 18:25:38 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:25:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:38 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:34 Removed driver: c:\dokumente und einstellungen\gerhard ott\lokale einstellungen\temp\catchme.sys Block/Extraction NT Service enforcer 2010-08-04 18:25:34 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:34 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:33 Removed service: catchme - Block/Extraction Registry enforcer 2010-08-04 18:25:29 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Services\catchme Block/Extraction Registry enforcer 2010-08-04 18:25:27 Extracted registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CATCHME Block/Extraction NT Service enforcer 2010-08-04 18:25:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:25:26 Disabled service: messenger - Block/Extraction File enforcer 2010-08-04 18:19:04 Deleted file: c:\windows\pev.exe Block/Extraction File enforcer 2010-08-04 18:19:02 Quarantined file: c:\windows\pev.exe Block/Extraction File enforcer 2010-08-04 18:18:49 Deleted file: c:\windows\pev.exe Block/Extraction File enforcer 2010-08-04 18:18:46 Quarantined file: c:\windows\pev.exe Block/Extraction Registry enforcer 2010-08-04 18:18:35 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:18:35 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:18:31 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:18:31 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:18:26 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:18:25 Disabled service: messenger - Block/Extraction Registry enforcer 2010-08-04 18:18:08 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:18:08 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:50 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:50 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:42 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:42 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:40 Deleted registry value DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:40 Detected malicious registry entry DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:17:40 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:17:40 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:10:57 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:10:57 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:08:33 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:08:33 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:08:26 Deleted registry value disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:08:26 Detected malicious registry entry disableregistrytools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction Registry enforcer 2010-08-04 18:08:24 Deleted registry value DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Warning/Detection COM enforcer 2010-08-04 18:08:24 Detected malicious registry entry DisableRegistryTools in hkus\S-1-5-21-3495212690-2977224712-3179768257-1006\software\microsoft\windows\currentversion\policies\system Block/Extraction NT Service enforcer 2010-08-04 18:04:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:04:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:01:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 18:01:16 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:51:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:51:11 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:43:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:43:01 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:39:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:39:04 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:54 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:31 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:36:31 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:05:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:05:25 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:04:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 17:04:41 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 16:59:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 16:59:07 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:36 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:33 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:33 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-04 14:32:30 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 20:30:15 Disabled service: messenger - Block/Extraction NT Service enforcer 2010-08-06 20:30:15 Disabled service: messenger - |
|
06.08.2010, 19:36
| #63 |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) Habe die Screenshots hochgeladen.
__________________ |
|
06.08.2010, 20:12
| #64 |
| /// Malware-holic | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) versuchs mal wie ichs beschrieben hab und dann schau mal ob noch gemeckert wird |
|
06.08.2010, 20:21
| #65 | |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg)Zitat:
GMER und Norman TDSS Cleaner sind immer noch auf dem Desktop |
|
06.08.2010, 20:54
| #66 |
| /// Malware-holic | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) hmm aber otm hätte qoobox usw entfernen müssen kannst du die meldungen auch als text kopieren und posten? nutze außerdem den ccleaner: http://www.trojaner-board.de/51464-a...-ccleaner.html dateien + registry bereinigen. |
|
06.08.2010, 21:01
| #67 |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) Sch... jetzt habe ich bei STOPzilla auf REMOVE now gedrückt, obwohl ich das ja stehen lassen sollen oder habe ich bei der Müdigkeit etwas missverstanden? Apropos Missverstehen: Bitte verstehe es nicht falsch, dass ich eine komplette Neuinstallation ablehne, ich fürchte mich bloß vor dem, was danach kommt ( du hast wahrscheinlich gesehen, dass das kein Spielzeug-PC ist sondern eine Arbeitsmaschine für einen Biologen). Wenn es keine andere Möglichkeit gibt, komme ich gerne darauf zurück, wenn ich darf. Oups gerade kommt 'ne E-Mail von dir. |
|
06.08.2010, 21:34
| #69 |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) Also erstmal muss ich ein großes Lob aussprechen für dich und das Trojanerboard! Das ist auch für die Mitleser interessant - finde ich. Einfach Super: Soviel Ausdauer und Hilfe. Und gelernt habe ich auch noch eine Menge (weil ich die Möglichkeit hatte, mich parallel auf meinem Netbook oder dem PC meiner Frau zu informieren). Und dann noch das Angebot einer weiteren Hilfe zu einer (sicheren) Neuinstallation, die verlockend ist, wenn dieser "Rattenschwanz" der eigenen PC-Konfiguration nicht wäre... Ich werde mich am Ende der Prozedur erkundigen, wie ich mich dafür erkenntlich zeigen kann. Vor ein paar Jahren hatte meine Frau bei einem PC ein Problem, welches lokale "Helfer" nicht, bzw. nur unzureichend lösen könnten, dafür aber viel Geld bekamen. Ich hoffe das wird jetzt nicht als "flatratelabern" (hat der Opa heute aus der ZEitung gelernt) missverstanden... ... zurück zum Thema: STOPzilla hat nix mehr zu meckern, nachdem er alles removed hat. CCleaner ist durchgelaufen und aufgeräumt. Neustart warm und kalt haben funktioniert (obwohl ich dem Braten ja nicht traue). OTL Scan läuft. Erstmal QuickScan, wenn's Recht ist!? |
|
06.08.2010, 21:45
| #70 |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) OTL Teil 1 OTL logfile created on: 06.08.2010 22:27:53 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = D:\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 255,32 Gb Total Space | 221,99 Gb Free Space | 86,94% Space Free | Partition Type: NTFS Drive D: | 465,76 Gb Total Space | 418,84 Gb Free Space | 89,93% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 202,18 Gb Free Space | 43,41% Space Free | Partition Type: NTFS Drive F: | 312,61 Gb Total Space | 113,07 Gb Free Space | 36,17% Space Free | Partition Type: NTFS Drive G: | 465,76 Gb Total Space | 214,40 Gb Free Space | 46,03% Space Free | Partition Type: NTFS H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SACHFACH Current User Name: Gerhard Ott Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.08.04 12:39:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe PRC - [2010.07.31 21:05:11 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2010.07.28 21:19:32 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Programme\Tools\STOPzilla\STOPzilla.exe PRC - [2010.07.28 21:19:28 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZServer.exe PRC - [2010.07.28 15:35:15 | 000,413,696 | ---- | M] (BitDefender SRL) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe PRC - [2010.07.28 15:35:14 | 001,638,240 | ---- | M] (BitDefender S. R. L.) -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe PRC - [2010.07.28 15:35:12 | 000,782,336 | ---- | M] (BitDefender S.R.L.) -- C:\Programme\BitDefender\BitDefender 2009\bdagent.exe PRC - [2010.07.28 15:35:11 | 000,442,368 | ---- | M] () -- C:\Programme\BitDefender\BitDefender 2009\seccenter.exe PRC - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.02.14 02:53:52 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMonTaskbar.exe PRC - [2010.02.14 02:53:28 | 000,492,544 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMon.exe PRC - [2009.12.03 12:17:49 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2009.11.13 09:30:50 | 000,486,216 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe PRC - [2009.11.13 09:28:44 | 001,021,256 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe PRC - [2008.10.15 02:03:55 | 000,045,936 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 8.0\Acrobat\Acrobat_sl.exe PRC - [2008.10.13 13:16:44 | 000,554,264 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2008.09.19 16:21:58 | 001,262,336 | ---- | M] (Matrox Graphics Inc.) -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe PRC - [2008.09.19 16:21:32 | 000,343,296 | ---- | M] (Matrox Graphics Inc) -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe PRC - [2007.09.13 09:40:02 | 000,106,496 | ---- | M] (Bibliographisches Institut & F. A. Brockhaus AG) -- C:\Programme\Gemeinsame Dateien\DKOO\dpfserv.exe PRC - [2007.09.07 11:40:34 | 000,132,392 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe PRC - [2007.09.07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe PRC - [2007.06.08 04:56:31 | 000,090,112 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe PRC - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe PRC - [2007.05.29 12:06:20 | 000,099,248 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfserv.exe PRC - [2001.09.17 10:00:22 | 000,266,310 | ---- | M] (DataViz Inc.) -- C:\Programme\Conversions Plus\FormatM.exe ========== Modules (SafeList) ========== MOD - [2010.08.04 12:39:57 | 000,574,976 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe MOD - [2010.07.31 21:04:43 | 002,843,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msi.dll MOD - [2010.07.31 21:04:43 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2010.02.14 02:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\RTSUltraMonHook.dll MOD - [2010.02.14 02:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Programme\UltraMon\UltraMonResButtons.dll MOD - [2009.08.13 15:55:39 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2010.07.31 22:52:44 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.07.28 21:19:28 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZServer.exe -- (szserver) SRV - [2010.07.28 15:35:15 | 000,413,696 | ---- | M] (BitDefender SRL) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe -- (LIVESRV) SRV - [2010.07.28 15:35:14 | 001,638,240 | ---- | M] (BitDefender S. R. L.) [Auto | Running] -- C:\Programme\BitDefender\BitDefender 2009\vsserv.exe -- (VSSERV) SRV - [2010.07.28 15:35:10 | 000,323,584 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll -- (scan) SRV - [2010.06.24 16:41:38 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.03 12:17:49 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2009.11.13 09:28:44 | 001,021,256 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2009.11.13 09:24:42 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.01.20 19:16:20 | 000,172,032 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe -- (Arrakis3) SRV - [2008.10.13 13:16:44 | 000,554,264 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2008.09.19 16:21:58 | 001,262,336 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- c:\Programme\Matrox Graphics Inc\PowerDesk\Services\Matrox.PowerDesk.Services.exe -- (Matrox Centering Service) SRV - [2008.09.19 16:21:32 | 000,343,296 | ---- | M] (Matrox Graphics Inc) [Auto | Running] -- c:\Programme\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost) SRV - [2007.11.26 14:50:04 | 000,294,912 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\Tools\DSL Manager\DslMgrSvc.exe -- (TDslMgrService) SRV - [2007.10.17 14:49:46 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2007.09.13 09:40:02 | 000,106,496 | ---- | M] (Bibliographisches Institut & F. A. Brockhaus AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\DKOO\dpfserv.exe -- (DPFService) SRV - [2007.09.07 11:40:04 | 001,373,480 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom) SRV - [2007.06.27 20:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService) SRV - [2007.06.08 04:56:31 | 000,090,112 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV) SRV - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdfcoms.exe -- (lxdf_device) SRV - [2007.05.29 12:06:20 | 000,099,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService) SRV - [2007.03.20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3) SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2001.09.17 10:00:22 | 000,266,310 | ---- | M] (DataViz Inc.) [Auto | Running] -- C:\Programme\Conversions Plus\FORMATM.EXE -- (MacFormatService) SRV - [2000.05.24 15:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\XrUsb.sys -- (X-Rite) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\UltraMonMirror.sys -- (UltraMonMirror) DRV - File not found [Kernel | On_Demand | Stopped] -- H:\MEMIO.SYS -- (DOSMEMIO) DRV - [2010.07.31 21:04:21 | 001,485,824 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MTXPARM.sys -- (MTXPAR) DRV - [2010.07.31 21:04:21 | 001,184,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2010.07.31 21:04:21 | 000,971,232 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm147.sys -- (tdrpman147) Acronis Try&Decide and Restore Points filter (build 147) DRV - [2010.07.31 21:04:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.07.31 21:04:21 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010.07.31 21:04:21 | 000,256,568 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6) DRV - [2010.07.31 21:04:21 | 000,176,715 | ---- | M] (DataViz Inc.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\MacOpen.sys -- (MacOpen) DRV - [2010.07.31 21:04:21 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380) DRV - [2010.07.31 21:04:21 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel) DRV - [2010.07.31 21:04:21 | 000,054,272 | ---- | M] (Sonic Focus, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfng32.sys -- (sfng32) DRV - [2010.07.31 21:04:21 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2010.07.31 21:04:21 | 000,029,184 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone) DRV - [2010.07.31 21:04:21 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem) DRV - [2010.07.31 21:04:21 | 000,019,712 | R--- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxofwfp.sys -- (MaxtorFrontPanel1) DRV - [2010.07.31 21:04:21 | 000,013,824 | ---- | M] (T-Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket) DRV - [2010.07.31 21:04:21 | 000,013,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (MagicTune) DRV - [2010.07.31 21:04:21 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2010.07.31 21:04:21 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2010.07.31 21:04:21 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2010.07.31 21:04:21 | 000,005,504 | ---- | M] (Matrox Graphics Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mtxparmx.sys -- (Mtxparmx) DRV - [2010.07.31 21:04:20 | 000,537,600 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2010.07.31 21:04:20 | 000,254,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R) DRV - [2010.07.31 21:04:20 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2010.07.31 21:04:20 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2010.07.31 21:04:20 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bdfm.sys -- (bdfm) DRV - [2010.07.31 21:04:20 | 000,106,432 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.07.31 21:04:20 | 000,080,384 | R--- | M] (OMNIKEY) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm) DRV - [2010.07.31 21:04:20 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2010.07.31 21:04:20 | 000,044,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2010.07.31 21:04:20 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2010.07.31 21:04:20 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5) DRV - [2010.07.31 21:04:20 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2010.07.31 21:04:18 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) DRV - [2010.07.31 21:04:18 | 000,006,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\enum1394.sys -- (ENUM1394) DRV - [2010.07.31 21:04:17 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2010.07.28 15:35:10 | 000,137,224 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys -- (bdftdif) DRV - [2010.05.12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs) DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5) DRV - [2009.12.07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv) DRV - [2009.10.14 07:24:44 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2009.04.03 17:49:38 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.sys -- (Trufos) DRV - [2009.01.12 12:27:58 | 000,008,832 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Programme\BitDefender\BitDefender 2009\bdselfpr.sys -- (BDSelfPr) DRV - [2008.11.14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2008.09.02 14:32:06 | 000,013,056 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\profos.sys -- (Profos) DRV - [2008.04.13 20:40:12 | 000,015,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serenum.sys -- (serenum) DRV - [2004.08.03 22:29:38 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mtxparhm.sys -- (MTXPARH) DRV - [2003.09.03 06:02:42 | 000,020,064 | ---- | M] (KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\MLPTDR_B.SYS -- (MLPTDR_B) DRV - [2000.10.15 19:38:54 | 000,016,068 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\T-Com\DSLCheck\Pcandis5.sys -- (PCANDIS5) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.sach-fach.de IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local FF - HKLM\software\mozilla\Firefox\extensions\\FFToolbar@bitdefender.com: C:\Programme\BitDefender\BitDefender 2009\FFToolbar\ [2010.07.28 15:37:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.28 15:30:53 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.31 23:54:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.08.06 14:29:57 | 000,000,000 | ---D | M] [2010.05.13 12:48:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Mozilla\Extensions [2010.05.13 12:48:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2008.05.14 18:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2010.08.02 15:42:37 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.07.28 15:35:13 | 000,065,536 | ---- | M] () -- C:\Programme\Mozilla Firefox\components\FFComm.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\SnagIt\SnagitBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Tools\Free Download Manager\iefdm2.dll () O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programme\Tools\STOPzilla\SZIEBHO.dll (iS3, Inc.) O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2009\IEToolbar.dll (Bitdefender) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\SnagIt\SnagitIEAddin.dll (TechSmith Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2009\bdagent.exe (BitDefender S.R.L.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{B49673F8-7AB6-4A14-8213-C8A7BE370010}\IcoUltraMon.ico () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data] O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Tools\Free Download Manager\dllink.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Tools\Free Download Manager\dlfvideo.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///H:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.02.07 16:26:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.07.31 22:22:34 | 000,001,352 | ---- | M] () - D:\AutoHotkey.ahk -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (OODBS) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 90 Days ========== [2010.08.06 22:17:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Recent [2010.08.06 21:04:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\iS3 [2010.08.06 14:11:04 | 002,661,704 | ---- | C] (Norman ASA) -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Norman_TDSS_Cleaner.exe [2010.08.04 20:20:43 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.08.04 18:21:47 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.08.04 09:22:51 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.03 19:11:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia [2010.08.03 00:07:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Google [2010.08.02 20:50:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC [2010.08.02 18:57:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2010.08.02 10:11:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla! [2010.08.01 21:23:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.08.01 16:53:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.08.01 16:05:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Malwarebytes [2010.08.01 16:04:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.01 16:04:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.01 16:04:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.01 16:04:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.01 12:37:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\QuickScan [2010.07.31 23:55:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.07.31 22:52:46 | 000,029,512 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2010.07.31 22:52:45 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2010.07.31 22:52:14 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010 [2010.07.31 22:44:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\FileOpen [2010.07.31 22:44:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Adobe [2010.07.31 22:44:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe [2010.07.31 22:37:10 | 000,000,000 | ---D | C] -- C:\Programme\UltraMon [2010.07.31 22:37:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Realtime Soft [2010.07.31 22:37:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Realtime Soft [2010.07.31 21:04:20 | 000,242,184 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2010.07.31 21:04:20 | 000,111,112 | ---- | C] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys [2010.07.28 21:19:22 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll [2010.07.28 21:19:22 | 000,447,952 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll [2010.07.28 21:19:22 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll [2010.07.28 21:19:22 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll [2010.07.28 21:19:20 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll [2010.07.28 21:19:20 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll [2010.07.28 21:19:20 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll [2010.07.28 21:19:18 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll [2010.07.28 21:19:18 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll [2010.07.28 21:19:18 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll [2010.07.28 15:28:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\BitDefender [2010.07.28 15:22:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop [2010.07.28 10:34:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia [2010.07.24 17:53:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Map Maker [2010.06.24 23:11:59 | 000,023,936 | ---- | C] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys [2010.06.24 22:54:07 | 000,000,000 | ---D | C] -- D:\MemoMaster [2010.06.23 16:56:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm [2010.06.23 16:56:34 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$968930Uinstall_KB968930$ [2010.06.09 22:41:03 | 000,106,432 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys [2010.05.25 11:23:13 | 000,000,000 | ---D | C] -- D:\Zwischenlager [2010.05.20 18:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\Opera [2010.05.20 18:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Opera [2010.05.17 18:07:19 | 000,000,000 | ---D | C] -- C:\Programme\MapCreator 2 [2010.05.16 12:15:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TechSmith [2010.05.12 18:01:06 | 000,059,280 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys [2009.02.12 17:07:56 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll [2009.02.12 17:07:52 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll [2009.02.12 17:07:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll [2009.02.12 17:07:51 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll [2009.02.12 17:07:50 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll [2009.02.12 17:07:49 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll [2009.02.12 17:07:49 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll [2009.02.12 17:07:48 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll [2009.02.12 17:07:44 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll [2009.02.12 17:07:40 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll [2009.02.12 17:07:40 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll [7 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.08.06 22:26:24 | 000,000,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2010.08.06 22:25:33 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job [2010.08.06 22:25:10 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.06 22:24:44 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk [2010.08.06 22:24:43 | 000,002,321 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk [2010.08.06 22:24:41 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.06 22:24:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.06 22:24:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.06 22:23:23 | 013,893,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\ntuser.dat [2010.08.06 22:23:19 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\ntuser.ini [2010.08.06 22:15:41 | 000,000,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Verknüpfung mit OTL.lnk [2010.08.06 22:11:45 | 000,081,984 | ---- | M] () -- C:\WINDOWS\System32\bdod.bin [2010.08.06 22:08:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.06 22:07:25 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\CCleaner.lnk [2010.08.06 21:49:04 | 000,225,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.06 14:40:18 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\defogger_reenable [2010.08.06 14:11:06 | 002,661,704 | ---- | M] (Norman ASA) -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Norman_TDSS_Cleaner.exe [2010.08.06 10:48:50 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.08.06 10:47:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2010.08.06 10:47:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2010.08.06 10:00:20 | 000,027,005 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\lxdf [2010.08.05 14:21:24 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\u4jf7786.exe [2010.08.04 22:56:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI [2010.08.04 22:24:22 | 000,000,815 | ---- | M] () -- C:\rtsr_eml_sr.dat [2010.08.04 22:24:22 | 000,000,141 | ---- | M] () -- C:\dwl.dat [2010.08.04 22:24:22 | 000,000,132 | ---- | M] () -- C:\httpdwl.dat [2010.08.04 18:33:37 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.04 18:21:53 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2010.08.03 20:00:23 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2010.08.03 15:26:57 | 000,000,118 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\JOTTI Online Scanner.url [2010.08.03 13:05:48 | 000,016,309 | ---- | M] () -- D:\Anschreiben.pdf [2010.08.03 12:56:39 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini [2010.08.02 21:33:30 | 000,000,915 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.02 18:52:25 | 000,530,748 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.02 18:52:25 | 000,484,040 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.02 18:52:25 | 000,105,570 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.02 18:52:25 | 000,080,054 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.02 18:52:24 | 001,217,868 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.02 15:33:51 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.01 16:04:52 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 14:54:38 | 009,699,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\NTUSER.DAT_tureg_old [2010.08.01 11:15:18 | 000,000,478 | ---- | M] () -- C:\WINDOWS\System32\BDUpdateV1.xml [2010.07.31 22:22:34 | 000,001,352 | ---- | M] () -- D:\AutoHotkey.ahk [2010.07.31 21:18:05 | 000,001,024 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.let [2010.07.31 21:16:34 | 000,117,813 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.scr [2010.07.31 21:16:34 | 000,006,083 | ---- | M] () -- C:\WINDOWS\System32\AutoPartNt.nam [2010.07.31 21:05:15 | 000,282,624 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe [2010.07.31 21:05:13 | 001,685,606 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.spd [2010.07.31 21:05:13 | 000,643,717 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa [2010.07.31 21:05:13 | 000,605,050 | ---- | M] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa [2010.07.31 21:05:13 | 000,000,888 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sam.sdf [2010.07.31 21:05:12 | 000,094,800 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\twain.dll [2010.07.31 21:05:12 | 000,094,800 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\System32\dllcache\twain.dll [2010.07.31 21:05:12 | 000,050,688 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\twain_32.dll [2010.07.31 21:05:12 | 000,050,688 | ---- | M] (Twain-Arbeitsgruppe) -- C:\WINDOWS\System32\dllcache\twain_32.dll [2010.07.31 21:05:11 | 004,399,505 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nls302en.lex [2010.07.31 21:05:11 | 000,380,416 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msinfo.dll [2010.07.31 21:05:10 | 003,374,597 | ---- | M] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\tourW.exe [2010.07.31 21:05:10 | 000,461,672 | ---- | M] () -- C:\WINDOWS\System32\dllcache\micross.ttf [2010.07.31 21:05:10 | 000,279,040 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tshoot.dll [2010.07.31 21:05:10 | 000,152,844 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framdit.ttf [2010.07.31 21:05:10 | 000,135,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\framd.ttf [2010.07.31 21:05:09 | 001,206,508 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb [2010.07.31 21:05:09 | 000,785,972 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apph_sp.sdb [2010.07.31 21:05:09 | 000,237,160 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apphelp.sdb [2010.07.31 21:05:09 | 000,204,396 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msimain.sdb [2010.07.31 21:05:09 | 000,081,590 | ---- | M] () -- C:\WINDOWS\System32\dllcache\apps.chm [2010.07.31 21:05:09 | 000,034,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sniffpol.dll [2010.07.31 21:05:09 | 000,033,280 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sstub.dll [2010.07.31 21:05:09 | 000,009,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb [2010.07.31 21:04:57 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wstrendr.ax [2010.07.31 21:04:57 | 000,239,616 | ---- | M] () -- C:\WINDOWS\System32\wstrenderer.ax [2010.07.31 21:04:57 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\wstpager.ax [2010.07.31 21:04:57 | 000,164,352 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wstpager.ax [2010.07.31 21:04:55 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\win87em.dll [2010.07.31 21:04:55 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\dllcache\win87em.dll [2010.07.31 21:04:54 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\wiasf.ax [2010.07.31 21:04:54 | 000,040,448 | ---- | M] () -- C:\WINDOWS\System32\dllcache\wiasf.ax [2010.07.31 21:04:54 | 000,001,157 | ---- | M] () -- C:\WINDOWS\System32\vwipxspx.exe [2010.07.31 21:04:54 | 000,001,157 | ---- | M] () -- C:\WINDOWS\System32\dllcache\vwipxspx.exe [2010.07.31 21:04:53 | 000,089,588 | ---- | M] () -- C:\WINDOWS\System32\unicode.nls [2010.07.31 21:04:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\vbicodec.ax [2010.07.31 21:04:53 | 000,053,248 | ---- | M] () -- C:\WINDOWS\System32\dllcache\vbicodec.ax [2010.07.31 21:04:53 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\tsd32.dll [2010.07.31 21:04:53 | 000,015,360 | ---- | M] () -- C:\WINDOWS\System32\dllcache\tsd32.dll [2010.07.31 21:04:51 | 000,262,148 | ---- | M] () -- C:\WINDOWS\System32\sortkey.nls [2010.07.31 21:04:51 | 000,023,044 | ---- | M] () -- C:\WINDOWS\System32\sorttbls.nls [2010.07.31 21:04:51 | 000,003,144 | ---- | M] () -- C:\WINDOWS\System32\dllcache\srgb.icm [2010.07.31 21:04:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\share.exe [2010.07.31 21:04:50 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\share.exe [2010.07.31 21:04:49 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\sbe.dll [2010.07.31 21:04:49 | 000,270,848 | ---- | M] () -- C:\WINDOWS\System32\dllcache\sbe.dll [2010.07.31 21:04:49 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\scriptpw.dll [2010.07.31 21:04:49 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\dllcache\scriptpw.dll [2010.07.31 21:04:49 | 000,000,984 | ---- | M] () -- C:\WINDOWS\System32\dllcache\srframe.mmf [2010.07.31 21:04:48 | 000,003,358 | ---- | M] () -- C:\WINDOWS\System32\redir.exe [2010.07.31 21:04:48 | 000,003,358 | ---- | M] () -- C:\WINDOWS\System32\dllcache\redir.exe [2010.07.31 21:04:47 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\qedwipes.dll [2010.07.31 21:04:47 | 000,733,696 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll [2010.07.31 21:04:47 | 000,168,720 | ---- | M] () -- C:\WINDOWS\System32\pagefileconfig.vbs [2010.07.31 21:04:47 | 000,168,720 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pagefile.vbs [2010.07.31 21:04:47 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\paqsp.dll [2010.07.31 21:04:47 | 000,157,696 | ---- | M] () -- C:\WINDOWS\System32\dllcache\paqsp.dll [2010.07.31 21:04:47 | 000,036,045 | ---- | M] () -- C:\WINDOWS\System32\prncnfg.vbs [2010.07.31 21:04:47 | 000,036,045 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prncnfg.vbs [2010.07.31 21:04:47 | 000,032,871 | ---- | M] () -- C:\WINDOWS\System32\prnmngr.vbs [2010.07.31 21:04:47 | 000,032,871 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnmngr.vbs [2010.07.31 21:04:47 | 000,029,878 | ---- | M] () -- C:\WINDOWS\System32\prnport.vbs [2010.07.31 21:04:47 | 000,029,878 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnport.vbs [2010.07.31 21:04:47 | 000,025,679 | ---- | M] () -- C:\WINDOWS\System32\prndrvr.vbs [2010.07.31 21:04:47 | 000,025,679 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prndrvr.vbs [2010.07.31 21:04:47 | 000,021,806 | ---- | M] () -- C:\WINDOWS\System32\prnjobs.vbs [2010.07.31 21:04:47 | 000,021,806 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnjobs.vbs [2010.07.31 21:04:47 | 000,016,046 | ---- | M] () -- C:\WINDOWS\System32\prnqctl.vbs [2010.07.31 21:04:47 | 000,016,046 | ---- | M] () -- C:\WINDOWS\System32\dllcache\prnqctl.vbs [2010.07.31 21:04:47 | 000,003,758 | ---- | M] () -- C:\WINDOWS\System32\pubprn.vbs [2010.07.31 21:04:47 | 000,003,758 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pubprn.vbs [2010.07.31 21:04:47 | 000,001,950 | ---- | M] () -- C:\WINDOWS\System32\pid.inf [2010.07.31 21:04:47 | 000,001,950 | ---- | M] () -- C:\WINDOWS\System32\dllcache\pid.inf [2010.07.31 21:04:46 | 000,003,262 | ---- | M] () -- C:\WINDOWS\System32\nw16.exe [2010.07.31 21:04:46 | 000,003,262 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nw16.exe [2010.07.31 21:04:45 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\ntio411.sys [2010.07.31 21:04:45 | 000,035,648 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio411.sys [2010.07.31 21:04:45 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\ntio412.sys [2010.07.31 21:04:45 | 000,035,424 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio412.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio804.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio804.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\ntio404.sys [2010.07.31 21:04:45 | 000,034,560 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio404.sys [2010.07.31 21:04:45 | 000,034,032 | ---- | M] () -- C:\WINDOWS\System32\ntio.sys [2010.07.31 21:04:45 | 000,034,032 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntio.sys [2010.07.31 21:04:45 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\ntdos411.sys [2010.07.31 21:04:45 | 000,029,370 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos411.sys [2010.07.31 21:04:45 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\ntdos412.sys [2010.07.31 21:04:45 | 000,029,274 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos412.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos804.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos804.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\ntdos404.sys [2010.07.31 21:04:45 | 000,029,146 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos404.sys [2010.07.31 21:04:45 | 000,027,914 | ---- | M] () -- C:\WINDOWS\System32\ntdos.sys [2010.07.31 21:04:45 | 000,027,914 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntdos.sys [2010.07.31 21:04:45 | 000,007,084 | ---- | M] () -- C:\WINDOWS\System32\nlsfunc.exe |
|
06.08.2010, 21:48
| #71 |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) OTL Teil 2 [2010.07.31 21:04:45 | 000,007,084 | ---- | M] () -- C:\WINDOWS\System32\dllcache\nlsfunc.exe [2010.07.31 21:04:43 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\msjetoledb40.dll [2010.07.31 21:04:43 | 000,355,112 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msjetol1.dll [2010.07.31 21:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\msdmo.dll [2010.07.31 21:04:42 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdmo.dll [2010.07.31 21:04:42 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\mscdexnt.exe [2010.07.31 21:04:42 | 000,000,817 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mscdexnt.exe [2010.07.31 21:04:41 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\mlang.dat [2010.07.31 21:04:41 | 000,673,088 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mlang.dat [2010.07.31 21:04:41 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax [2010.07.31 21:04:41 | 000,148,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax [2010.07.31 21:04:41 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2data.ax [2010.07.31 21:04:41 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax [2010.07.31 21:04:40 | 000,265,948 | ---- | M] () -- C:\WINDOWS\System32\locale.nls [2010.07.31 21:04:40 | 000,039,546 | ---- | M] () -- C:\WINDOWS\System32\mem.exe [2010.07.31 21:04:40 | 000,039,546 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mem.exe [2010.07.31 21:04:39 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\key01.sys [2010.07.31 21:04:39 | 000,042,809 | ---- | M] () -- C:\WINDOWS\System32\dllcache\key01.sys [2010.07.31 21:04:39 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\keyboard.sys [2010.07.31 21:04:39 | 000,042,537 | ---- | M] () -- C:\WINDOWS\System32\dllcache\keyboard.sys [2010.07.31 21:04:39 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\l_intl.nls [2010.07.31 21:04:39 | 000,007,046 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_intl.nls [2010.07.31 21:04:39 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\l_except.nls [2010.07.31 21:04:39 | 000,000,168 | ---- | M] () -- C:\WINDOWS\System32\dllcache\l_except.nls [2010.07.31 21:04:37 | 000,144,776 | ---- | M] () -- C:\WINDOWS\System32\dllcache\archvapp.inf [2010.07.31 21:04:37 | 000,004,992 | ---- | M] () -- C:\WINDOWS\System32\himem.sys [2010.07.31 21:04:37 | 000,004,992 | ---- | M] () -- C:\WINDOWS\System32\dllcache\himem.sys [2010.07.31 21:04:36 | 000,444,416 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\fpcibase.sys [2010.07.31 21:04:36 | 000,444,416 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys [2010.07.31 21:04:36 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\geo.nls [2010.07.31 21:04:36 | 000,024,772 | ---- | M] () -- C:\WINDOWS\System32\dllcache\geo.nls [2010.07.31 21:04:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\fastopen.exe [2010.07.31 21:04:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\System32\dllcache\fastopen.exe [2010.07.31 21:04:35 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\encdec.dll [2010.07.31 21:04:35 | 000,186,880 | ---- | M] () -- C:\WINDOWS\System32\dllcache\encdec.dll [2010.07.31 21:04:35 | 000,098,604 | ---- | M] () -- C:\WINDOWS\System32\dllcache\evtquery.vbs [2010.07.31 21:04:35 | 000,098,604 | ---- | M] () -- C:\WINDOWS\System32\eventquery.vbs [2010.07.31 21:04:35 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\dvdplay.exe [2010.07.31 21:04:35 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dvdplay.exe [2010.07.31 21:04:35 | 000,013,026 | ---- | M] () -- C:\WINDOWS\System32\edlin.exe [2010.07.31 21:04:35 | 000,013,026 | ---- | M] () -- C:\WINDOWS\System32\dllcache\edlin.exe [2010.07.31 21:04:35 | 000,008,584 | ---- | M] () -- C:\WINDOWS\System32\exe2bin.exe [2010.07.31 21:04:35 | 000,008,584 | ---- | M] () -- C:\WINDOWS\System32\dllcache\exe2bin.exe [2010.07.31 21:04:33 | 000,054,128 | ---- | M] () -- C:\WINDOWS\System32\dosx.exe [2010.07.31 21:04:33 | 000,054,128 | ---- | M] () -- C:\WINDOWS\System32\dllcache\dosx.exe [2010.07.31 21:04:32 | 000,021,210 | ---- | M] () -- C:\WINDOWS\System32\dllcache\debug.exe [2010.07.31 21:04:32 | 000,021,210 | ---- | M] () -- C:\WINDOWS\System32\debug.exe [2010.07.31 21:04:32 | 000,008,386 | ---- | M] () -- C:\WINDOWS\System32\ctype.nls [2010.07.31 21:04:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\dllcache\country.sys [2010.07.31 21:04:31 | 000,027,097 | ---- | M] () -- C:\WINDOWS\System32\country.sys [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_950.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_950.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_949.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_949.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_936.nls [2010.07.31 21:04:27 | 000,196,642 | ---- | M] () -- C:\WINDOWS\System32\c_936.nls [2010.07.31 21:04:27 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_932.nls [2010.07.31 21:04:27 | 000,162,850 | ---- | M] () -- C:\WINDOWS\System32\c_932.nls [2010.07.31 21:04:27 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20261.nls [2010.07.31 21:04:27 | 000,139,810 | ---- | M] () -- C:\WINDOWS\System32\c_20261.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_874.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_874.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_869.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_869.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_866.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_866.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_865.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_865.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_863.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_863.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_861.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_861.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_860.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_860.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_857.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_857.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_855.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_855.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_852.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_852.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_850.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_850.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_775.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_775.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_737.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_737.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_437.nls [2010.07.31 21:04:27 | 000,066,594 | ---- | M] () -- C:\WINDOWS\System32\c_437.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_875.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_875.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_500.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_500.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28605.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28605.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28603.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28603.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28599.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28599.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28598.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28598.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28597.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28597.NLS [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28595.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28595.NLS [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28594.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\C_28594.NLS [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28593.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28593.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28592.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28592.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_28591.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_28591.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_21866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_21866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20905.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20905.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20866.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_20127.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_20127.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1258.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1258.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1257.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1257.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1256.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1256.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1255.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1255.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1254.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1254.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1253.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1252.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1252.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1251.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1250.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_1026.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_1026.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10082.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10082.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10081.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10081.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10079.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10079.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10029.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10029.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10017.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10017.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10010.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10010.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10007.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10007.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10006.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10006.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_10000.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_10000.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\dllcache\c_037.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | M] () -- C:\WINDOWS\System32\c_037.nls [2010.07.31 21:04:26 | 000,144,384 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll [2010.07.31 21:04:26 | 000,144,384 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\avmenum.dll [2010.07.31 21:04:26 | 000,087,552 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll [2010.07.31 21:04:26 | 000,087,552 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\avmcoxp.dll [2010.07.31 21:04:25 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\dllcache\amstream.dll [2010.07.31 21:04:25 | 000,070,656 | ---- | M] () -- C:\WINDOWS\System32\amstream.dll [2010.07.31 21:04:25 | 000,012,610 | ---- | M] () -- C:\WINDOWS\System32\dllcache\append.exe [2010.07.31 21:04:25 | 000,012,610 | ---- | M] () -- C:\WINDOWS\System32\append.exe [2010.07.31 21:04:25 | 000,009,032 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ansi.sys [2010.07.31 21:04:25 | 000,009,032 | ---- | M] () -- C:\WINDOWS\System32\ansi.sys [2010.07.31 21:04:24 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\odbcconf.rsp [2010.07.31 21:04:24 | 000,004,310 | ---- | M] () -- C:\WINDOWS\System32\dllcache\odbcconf.rsp [2010.07.31 21:04:24 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520850.cpx [2010.07.31 21:04:24 | 000,002,233 | ---- | M] () -- C:\WINDOWS\System32\12520850.cpx [2010.07.31 21:04:24 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\dllcache\12520437.cpx [2010.07.31 21:04:24 | 000,002,151 | ---- | M] () -- C:\WINDOWS\System32\12520437.cpx [2010.07.31 21:04:23 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\oembios.bin [2010.07.31 21:04:23 | 013,107,200 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.bin [2010.07.31 21:04:23 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\secupd.sig [2010.07.31 21:04:23 | 000,007,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.sig [2010.07.31 21:04:23 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\oembios.sig [2010.07.31 21:04:23 | 000,006,761 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.sig [2010.07.31 21:04:23 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\secupd.dat [2010.07.31 21:04:23 | 000,004,569 | ---- | M] () -- C:\WINDOWS\System32\dllcache\secupd.dat [2010.07.31 21:04:23 | 000,004,461 | ---- | M] () -- C:\WINDOWS\System32\oembios.dat [2010.07.31 21:04:23 | 000,004,461 | ---- | M] () -- C:\WINDOWS\System32\dllcache\oembios.dat [2010.07.31 21:04:21 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys [2010.07.31 21:04:21 | 000,256,568 | ---- | M] (Jungo) -- C:\WINDOWS\System32\drivers\windrvr6.sys [2010.07.31 21:04:21 | 000,176,715 | ---- | M] (DataViz Inc.) -- C:\WINDOWS\System32\drivers\MacOpen.sys [2010.07.31 21:04:21 | 000,090,688 | ---- | M] (SafeNet, Inc.) -- C:\WINDOWS\System32\drivers\sentinel.sys [2010.07.31 21:04:21 | 000,054,272 | ---- | M] (Sonic Focus, Inc) -- C:\WINDOWS\System32\drivers\sfng32.sys [2010.07.31 21:04:21 | 000,029,184 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\VClone.sys [2010.07.31 21:04:21 | 000,023,936 | ---- | M] (Motorola) -- C:\WINDOWS\System32\drivers\motmodem.sys [2010.07.31 21:04:21 | 000,019,712 | R--- | M] (Maxtor Corp.) -- C:\WINDOWS\System32\drivers\mxofwfp.sys [2010.07.31 21:04:21 | 000,013,824 | ---- | M] (T-Systems) -- C:\WINDOWS\System32\drivers\tsmpkt.sys [2010.07.31 21:04:21 | 000,013,396 | ---- | M] () -- C:\WINDOWS\System32\drivers\MTictwl.sys [2010.07.31 21:04:21 | 000,012,848 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacomvhid.sys [2010.07.31 21:04:21 | 000,011,984 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\RegKill.sys [2010.07.31 21:04:21 | 000,011,440 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\drivers\WacomVKHid.sys [2010.07.31 21:04:21 | 000,011,312 | ---- | M] (Wacom Technology) -- C:\WINDOWS\System32\drivers\wacommousefilter.sys [2010.07.31 21:04:21 | 000,004,960 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntiowp.sys [2010.07.31 21:04:20 | 000,537,600 | ---- | M] (AVM Berlin) -- C:\WINDOWS\System32\drivers\fpcibase.sys [2010.07.31 21:04:20 | 000,242,184 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfsfltr.sys [2010.07.31 21:04:20 | 000,111,112 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) -- C:\WINDOWS\System32\drivers\bdfm.sys [2010.07.31 21:04:20 | 000,106,432 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys [2010.07.31 21:04:20 | 000,080,384 | R--- | M] (OMNIKEY) -- C:\WINDOWS\System32\drivers\cxbu0wdm.sys [2010.07.31 21:04:20 | 000,053,632 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\drivers\avmcowan.sys [2010.07.31 21:04:20 | 000,034,760 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\ElbyCDFL.sys [2010.07.31 21:04:20 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\DslTestSp5.sys [2010.07.31 21:04:20 | 000,026,024 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys [2010.07.31 21:04:20 | 000,017,920 | ---- | M] (Aladdin Knowledge Systems) -- C:\WINDOWS\System32\drivers\aksusb.sys [2010.07.31 21:04:18 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\drivers\gm.dls [2010.07.31 21:04:18 | 003,440,660 | ---- | M] () -- C:\WINDOWS\System32\dllcache\gm.dls [2010.07.31 21:04:17 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\dllcache\compatui.dll [2010.07.31 21:04:17 | 000,253,440 | ---- | M] () -- C:\WINDOWS\System32\compatui.dll [2010.07.31 21:04:17 | 000,037,568 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\drivers\avmwan.sys [2010.07.31 21:04:17 | 000,037,568 | ---- | M] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys [2010.07.31 21:04:16 | 000,272,128 | ---- | M] () -- C:\WINDOWS\System32\perfi009.dat [2010.07.31 21:04:16 | 000,269,480 | ---- | M] () -- C:\WINDOWS\System32\perfi007.dat [2010.07.31 21:04:16 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.07.31 21:04:16 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2010.07.31 21:04:16 | 000,034,478 | ---- | M] () -- C:\WINDOWS\System32\perfd007.dat [2010.07.31 21:04:16 | 000,028,626 | ---- | M] () -- C:\WINDOWS\System32\perfd009.dat [2010.07.28 21:19:22 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll [2010.07.28 21:19:22 | 000,447,952 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll [2010.07.28 21:19:22 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll [2010.07.28 21:19:22 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll [2010.07.28 21:19:20 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll [2010.07.28 21:19:20 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll [2010.07.28 21:19:20 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll [2010.07.28 21:19:20 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll [2010.07.28 21:19:18 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll [2010.07.28 21:19:18 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll [2010.07.28 21:19:18 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll [2010.07.28 15:29:06 | 003,176,030 | -H-- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.07.24 16:08:54 | 000,000,125 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Bahasa Indonesia.url [2010.07.03 15:52:27 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.25 00:16:21 | 000,000,362 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Dokumente.lnk [2010.06.20 14:12:12 | 000,000,124 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Repository Naturalis NL.url [2010.06.08 21:35:07 | 000,002,181 | ---- | M] () -- C:\WINDOWS\Helicon Debug Window.ini [2010.06.08 20:20:39 | 000,000,126 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\GDZ.url [2010.06.08 20:17:26 | 000,000,140 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Catfish Inventory Literatur.url [2010.06.08 20:16:05 | 000,000,182 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Am Mus Nov.url [2010.05.27 19:01:57 | 000,000,134 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Loaches Corner.url [2010.05.27 18:59:13 | 000,000,122 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Fische Asien Reiseplanung.url [2010.05.27 18:02:40 | 000,000,127 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\ILC 2010.url [2010.05.22 14:05:49 | 000,000,111 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Gallica.url [2010.05.20 21:49:40 | 000,000,112 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Medikamentenpreisvergleich.url [2010.05.19 11:51:43 | 000,000,159 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\DMI Südjütland.url [2010.05.19 11:50:46 | 000,000,173 | ---- | M] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Wetter Flensburg.url [2010.05.17 18:10:49 | 001,583,019 | ---- | M] () -- C:\WINDOWS\MapCreator 2 Uninstaller.exe [2010.05.17 17:25:46 | 000,000,142 | ---- | M] () -- C:\WINDOWS\WINMAP.INI [2010.05.12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\drivers\SZKGFS.sys [7 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.06 22:25:46 | 000,000,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg [2010.08.06 22:15:41 | 000,000,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Verknüpfung mit OTL.lnk [2010.08.06 22:07:25 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\CCleaner.lnk [2010.08.06 14:40:13 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\defogger_reenable [2010.08.06 10:47:23 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2010.08.06 10:47:23 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2010.08.05 14:21:24 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\u4jf7786.exe [2010.08.04 22:24:22 | 000,000,815 | ---- | C] () -- C:\rtsr_eml_sr.dat [2010.08.04 22:24:22 | 000,000,132 | ---- | C] () -- C:\httpdwl.dat [2010.08.04 22:24:21 | 000,000,141 | ---- | C] () -- C:\dwl.dat [2010.08.04 18:21:53 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2010.08.04 18:21:48 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.08.03 15:26:43 | 000,000,118 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\JOTTI Online Scanner.url [2010.08.03 13:05:48 | 000,016,309 | ---- | C] () -- D:\Anschreiben.pdf [2010.08.01 16:04:52 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.01 14:57:07 | 000,000,000 | -H-- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\NTUSER.DAT_tureg_new.LOG [2010.07.31 22:52:48 | 000,000,510 | ---- | C] () -- C:\WINDOWS\tasks\Automatische Problemsuche.job [2010.07.31 22:37:11 | 000,002,283 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk [2010.07.31 22:22:34 | 000,001,352 | ---- | C] () -- D:\AutoHotkey.ahk [2010.07.31 21:16:34 | 000,117,813 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.scr [2010.07.31 21:16:34 | 000,006,083 | ---- | C] () -- C:\WINDOWS\System32\AutoPartNt.nam [2010.07.31 21:04:53 | 000,089,588 | ---- | C] () -- C:\WINDOWS\System32\unicode.nls [2010.07.31 21:04:51 | 000,262,148 | ---- | C] () -- C:\WINDOWS\System32\sortkey.nls [2010.07.31 21:04:51 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls [2010.07.31 21:04:40 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls [2010.07.31 21:04:32 | 000,008,386 | ---- | C] () -- C:\WINDOWS\System32\ctype.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1253.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1251.nls [2010.07.31 21:04:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\c_1250.nls [2010.07.29 16:47:43 | 013,893,632 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\ntuser.dat [2010.07.29 16:47:43 | 009,699,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\NTUSER.DAT_tureg_old [2010.07.24 16:08:44 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Bahasa Indonesia.url [2010.06.25 00:16:21 | 000,000,362 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Dokumente.lnk [2010.06.20 14:11:54 | 000,000,124 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Repository Naturalis NL.url [2010.06.08 20:20:32 | 000,000,126 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\GDZ.url [2010.06.08 20:17:03 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Catfish Inventory Literatur.url [2010.06.08 20:15:34 | 000,000,182 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Am Mus Nov.url [2010.05.27 19:01:50 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Loaches Corner.url [2010.05.27 18:58:59 | 000,000,122 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Fische Asien Reiseplanung.url [2010.05.27 18:02:32 | 000,000,127 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\ILC 2010.url [2010.05.22 14:05:35 | 000,000,111 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Gallica.url [2010.05.20 21:49:11 | 000,000,112 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Medikamentenpreisvergleich.url [2010.05.19 11:51:34 | 000,000,159 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\DMI Südjütland.url [2010.05.19 11:50:32 | 000,000,173 | ---- | C] () -- C:\Dokumente und Einstellungen\Gerhard Ott\Desktop\Wetter Flensburg.url [2010.05.17 18:10:49 | 001,583,019 | ---- | C] () -- C:\WINDOWS\MapCreator 2 Uninstaller.exe [2010.05.17 17:25:46 | 000,000,142 | ---- | C] () -- C:\WINDOWS\WINMAP.INI [2009.12.17 12:26:40 | 000,002,181 | ---- | C] () -- C:\WINDOWS\Helicon Debug Window.ini [2009.09.23 22:08:25 | 000,008,640 | RHS- | C] () -- C:\WINDOWS\innova3.ini [2009.09.02 11:45:04 | 000,000,225 | ---- | C] () -- C:\WINDOWS\GraphicsDesk.INI [2009.03.11 18:17:48 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI [2009.02.12 17:21:04 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll [2009.02.12 17:20:54 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll [2009.02.12 17:19:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll [2009.02.12 17:19:41 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll [2009.02.12 17:19:40 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll [2009.02.12 17:08:22 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini [2009.02.12 17:08:00 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll [2009.02.12 17:07:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll [2008.12.01 20:09:14 | 000,000,131 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini [2008.12.01 18:11:22 | 000,004,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntiowp.sys [2008.12.01 17:12:44 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\MtxEscape.dll [2008.11.26 19:39:23 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2008.11.01 16:15:40 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.10.09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.01.15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini [2007.12.22 20:28:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI [2007.12.22 19:17:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CleaningLab.INI [2007.12.20 20:22:30 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007.11.20 21:16:23 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2007.11.20 21:15:45 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2007.11.02 18:53:01 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.10.31 18:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATM.INI [2007.10.31 18:00:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2007.10.30 16:58:06 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Photomatix_jpg.dll [2007.10.30 16:58:06 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib.dll [2007.10.30 16:58:06 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib2.dll [2007.10.30 16:58:06 | 000,095,525 | ---- | C] () -- C:\WINDOWS\System32\Photomatix25Lib3.dll [2007.10.30 16:39:51 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pmtf2.dll [2007.10.30 16:39:51 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\pmtf1.dll [2007.10.30 16:39:51 | 000,204,288 | ---- | C] () -- C:\WINDOWS\System32\pmtf3.dll [2007.10.30 16:39:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pmexr.dll [2007.10.30 16:39:51 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmbm.dll [2007.10.30 16:39:50 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib.dll [2007.10.30 16:39:50 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib2.dll [2007.10.30 16:39:50 | 000,216,064 | ---- | C] () -- C:\WINDOWS\System32\pmjp.dll [2007.10.30 16:39:50 | 000,112,128 | ---- | C] () -- C:\WINDOWS\System32\PhotomatixLib3.dll [2007.10.29 11:09:26 | 000,013,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\MTictwl.sys [2007.10.24 15:17:51 | 000,000,387 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2007.10.22 21:51:50 | 000,003,141 | ---- | C] () -- C:\WINDOWS\jhcfwg24.ini [2007.10.18 11:12:58 | 000,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007.10.18 11:12:57 | 000,009,391 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini [2007.10.18 11:12:02 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL [2007.10.18 11:12:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll [2007.10.17 22:17:44 | 000,000,139 | ---- | C] () -- C:\WINDOWS\hbcikrnl.ini [2007.10.17 14:57:04 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll [2007.10.15 15:47:23 | 000,000,500 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.10.15 14:53:39 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\chksvrn.dll [2007.10.15 14:53:39 | 000,000,143 | R--- | C] () -- C:\WINDOWS\System32\cmabout.ini [2007.10.15 14:53:38 | 000,163,840 | R--- | C] () -- C:\WINDOWS\System32\cmabout.dll [2007.10.15 14:53:38 | 000,010,090 | R--- | C] () -- C:\WINDOWS\System32\cmdiag.ini [2007.10.08 17:37:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2007.07.10 18:49:12 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\spwini.dll [2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\WINDOWS\System32\xreglib.dll [2005.11.11 12:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll [2005.11.11 12:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005.08.31 10:20:00 | 000,233,557 | ---- | C] () -- C:\WINDOWS\System32\esint54.dll [2004.10.07 13:50:50 | 000,072,704 | ---- | C] () -- C:\WINDOWS\System32\eminecz2.dll [2004.08.04 14:00:00 | 000,015,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\serenum.sys [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\w6gfh4u.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll [2004.08.04 14:00:00 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll [2004.08.04 14:00:00 | 000,000,336 | ---- | C] () -- C:\WINDOWS\System32\v2spu75.dll [2004.08.04 14:00:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll [2004.08.04 14:00:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll [2004.08.04 14:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\z7cyb5u.dll [2003.09.03 06:03:10 | 000,018,932 | ---- | C] () -- C:\WINDOWS\MSUMLT_B.INI [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.04.17 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL [1998.12.31 18:11:30 | 000,000,589 | ---- | C] () -- C:\WINDOWS\ATLI2.INI [1998.12.31 18:10:22 | 000,907,776 | ---- | C] () -- C:\WINDOWS\System32\OWL52F.DLL [1997.11.21 07:03:20 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL [1997.09.30 03:30:02 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL ========== LOP Check ========== [2008.11.13 19:43:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis [2009.06.14 18:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\aewc [2009.06.14 14:34:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BDNM [2008.09.29 12:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BIFAB [2009.03.11 18:06:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender [2008.10.26 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes [2010.03.20 17:02:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eminec [2008.09.28 14:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG [2009.09.23 22:08:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\innoplus [2007.10.29 13:32:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ISDNWatch [2007.12.22 19:04:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.12.08 17:00:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox [2008.12.08 16:59:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Matrox Graphics Inc [2009.11.24 17:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhraseExpress [2008.05.23 21:02:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Quark [2007.10.24 15:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2008.10.26 17:24:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2010.08.06 22:28:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla! [2007.11.06 17:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2008.10.01 20:47:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith [2010.06.08 21:46:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.12.05 18:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2007.11.20 10:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VertusTech [2008.11.17 22:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vokabeltrainer 3 [2009.06.11 17:51:01 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{44C0A247-3014-411F-95CB-B1729C1B82D5} [2008.11.14 17:02:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009.12.05 18:51:27 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} [2009.06.14 14:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\.doos [2007.10.18 11:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\3Dconnexion [2008.05.27 11:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\6500 Series [2008.11.13 19:47:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Acronis [2008.01.07 16:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Anthropics [2009.06.11 17:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\AquaSoft [2007.10.17 21:17:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Axaware [2007.10.22 16:43:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Barbecue [2010.07.28 15:28:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\BitDefender [2008.09.16 18:45:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DemoPlugin [2008.06.12 16:03:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Dexpot [2008.05.25 14:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DiashowManager [2007.10.30 15:54:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DirPrinter [2009.11.17 18:51:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\DL [2009.12.08 15:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\doublecmd [2009.10.19 19:15:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Duden [2009.08.12 18:53:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\eminec [2007.11.23 19:44:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\EPSON [2008.09.08 20:22:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\FileOpen [2010.08.05 14:24:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Free Download Manager [2007.10.29 13:34:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\FRITZ! [2008.06.03 18:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\gtk-2.0 [2009.09.02 11:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Hemera [2009.09.23 22:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\innoPlus [2007.11.28 19:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Keseling [2007.11.28 20:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\KRKsoft [2010.07.28 21:01:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Lasersoft Imaging [2008.10.13 06:54:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\LearnLift [2009.02.16 18:11:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Lexmark Productivity Studio [2007.11.20 21:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\MAGIX [2010.07.24 17:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Map Maker [2008.11.26 22:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\MB-Ruler Pro [2010.06.10 19:39:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\MB-Ruler Pro special [2008.11.17 18:59:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Notepad++ [2009.04.09 12:16:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\OfficeUpdate12 [2008.11.13 22:33:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\OpenOffice.org [2010.05.20 18:41:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Opera [2009.11.24 18:01:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\PhraseExpress [2009.07.28 11:06:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\PiX-ART.com [2008.05.06 21:13:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\PPTminimizer [2007.10.17 23:45:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\qliner [2008.05.23 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Quark [2010.08.01 12:40:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\QuickScan [2007.10.24 15:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\ScanSoft [2008.02.06 12:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\SmartTools [2009.09.21 19:57:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Software4u [2009.11.05 13:34:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\SpeedProject [2008.04.29 17:57:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\stickies [2008.10.12 14:40:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TaskCoach [2010.05.16 12:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TechSmith [2010.05.13 12:48:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Thunderbird [2007.10.24 15:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TomTom [2010.04.27 17:35:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Tracker Software [2007.10.17 16:56:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\TuneUp Software [2008.10.13 06:27:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\VTrain [2009.04.21 10:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Windows Desktop Search [2009.04.21 10:46:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Windows Search [2007.10.24 15:23:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gerhard Ott\Anwendungsdaten\Zeon [2010.08.06 22:25:33 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\Automatische Problemsuche.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 96 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:20C3AB27 @Alternate Data Stream - 400 bytes -> C:\Dokumente und Einstellungen\Gerhard Ott\Lokale Einstellungen\Anwendungsdaten\desktop.ini:bf5af20ce7a419b1178ece347eddc338 @Alternate Data Stream - 253 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1957F8A9 < End of report > |
|
06.08.2010, 21:51
| #72 |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) und OTL Extras: OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.08.2010 22:27:53 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 255,32 Gb Total Space | 221,99 Gb Free Space | 86,94% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 418,84 Gb Free Space | 89,93% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 202,18 Gb Free Space | 43,41% Space Free | Partition Type: NTFS
Drive F: | 312,61 Gb Total Space | 113,07 Gb Free Space | 36,17% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 214,40 Gb Free Space | 46,03% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: SACHFACH
Current User Name: Gerhard Ott
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
jsfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe" = C:\Programme\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe:*:Enabled:Adobe Dreamweaver CS3 -- (Adobe Systems, Inc.)
"C:\WINDOWS\system32\lxdfcoms.exe" = C:\WINDOWS\system32\lxdfcoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Programme\Lexmark 6500 Series\lxdfamon.exe" = C:\Programme\Lexmark 6500 Series\lxdfamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Programme\Lexmark 6500 Series\frun.exe" = C:\Programme\Lexmark 6500 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe" = C:\Programme\Gemeinsame Dateien\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Programme\SnagIt\SnagItEditor.exe" = C:\Programme\SnagIt\SnagItEditor.exe:*:Enabled:SnagIt Editor 9 -- (TechSmith Corporation)
"C:\Programme\Lexmark 6500 Series\lxdfmon.exe" = C:\Programme\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\lxdfcfg.exe" = C:\WINDOWS\system32\lxdfcfg.exe:*:Enabled:Printer Communication System -- ( )
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
"C:\Programme\Lexmark 6500 Series\Wireless\lxdfwpss.exe" = C:\Programme\Lexmark 6500 Series\Wireless\lxdfwpss.exe:*:Enabled: -- ()
"C:\Programme\Tools\PhraseExpress\phraseexpress.exe" = C:\Programme\Tools\PhraseExpress\phraseexpress.exe:*:Enabled:PhraseExpress -- (Bartels Media)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0180F30F-52A8-4414-8E3B-931917211845}" = AquaSoft DiaShow Studio 6
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{094C28D2-3FE2-417C-AF0B-425FE891F04A}" = Motorola Phone Tools
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{11AB5846-9F34-434A-9721-ED0247F538D9}" = 3Dconnexion Plug-In for 3ds max 6 - 8
"{143B0CE5-5A84-4537-94A2-F9B12F0A20B1}" = 3Dconnexion Plug-In for Maya 6.5
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A986F4A-5DBA-4A6F-8CE3-973066C2587C}" = 3Dconnexion Plug-in for QuickTime VR
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{22DC3166-47B6-4B9E-A163-AB0F50C91829}" = Matrox PowerDesk-SE
"{2368AFF7-A26E-40B5-96EE-86CD00F0CDAB}" = 3Dconnexion Plug-In for 3ds Max 9
"{248057F8-58C8-4E44-9182-9AF85DF787FC}" = Adobe Setup
"{24D20EF7-2066-42A8-91DB-952636384E42}" = AquaSoft PhotoKalender
"{253292FA-59C1-4750-B12F-37E21B412885}" = StarMoney 6.0 S-Edition
"{26988F1A-810A-4CE1-BBD7-3DF471E03BD0}" = 3Dconnexion Plug-In for NX
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C0BC353-B261-44D5-83F1-C8BDCF8FD9F9}" = STOPzilla
"{2DEFAFFC-CED3-4D54-A558-34B55F0E4C93}" = 3Dconnexion Plug-In for Maya 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3598B8A9-091B-40A2-AF10-D132E861C0D2}" = 3Dconnexion Add-In for Solid Edge
"{36B107C0-F8AD-42D5-B0CD-58035C5A4B47}" = Duden Korrektor PLUS Update
"{3734D369-234D-44A1-923E-CECDC1151359}" = MemoMaster 3
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis*True*Image*Home
"{3A521923-1EDC-4EAC-83CF-4B2EAE132E84}_is1" = Duden Korrektor für OpenOffice.org
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{411E0CC3-587A-468C-B461-95FAFD05E4DE}" = Adobe InDesign CS3
"{45E14793-139A-446D-8E84-84CBD528803A}" = The Big Box of Art 350.000
"{46653DF9-CF76-4127-9FC6-B3E43EBD83CE}" = 3Dconnexion Picture Viewer
"{47879FA7-BC8F-4D7F-8057-86D0416579FA}" = StarMoney
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA5B8A5-BEEF-4AD8-B11D-4443A042EA4F}" = Adobe Dreamweaver CS3
"{4ECC923E-B46B-4ECB-8EC8-35630C8912E4}" = 3Dconnexion Add-In for SolidWorks
"{4ECD8140-C581-401F-8EF5-209DA0F5EC98}" = 3Dconnexion Plug-In for Maya 6
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C47C8B6-77FF-4FC7-A388-66FCF9CFC24C}" = Snagit 9.1.3
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5D1F9026-6255-4F18-BBDF-F2B424D0DD04}" = 3Dconnexion Add-In for AutoCAD 2007
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6EC874C2-F950-4B7E-A5B7-B1066D6B74AA}" = QuickTime
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{782F20EF-AEB4-4062-9614-750FE8FD2542}" = Vokabeltrainer-Update 3.0.32
"{7930CFCA-A2B4-43F0-B8A4-80885A48DB4B}" = 3Dconnexion Plug-In for Photoshop CS3
"{7A734F47-83B8-4035-B819-FDABCED660A1}" = 3Dconnexion Add-In for Inventor
"{7D386596-0E80-4808-8AAE-C1DDA8212F7F}" = Adobe Setup
"{7E0F42A8-AC7D-4557-8D8F-49918C543ABF}" = BitDefender Antivirus 2009
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80F884E1-C9F3-40C0-8A2A-7C5EDE5A9924}" = 3Dconnexion Plug-In for Pro/ENGINEER
"{86D399FB-05FC-4EED-A5B1-A33FE72FA498}" = 3Dconnexion Add-In for AutoCAD 2008
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8AEBFD30-B94F-4A49-8106-03039708BDD4}" = Duden Korrektor Patch 012009
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A38048C6-89D1-44EC-BC95-E95DD4A19B5E}" = QuarkXPress 7.1
"{A3979C7E-4E11-4E74-B4B0-F88B9788CEAF}" = 3Dconnexion Plug-in for Acrobat 3D
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AABF76CA-D460-42F0-BB2C-80DF44E8850F}" = Adobe Creative Suite 3 Design Standard
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{B60BC366-98BF-448F-9981-617FE8BEB30B}" = AquaSoft Barbecue
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BAFCA6AC-8B37-405B-B57E-C1D45DE70ACC}" = 3Dconnexion 3DxSoftware (Personal Edition)
"{BB904413-1FED-4EDA-A1CC-CA5DD703378B}" = 3Dconnexion Add-On for XSI
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BFFE230A-8520-423D-8A22-DB82C9922925}" = Das Interaktive Kartenwerk. Deutschland
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C8D7A672-F697-4572-AC62-C856053A8DBC}" = Adobe Illustrator CS3
"{C96F2228-0163-4782-95AF-816BC1692F31}" = Langenscheidt Vokabeltrainer 3.0 Englisch (OEM)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD40F045-2D59-41FF-8664-BA53A2C41342}" = 3Dconnexion Plug-In for Maya 8
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3C605D8-3A5E-4BAD-965D-2C61441BF2AC}" = Adobe Photoshop CS3
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DB5C0B0D-6FC9-4072-BB43-4CFD70506CF6}" = 3Dconnexion Extension for SketchUp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF74C7BA-5C9F-4F17-8B6F-5ECE08280F34}" = ScanSoft OmniPage 16
"{E48AE8E5-8B5A-465C-95E5-47725448DA57}" = 3Dconnexion 3DxWare
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F676F3E6-15C7-47AC-8FAE-46891D00F1AF}" = Schleswig-Holstein Hamburg 2.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F996076C-BED5-45D6-9C10-39BC7B005F77}" = 3Dconnexion Plug-In for Photoshop CS2
"{F9C0F8DE-FDFE-4A59-B91D-D8D4F23B5F46}" = 3Dconnexion Plug-In for Maya 8.5
"{FF0B0792-F6E7-4627-B820-EA50617E223B}" = QuarkXPress 6.5
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"1PasswordPro" = 1Password Pro
"ac'tivAid" = ac'tivAid v1.3.1
"Adobe Acrobat 8 Professional - English, Français, Deutsch_815" = Adobe Acrobat 8.1.5 - CPSID_49013
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Streamline 4.0" = Adobe Streamline 4.0
"Adobe Type Manager 4.1" = Adobe Type Manager 4.1
"Adobe_25db75244653b42cb93dc27939d1c0e" = Adobe Dreamweaver CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_c5cbed37a01f242ac41d8f4528b7a0d" = Adobe Creative Suite 3 Design Standard hinzufügen oder entfernen
"AnyDVD" = AnyDVD
"AquaSoft DiaShow Studio 6" = AquaSoft DiaShow Studio 6
"AutoHotkey" = AutoHotkey 1.0.47.06
"Bibliographix 8_is1" = Bibliographix 8
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"ConversionsPlus6.05" = Conversions Plus 6.05
"Dexpot" = Dexpot
"DFÜ-Speed" = DFÜ-Speed
"Dia" = Dia (nur entfernen)
"DPF-1.2.0.822_is1" = Duden Proof Factory 1.2.0.822
"DYMO Label Software" = DYMO Label Software
"eminecMYmap" = eminec MYmap v.5
"EPSON Scanner" = EPSON Scan
"Extended Clipboard_is1" = Extended Clipboard v. Extended Clipboard v. 1.4.24
"Farbwähler_is1" = Farbwähler 3.00
"FileZilla" = FileZilla (remove only)
"FLV Player" = FLV Player 2.0 (build 25)
"Free Download Manager_is1" = Free Download Manager 2.5 Video Conversion plugin
"Free Video to Flash Converter_is1" = Free Video to Flash Converter version 4.1
"FRITZ! 2.0" = AVM FRITZ!
"HECI" = Intel(R) Management Engine Interface
"Helicon Filter_is1" = Helicon Filter 4.93.2
"iColorFolder" = iColorFolder
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{45E14793-139A-446D-8E84-84CBD528803A}" = The Big Box of Art 350.000
"Lexmark 6500 Series" = Lexmark 6500 Series
"LimanPro1" = Liman Pro 1.0
"magicolor 2300 DL" = magicolor 2300 DL
"MAGIX Music Cleaning Lab 2008 deluxe D" = MAGIX Music Cleaning Lab 2008 deluxe 9.0.0.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapCreator 2" = MapCreator 2
"Matrox Parhelia Driver Uninstaller" = Matrox Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MOBackup-DatensicherungfürOutlook" = MOBackup - Datensicherung für Outlook (Vollversion)
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Photomatix Pro_is1" = Photomatix Pro version 2.5.2
"PhotoZoom Pro 2" = BenVista PhotoZoom Pro 2.2.8
"PhraseExpress_is1" = PhraseExpress v6.0.158
"Portrait Professional 6_is1" = Portrait Professional 6.3
"PPTminimizer 2006_is1" = PPTminimizer 2006
"SilverFast Epson" = SilverFast Epson 6.6.1r4a
"simple2_is1" = Tone Mapping Plug-In 1.1.2
"SpeedCommander 13" = SpeedCommander 13
"Stickies 6.5a" = Stickies 6.5a
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"Synchredible_is1" = Synchredible v1.3
"TomTom HOME" = TomTom HOME 2.7.5.2014
"TuneUp Utilities" = TuneUp Utilities
"Typograf" = Typograf4.8f
"Unlocker" = Unlocker 1.8.7
"VILAUS" = VILAUS
"VTrain (Vokabeltrainer)_is1" = VTrain (Vokabeltrainer) 4.5
"VTrain_is1" = VTrain (Vokabeltrainer) 5.2
"Wacom Tablet Driver" = Wacom Tablett
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WritePro Fiction" = WritePro Fiction
"WritePro FictionMaster" = WritePro FictionMaster
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dexpot" = Dexpot
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.08.2010 23:53:53 | Computer Name = SACHFACH | Source = ESENT | ID = 489
Description = wuauclt (4020) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 05.08.2010 23:53:53 | Computer Name = SACHFACH | Source = ESENT | ID = 455
Description = wuaueng.dll (4020) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8)
beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 05.08.2010 23:54:27 | Computer Name = SACHFACH | Source = ESENT | ID = 489
Description = wuauclt (3024) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 05.08.2010 23:54:27 | Computer Name = SACHFACH | Source = ESENT | ID = 455
Description = wuaueng.dll (3024) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8)
beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 05.08.2010 23:54:37 | Computer Name = SACHFACH | Source = ESENT | ID = 489
Description = wuauclt (3024) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 05.08.2010 23:54:37 | Computer Name = SACHFACH | Source = ESENT | ID = 455
Description = wuaueng.dll (3024) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8)
beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 05.08.2010 23:54:50 | Computer Name = SACHFACH | Source = ESENT | ID = 489
Description = wuauclt (2104) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 05.08.2010 23:54:50 | Computer Name = SACHFACH | Source = ESENT | ID = 455
Description = wuaueng.dll (2104) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8)
beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 05.08.2010 23:55:00 | Computer Name = SACHFACH | Source = ESENT | ID = 489
Description = wuauclt (2104) Versuch, Datei "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess
kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 05.08.2010 23:55:00 | Computer Name = SACHFACH | Source = ESENT | ID = 455
Description = wuaueng.dll (2104) SUS20ClientDataStore: Fehler -1032 (0xfffffbf8)
beim Öffnen von Protokolldatei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
[ System Events ]
Error - 06.08.2010 14:19:35 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 06.08.2010 14:19:38 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
Error - 06.08.2010 14:20:00 | Computer Name = SACHFACH | Source = Print | ID = 23
Description = Der Drucker BoD easyPrint DE,0 konnte nicht initialisiert werden,
da der Treiber BoD Printer DE nicht gefunden wurde.
Error - 06.08.2010 14:43:51 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst szserver.
Error - 06.08.2010 14:44:21 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst .
Error - 06.08.2010 14:50:03 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7002
Description = Der Dienst "MLPTDR_B" ist von der Gruppe "Parallel arbitrator" abhängig.
Kein Mitglied dieser Gruppe wurde jedoch gestartet.
Error - 06.08.2010 14:50:03 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Sentinel" ist vom Dienst "Parport" abhängig, der aufgrund
folgenden Fehlers nicht gestartet wurde: %%1058
Error - 06.08.2010 14:50:03 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 06.08.2010 14:50:04 | Computer Name = SACHFACH | Source = Print | ID = 23
Description = Der Drucker BoD easyPrint DE,0 konnte nicht initialisiert werden,
da der Treiber BoD Printer DE nicht gefunden wurde.
Error - 06.08.2010 14:50:06 | Computer Name = SACHFACH | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
StarOpen
[ TuneUp Events ]
Error - 06.08.2010 11:40:26 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 13:48:41 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 14:19:59 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 14:50:07 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 15:12:25 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 15:49:35 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 15:50:28 | Computer Name = SACHFACH | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-06 21:50:28', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','1212',0)
Error - 06.08.2010 15:59:18 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 16:13:56 | Computer Name = SACHFACH | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 06.08.2010 16:20:37 | Computer Name = SACHFACH | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-08-06 22:20:37', '\device\harddiskvolume1\programme\malwarebytes'
anti-malware\mbam.exe','4052',0)
< End of report >
|
|
06.08.2010, 21:56
| #73 | |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg)Zitat:
|
|
06.08.2010, 21:57
| #74 |
| | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) Ich lasse jetzt einen OTL-Komplettscan laufen. Bis morgen - oder so - dann, nehme ich mal an ;-) |
|
07.08.2010, 11:28
| #75 |
| /// Malware-holic | Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) es geht um den ccleaner, mit dem sollst du dateien bereinigen + registry |
|
| Themen zu Windows friert ein, Firefox öffnet willkürlich Fenster ( in Flensburg) |
| 0 bytes, adobe, banke, banken, bho, bonjour, browser, computer, cs3, defender, desktop, downloader, excel, explorer, firefox, firefox öffnet willkürlich fenster, free download, hijack, hkus\s-1-5-18, home, internet, internet explorer, mozilla, mozilla thunderbird, object, problem, stopzilla, system, virus, win xp prof, windows, windows friert ein, windows xp, xp prof sp3, öffnet |
Linear-Darstellung
