| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: weder Zugriff auf die Registry, den Taskmanager, noch online updateWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.08.2010, 15:38
| #1 |
 |  weder Zugriff auf die Registry, den Taskmanager, noch online update ...weder habe ich Zugriff auf die Registry, den Taskmanager, noch kann ich auf irgendeine Seite um online mal ein Update durchlaufen zu lassen  Auch wenn ich in die Registry dank Hilfsmittelchen gehe und dort alles abändere, stellt sich dies nach 2 sec wieder um! Ebenso kann ich keinerlei AntivirSoftware installieren, da deren dienste sich nicht starten lassen!!! Hatte sowas noch nie und weiss nicht weiter und mag zu allem nicht unbedingt alles neu installieren...Hat jemand vielleicht ne Idee woran es liegen könnte, oder wie man es doch noch austricksen kann um zB trendmicro housecall oder dergleichen drüber laufen zulassen??? thx im voraus =) Hoffe das Highjackpostfile ist aussagekräftig genug!!! HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:37:04, on 09.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\Programme\Faronics\Deep Freeze\Install C-0\DF5Serv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\InterCafe 2008\Client\Client.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\DAEMON Tools\daemon.exe C:\WINDOWS\System32\WScript.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Programme\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe C:\Programme\InterCafe 2008\Client\ICClientHelper.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\DOKUME~1\user\LOKALE~1\Temp\jiwjb.exe C:\DOKUME~1\user\LOKALE~1\Temp\pqbjvf.exe C:\Dokumente und Einstellungen\user\Desktop\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Hacked by PC-11 F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\Programme\InterCafe 2008\Client\Client.exe", O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] HDAudPropShortcut.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Programme\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [PC-11] C:\WINDOWS\SYSTEM32\PC-11.vbs O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\Paltalk.exe O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: hxxp://www.trendmicro.de O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281349501312 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205762813937 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: .NET Runtime Optimization Service v2.0.50727_X86 (clr_optimization_v2.0.50727_32) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (file missing) O23 - Service: DF5Serv - Faronics Corporation - C:\Programme\Faronics\Deep Freeze\Install C-0\DF5Serv.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: ICClientHelperService - blue image GmbH - C:\Programme\InterCafe 2008\Client\ICClientHelper.exe O23 - Service: Client Service (iClientService) - Unknown owner - C:\WINDOWS\system32\IClientService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 8224 bytes wenn ich maleware oder cclean drüber laufen lassen, findet er auch einiges, was sich auch super alles löschen lässt, nur nach dem neustart ist es dann wieder dasselbe spiel und das liegt jetzt nicht an deepfreeze, welche natürlich vorher ausgeschaltet wurde!!! |
|
09.08.2010, 17:29
| #2 |
| /// Malware-holic   | weder Zugriff auf die Registry, den Taskmanager, noch online update hi, bitte führe nur die von mir genannten schritte aus, sonst könnte es probleme geben und außerdem weis ich so was gemacht wurde.ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide |
|
09.08.2010, 17:52
| #3 |
| | weder Zugriff auf die Registry, den Taskmanager, noch online update thx erstmal für die schnelle antwort =) habe es nach anleitung durchgeführt und das kam bei raus...
__________________-------OTL.TXT------- OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.08.2010 18:40:55 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\user\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1.023,00 Mb Total Physical Memory | 391,00 Mb Available Physical Memory | 38,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 33,67 Gb Free Space | 68,95% Space Free | Partition Type: NTFS Drive D: | 68,36 Gb Total Space | 6,08 Gb Free Space | 8,89% Space Free | Partition Type: NTFS Drive E: | 31,85 Gb Total Space | 12,57 Gb Free Space | 39,46% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Drive M: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Y: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: PC-11 Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\user\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\oyuwsn.exe () PRC - C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\bksyo.exe () PRC - C:\Programme\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe (Faronics Corporation) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\InterCafe 2008\Client\ICClientHelper.exe (blue image GmbH) PRC - C:\Programme\InterCafe 2008\Client\Client.exe (blue image GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) PRC - C:\Programme\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\user\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll () MOD - C:\WINDOWS\system32\msvcp71.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msvcr71.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\dwlGina3.dll (Kassl GmbH) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File not found SRV - (iClientService) -- C:\WINDOWS\System32\IClientService.exe File not found SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (ICClientHelperService) -- C:\Programme\InterCafe 2008\Client\ICClientHelper.exe (blue image GmbH) SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (DF5Serv) -- C:\Programme\Faronics\Deep Freeze\Install C-0\DF5Serv.exe (Faronics Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys File not found DRV - (PciCon) -- F:\PciCon.sys File not found DRV - (mlwahn) -- C:\WINDOWS\System32\drivers\bnjagds.sys File not found DRV - (cpuz132) -- C:\DOKUME~1\user\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (amsint32) -- C:\WINDOWS\System32\drivers\iilonn.sys File not found DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (dwlkbf) -- C:\WINDOWS\System32\drivers\dwlkbf.sys (Kassl) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (LVMVDrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (DeepFrz) -- C:\WINDOWS\System32\drivers\DeepFrz.sys (Faronics Corporation) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys () DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home - AlamoTel - PC Hilfe, PC Notdienst, PC Reparatur, PC Service, EDV Beratung, Telekommunikation Service IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Home - AlamoTel - PC Hilfe, PC Notdienst, PC Reparatur, PC Service, EDV Beratung, Telekommunikation Service IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.alamotel.de" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.4.20081105 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.21 20:11:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.06 11:19:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.06 11:19:56 | 000,000,000 | ---D | M] [2010.07.16 21:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2010.08.09 16:30:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\gsqoe35c.default\extensions [2010.08.09 11:23:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\gsqoe35c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.08.09 16:30:39 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.09 16:26:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.08.09 16:26:47 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found. O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [PC-11] C:\WINDOWS\system32\PC-11.vbs () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider) O4 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileUrl = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesRecycleBin = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuSubFolders = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 1 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 1 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 1 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoHardwareTab = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSecurityTab = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoComputersNearMe = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchCommInStartMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchComputerLinkInStartMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchFilesInStartMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchInternetInStartMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSearchProgramsInStartMenu = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictWelcomeCenter = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMorePrograms = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: = O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = BF2.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = iw3sp.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 5 = generals.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 6 = Warcraft III.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 7 = Game.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 8 = Crysis.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 9 = NFSC.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 10 = TestDriveUnlimited.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 11 = ACTOFWAR.EXE O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 12 = tra.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 13 = gta_sa.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 14 = Startup.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 15 = Steam.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 16 = fifa07.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 17 = Frozen Throne.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 18 = graw.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 19 = FIFA08.exe O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0 O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Programme\Paltalk Messenger\paltalk.exe (AVM Software Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\..Trusted Domains: trendmicro.de ([www] http in Vertrauenswürdige Sites) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\yinsthelper.dll (YInstStarter Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281349501312 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1205762813937 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} </title> <script language="JavaScript" type="text/javascript" src="/ocom/groups/systemobject/@mktg_admin/documents/webcontent/oraclelib.js"> </script> <style type="text/css"> HTML,BODY,TD,H1,H2,H3,H4,OL,UL,DL,LI,DT,DD {font-family:arial,helvetica,san (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.123.253 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - ("C:\Programme\InterCafe 2008\Client\Client.exe") - C:\Programme\InterCafe 2008\Client\Client.exe (blue image GmbH) O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - C:\WINDOWS\System32\LogonDll.dll () O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.03.16 23:32:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.08.09 16:51:14 | 000,000,092 | RHS- | M] () - C:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010.08.09 16:51:17 | 000,000,092 | RHS- | M] () - D:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2010.08.09 16:51:17 | 000,000,092 | RHS- | M] () - E:\autorun.inf -- [ NTFS ] O32 - AutoRun File - [2004.11.18 22:59:22 | 000,000,000 | R--D | M] - M:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2004.11.18 22:25:54 | 000,684,032 | R--- | M] (Electronic Arts Inc.) - M:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2004.11.14 16:08:54 | 000,929,792 | R--- | M] (Electronic Arts Inc.) - M:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2004.11.18 22:58:27 | 000,000,103 | R--- | M] () - M:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2005.05.23 01:22:41 | 001,187,840 | R--- | M] () - Y:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.05.23 01:22:41 | 001,187,840 | R--- | M] () - Y:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2005.05.23 01:22:40 | 000,000,043 | R--- | M] () - Y:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{08829b26-a13b-11df-b8f2-0011d813e4a0}\Shell - "" = AutoRun O33 - MountPoints2\{08829b26-a13b-11df-b8f2-0011d813e4a0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{90dc20c1-f39e-11dc-a4fb-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{90dc20c1-f39e-11dc-a4fb-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{90dc20c1-f39e-11dc-a4fb-806d6172696f}\Shell\AutoRun\command - "" = F:\Autorun\ShelExec.exe default.htm -- File not found O34 - HKLM BootExecute: (autocheck autochk /k:C /k:D /k:E *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789) ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error. ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error. ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {ECD292A0-0347-4244-8C24-5DBCE990FB40} - Hotfix for Microsoft .NET Framework 3.0 (KB932471) ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2010.08.09 18:37:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.08.09 16:33:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\PCHealth [2010.08.09 14:51:59 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\user\Recent [2010.08.09 13:40:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun [2010.08.09 13:18:55 | 000,000,000 | ---D | C] -- C:\Programme\Catan GmbH [2010.08.09 12:54:55 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys [2010.08.09 12:54:32 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys [2010.08.09 12:54:10 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll [2010.08.09 12:54:10 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll [2010.08.09 12:53:53 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe [2010.08.09 12:53:30 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys [2010.08.09 12:53:17 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll [2010.08.09 12:53:09 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.08.09 12:52:02 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys [2010.08.09 12:51:12 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe [2010.08.09 12:50:55 | 002,192,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe [2010.08.09 12:50:48 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe [2010.08.09 12:50:46 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe [2010.08.09 12:49:44 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010.08.09 12:46:23 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll [2010.08.09 12:45:54 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll [2010.08.09 12:33:46 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll [2010.08.09 12:33:46 | 000,017,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui [2010.08.09 12:25:21 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2010.08.09 11:24:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2010.08.09 11:23:54 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.09 11:23:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.09 11:11:10 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy [2010.08.09 11:11:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2010.08.09 10:45:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations [2010.08.07 13:25:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2010.08.07 13:03:55 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared [2010.08.07 13:03:48 | 000,000,000 | ---D | C] -- C:\Programme\DivX [2010.08.07 12:57:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX [2010.08.07 12:17:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2010.08.06 11:31:38 | 001,372,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll [2010.08.06 11:31:38 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll [2010.08.06 11:31:36 | 000,870,784 | ---- | C] (ATI Technologies Inc. ) -- C:\WINDOWS\System32\ati3d1ag.dll [2010.08.06 11:31:36 | 000,377,984 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ati2dvaa.dll [2010.08.06 11:31:36 | 000,023,040 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativmvxx.ax [2010.08.06 11:31:36 | 000,009,728 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativdaxx.ax [2010.08.06 11:31:35 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll [2010.08.06 11:31:35 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll [2010.08.06 11:31:35 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll [2010.08.06 11:31:35 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll [2010.08.06 11:31:35 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll [2010.08.06 11:31:35 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll [2010.08.06 11:31:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll [2010.08.06 11:31:35 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll [2010.08.06 11:31:35 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll [2010.08.06 11:31:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll [2010.08.06 11:31:35 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll [2010.08.06 11:31:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll [2010.08.06 11:31:35 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll [2010.08.06 11:31:35 | 000,032,768 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\ativtmxx.dll [2010.08.06 11:31:35 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll [2010.08.06 11:31:35 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll [2010.08.06 11:31:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll [2010.08.06 11:31:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll [2010.08.06 11:31:34 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll [2010.08.06 11:31:34 | 000,032,285 | ---- | C] (Conexant Systems, Inc.) -- C:\WINDOWS\System32\hsfcisp2.dll [2010.08.06 11:31:33 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll [2010.08.06 11:31:32 | 001,737,856 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\mtxparhd.dll [2010.08.06 11:31:32 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll [2010.08.06 11:31:32 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe [2010.08.06 11:31:32 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll [2010.08.06 11:31:32 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll [2010.08.06 11:31:32 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll [2010.08.06 11:31:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll [2010.08.06 11:31:32 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll [2010.08.06 11:31:32 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll [2010.08.06 11:31:31 | 000,397,056 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\s3gnb.dll [2010.08.06 11:31:31 | 000,286,792 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slextspk.dll [2010.08.06 11:31:31 | 000,188,508 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slgen.dll [2010.08.06 11:31:31 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll [2010.08.06 11:31:31 | 000,073,832 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slcoinst.dll [2010.08.06 11:31:31 | 000,073,796 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slserv.exe [2010.08.06 11:31:31 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll [2010.08.06 11:31:31 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\slrundll.exe [2010.08.06 11:31:31 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe [2010.08.06 11:31:30 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll [2010.08.06 11:31:28 | 000,032,866 | ---- | C] (Smart Link) -- C:\WINDOWS\slrundll.exe [2010.08.06 11:31:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas [2010.08.06 11:31:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits [2010.08.06 11:27:10 | 000,004,255 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv01nt5.dll [2010.08.06 11:27:09 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys [2010.08.06 11:27:09 | 000,043,008 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\drivers\amdagp.sys [2010.08.06 11:27:09 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys [2010.08.06 11:27:09 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys [2010.08.06 11:27:09 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys [2010.08.06 11:27:09 | 000,003,967 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv02nt5.dll [2010.08.06 11:27:09 | 000,003,775 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv11nt5.dll [2010.08.06 11:27:09 | 000,003,711 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv09nt5.dll [2010.08.06 11:27:09 | 000,003,647 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv07nt5.dll [2010.08.06 11:27:09 | 000,003,615 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv05nt5.dll [2010.08.06 11:27:09 | 000,003,135 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\adv08nt5.dll [2010.08.06 11:27:08 | 000,327,168 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys [2010.08.06 11:27:08 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys [2010.08.06 11:27:08 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys [2010.08.06 11:27:08 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys [2010.08.06 11:27:08 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys [2010.08.06 11:27:08 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys [2010.08.06 11:27:08 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys [2010.08.06 11:27:08 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys [2010.08.06 11:27:08 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys [2010.08.06 11:27:08 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys [2010.08.06 11:27:08 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys [2010.08.06 11:27:08 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys [2010.08.06 11:27:08 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys [2010.08.06 11:27:08 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys [2010.08.06 11:27:08 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys [2010.08.06 11:27:07 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys [2010.08.06 11:27:07 | 000,036,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\bthprint.sys [2010.08.06 11:27:07 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys [2010.08.06 11:27:07 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv04nt5.dll [2010.08.06 11:27:07 | 000,021,183 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv01nt5.dll [2010.08.06 11:27:07 | 000,017,279 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv10nt5.dll [2010.08.06 11:27:07 | 000,014,143 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv06nt5.dll [2010.08.06 11:27:07 | 000,011,359 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\atv02nt5.dll [2010.08.06 11:27:06 | 000,015,423 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\ch7xxnt5.dll [2010.08.06 11:27:04 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys [2010.08.06 11:27:04 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys [2010.08.06 11:27:04 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys [2010.08.06 11:27:04 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys [2010.08.06 11:27:04 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys [2010.08.06 11:27:04 | 000,030,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\rndismpx.sys [2010.08.06 11:27:04 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys [2010.08.06 11:27:04 | 000,012,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mutohpen.sys [2010.08.06 11:27:03 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys [2010.08.06 11:27:03 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys [2010.08.06 11:27:03 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys [2010.08.06 11:27:03 | 000,040,960 | ---- | C] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\drivers\sisagp.sys [2010.08.06 11:27:03 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys [2010.08.06 11:27:03 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\smbali.sys [2010.08.06 11:27:03 | 000,003,901 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\siint5.dll [2010.08.06 11:27:02 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys [2010.08.06 11:27:02 | 000,011,325 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\vchnt5.dll [2010.08.06 11:27:02 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys [2010.08.06 11:27:01 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys [2010.08.06 11:27:01 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys [2010.08.06 11:27:01 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys [2010.08.06 11:27:01 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys [2010.08.06 11:22:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$ [2010.08.06 11:22:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome [2010.08.06 11:17:10 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies [2010.08.06 11:17:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation [2010.08.06 11:16:54 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation [2010.08.06 11:16:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups [2010.08.06 11:16:05 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll [2010.08.06 11:16:05 | 002,259,560 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll [2010.08.06 11:16:05 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll [2010.08.06 11:16:01 | 011,632,640 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll [2010.08.06 11:15:57 | 000,000,000 | ---D | C] -- C:\NVIDIA [2010.07.27 08:29:42 | 008,503,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.21 20:19:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads [2010.07.21 20:17:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2010.07.21 20:17:04 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.07.21 20:16:53 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.07.21 20:16:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.07.21 20:16:53 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.07.21 20:15:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe [2010.07.21 20:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NOS [2010.07.21 20:11:20 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2010.07.21 20:11:15 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2010.07.21 20:11:15 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2010.07.21 20:11:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\xing shared [2010.07.21 20:10:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real [2010.07.21 20:02:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2010.07.21 20:02:13 | 000,000,000 | R--D | C] -- C:\Programme\Skype [2010.07.21 20:01:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\AOL [2010.07.21 20:00:49 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2010.07.16 23:26:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user\IECompatCache [2010.07.16 23:25:22 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user\PrivacIE [2010.07.16 22:50:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump [2010.07.16 22:23:17 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\user\IETldCache [2010.07.16 22:19:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010.07.16 22:14:48 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010.07.16 22:11:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Temp [2010.07.16 22:11:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google [2010.07.16 22:08:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010.07.16 22:06:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.09 18:43:22 | 000,004,208 | RHS- | M] () -- C:\WINDOWS\System32\PC-11.vbs [2010.08.09 18:43:22 | 000,004,208 | RHS- | M] () -- C:\PC-11.vbs [2010.08.09 18:37:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Desktop\OTL.exe [2010.08.09 18:11:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.09 16:52:07 | 008,396,544 | ---- | M] () -- C:\Persi0.sys [2010.08.09 16:51:18 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.09 16:51:17 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3781621405-2229333351-2813762238-1005.job [2010.08.09 16:51:14 | 000,000,092 | RHS- | M] () -- C:\autorun.inf [2010.08.09 16:51:11 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.08.09 16:51:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.09 16:49:23 | 003,932,160 | -H-- | M] () -- C:\Dokumente und Einstellungen\user\NTUSER.DAT [2010.08.09 16:44:22 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3781621405-2229333351-2813762238-1005.job [2010.08.09 16:26:47 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.09 16:26:47 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.09 16:26:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.09 16:26:47 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.09 16:26:47 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.09 16:22:01 | 000,459,152 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.09 16:22:01 | 000,441,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.09 16:22:01 | 000,084,524 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.09 16:22:01 | 000,071,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.09 16:22:00 | 001,070,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.09 15:12:41 | 000,067,184 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.08.09 15:12:07 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.09 15:05:54 | 000,002,163 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Safari.lnk [2010.08.09 13:01:43 | 000,459,600 | ---- | M] () -- C:\WINDOWS\System32\prfh0407.dat [2010.08.09 13:01:43 | 000,084,884 | ---- | M] () -- C:\WINDOWS\System32\prfc0407.dat [2010.08.09 09:56:15 | 004,326,454 | -H-- | M] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\IconCache.db [2010.08.08 21:47:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.07 13:18:44 | 000,000,287 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.06 11:34:27 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\user\ntuser.ini [2010.08.06 11:26:47 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.07.27 08:29:42 | 008,503,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll [2010.07.21 20:11:20 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll [2010.07.21 20:11:15 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll [2010.07.21 20:11:15 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll [2010.07.21 20:10:55 | 000,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71.dll [2010.07.21 20:10:55 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71.dll [2010.07.21 20:10:55 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll [2010.07.21 20:10:17 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Microsoft Office Word 2003.lnk [2010.07.21 20:04:36 | 000,001,590 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\PaltalkScene.lnk [2010.07.21 20:02:15 | 000,001,872 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.07.21 20:01:14 | 000,001,457 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk [2010.07.21 19:57:16 | 000,000,786 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Yahoo! Messenger.lnk [2010.07.16 21:59:05 | 000,001,572 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.09 13:01:43 | 000,459,600 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat [2010.08.09 13:01:43 | 000,084,884 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat [2010.08.07 13:19:18 | 000,000,092 | RHS- | C] () -- C:\autorun.inf [2010.08.06 11:27:07 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod [2010.08.06 11:27:06 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty [2010.08.06 11:27:04 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img [2010.08.06 11:16:05 | 000,009,047 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb [2010.08.06 11:16:01 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2010.07.21 20:11:28 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3781621405-2229333351-2813762238-1005.job [2010.07.21 20:11:26 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3781621405-2229333351-2813762238-1005.job [2010.07.21 20:01:14 | 000,001,457 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk [2010.07.21 19:57:16 | 000,000,786 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Yahoo! Messenger.lnk [2010.07.16 22:06:47 | 000,001,088 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.07.16 22:06:46 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2008.11.08 23:10:01 | 000,006,812 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.11.08 23:09:57 | 000,585,824 | R--- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys [2008.07.14 11:24:01 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\csExWBDLMan.dll [2008.04.16 17:23:58 | 000,001,469 | ---- | C] () -- C:\WINDOWS\{BEE3FBB3-3C09-4B88-97CA-CA6F9129F5A9}_WiseFW.ini [2008.04.05 13:20:01 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll [2008.04.05 00:09:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\xrsasn12.dll [2008.04.05 00:09:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\xrsmai12.drv [2008.04.05 00:09:41 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\xrsslm12.dll [2008.04.05 00:09:41 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\xrsfns12.dll [2008.04.05 00:09:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\xrscom12.dll [2008.04.05 00:09:41 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xrsatr12.dll [2008.04.03 22:49:47 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2008.04.02 23:53:42 | 000,022,328 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2008.04.02 17:19:24 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.04.02 11:52:04 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI [2008.03.20 19:59:07 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2008.03.17 16:22:19 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.03.17 00:26:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.03.16 23:36:48 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.02.21 04:05:44 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.02.21 04:04:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007.12.07 07:51:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007.08.16 16:03:00 | 000,000,049 | R--- | C] () -- C:\WINDOWS\System32\regini.ini [2007.07.13 17:17:48 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\dwlGina2.dll [2005.11.07 10:15:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2005.01.25 16:23:52 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\dwlgina.dll [2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2008.04.16 17:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\blue image [2010.08.07 13:25:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2008.04.04 13:33:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Test Drive Unlimited [2010.07.21 20:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICQ [2008.03.19 13:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICQ Toolbar [2008.03.19 15:37:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MSNInstaller [2008.03.18 14:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\OfficeUpdate12 [2008.03.19 13:42:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Paltalk [2008.03.17 19:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\TeamViewer ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.03.19 15:37:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Adobe [2008.04.02 12:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Apple Computer [2008.03.17 20:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ATI [2008.04.02 17:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DivX [2008.03.19 15:42:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Google [2008.04.04 18:30:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Help [2010.07.21 20:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICQ [2008.03.19 13:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICQ Toolbar [2008.03.17 00:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Identities [2008.03.19 15:24:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Macromedia [2010.08.09 11:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2008.04.04 12:40:56 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft [2008.04.04 12:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft Games [2010.07.16 21:59:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla [2008.03.19 15:37:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MSNInstaller [2008.03.18 14:55:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\OfficeUpdate12 [2008.03.19 13:42:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Paltalk [2010.07.21 20:12:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Real [2008.03.20 20:14:17 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\SecuROM [2010.07.21 20:20:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Skype [2008.03.19 13:07:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\skypePM [2008.03.16 23:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sun [2008.03.21 22:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Talkback [2008.03.17 19:44:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\TeamViewer [2008.03.19 13:30:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Yahoo! < %APPDATA%\*.exe /s > [2008.11.08 23:03:11 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{5FE1E412-D114-46E8-A891-5BE087B256A5}\ARPPRODUCTICON.exe [2008.03.20 21:24:20 | 000,118,784 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}\ARPPRODUCTICON.exe [2008.04.02 12:54:06 | 000,131,072 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Microsoft\Installer\{FB706A00-C234-4716-AB1F-27DCB192C664}\ARPPRODUCTICON.exe [2008.03.19 15:37:21 | 000,908,776 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MSNInstaller\msnauins.exe [2010.07.21 20:09:55 | 000,812,552 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Real\RealPlayer\setup\AU_setup20100218.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.03.20 19:59:07 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.03.17 00:18:15 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2008.03.17 00:18:14 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2008.03.17 00:18:14 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > |
|
09.08.2010, 17:53
| #4 |
| | weder Zugriff auf die Registry, den Taskmanager, noch online update ----------------------------- |
|
09.08.2010, 17:54
| #5 |
| | weder Zugriff auf die Registry, den Taskmanager, noch online update --------EXTRAS:TXT-------- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.08.2010 18:40:55 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 391,00 Mb Available Physical Memory | 38,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 48,83 Gb Total Space | 33,67 Gb Free Space | 68,95% Space Free | Partition Type: NTFS
Drive D: | 68,36 Gb Total Space | 6,08 Gb Free Space | 8,89% Space Free | Partition Type: NTFS
Drive E: | 31,85 Gb Total Space | 12,57 Gb Free Space | 39,46% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 3,97 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Y: | 1,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: PC-11
Current User Name: user
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Yahoo!\Messenger\YServer.exe" = C:\Programme\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Paltalk Messenger\paltalk.exe" = C:\Programme\Paltalk Messenger\paltalk.exe:*:Enabled:PaltalkScene -- (AVM Software Inc.)
"D:\Programme\EA Games\Battlefield 2\BF2.exe" = D:\Programme\EA Games\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- File not found
"D:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = D:\Programme\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"D:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = D:\Programme\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"D:\Programme\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe" = D:\Programme\Microsoft Games\Gears of War\Binaries\WarGame-G4WLive.exe:*:Enabled:Gears of War -- (Epic Games, Inc.)
"D:\Programme\Warcraft III\Warcraft III.exe" = D:\Programme\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III -- ()
"D:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = D:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"E:\Programme\Steam\steamapps\csqbpc11\condition zero\hl.exe" = E:\Programme\Steam\steamapps\csqbpc11\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"E:\Programme\Steam\steamapps\csqbpc11\counter-strike\hl.exe" = E:\Programme\Steam\steamapps\csqbpc11\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Programme\Spiele\EA GAMES\Battlefield 2\BF2.exe" = C:\Programme\Spiele\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2 -- ()
"D:\Programme\Atari\Test Drive Unlimited\TestDriveUnlimited.exe" = D:\Programme\Atari\Test Drive Unlimited\TestDriveUnlimited.exe:*:Enabled:Test Drive Unlimited -- (Eden Games)
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"D:\Programme\EA Games\Command and Conquer Generals\patchget.dat" = D:\Programme\EA Games\Command and Conquer Generals\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"D:\Programme\Atari\Act of War - Direct Action\ACTOFWAR.EXE" = D:\Programme\Atari\Act of War - Direct Action\ACTOFWAR.EXE:*:Enabled:ACTOFWAR -- ()
"D:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat" = D:\Programme\EA Games\Command & Conquer Generäle Stunde Null\game.dat:*:Enabled:game -- ()
"D:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat" = D:\Programme\EA Games\Command & Conquer Generäle Stunde Null\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Programme\InterCafe 2008\Client\ICClientHelper.exe" = C:\Programme\InterCafe 2008\Client\ICClientHelper.exe:*:Enabled:ICClientHelper.exe -- (blue image GmbH)
"C:\Programme\InterCafe 2008\Client\Client.exe" = C:\Programme\InterCafe 2008\Client\Client.exe:*:Enabled:ipsec -- (blue image GmbH)
"C:\Programme\InterCafe 2008\Client\PrinterPreview.exe" = C:\Programme\InterCafe 2008\Client\PrinterPreview.exe:*:Enabled:PrinterPreview.exe -- (blue image GmbH)
"D:\Programme\CAPCOM\StreetFighterIV.exe" = D:\Programme\CAPCOM\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\DOKUME~1\user\LOKALE~1\Temp\157086.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\157086.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOKUME~1\user\LOKALE~1\Temp\winopben.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winopben.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\sdmpnm.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\sdmpnm.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winoxyfk.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winoxyfk.exe:*:Enabled:ipsec -- File not found
"C:\WINDOWS\system32\HDAudPropShortcut.exe" = C:\WINDOWS\system32\HDAudPropShortcut.exe:*:Enabled:ipsec -- (Windows (R) Server 2003 DDK provider)
"C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" = C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winguub.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winguub.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winpppbn.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winpppbn.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winjfyxjn.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winjfyxjn.exe:*:Enabled:ipsec -- File not found
"C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" = C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe:*:Enabled:ipsec -- (Yahoo! Inc.)
"C:\DOKUME~1\user\LOKALE~1\Temp\winwyynt.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winwyynt.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\qnqc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\qnqc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\wpeul.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\wpeul.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winroybw.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winroybw.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\cosy.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\cosy.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\oeue.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\oeue.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winlgwnh.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winlgwnh.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\vfxf.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\vfxf.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winomylch.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winomylch.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\jkkdoh.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\jkkdoh.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\ibmajb.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\ibmajb.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winisxb.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winisxb.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winxhexaw.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winxhexaw.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\bsarb.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\bsarb.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\wintqrsd.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\wintqrsd.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\gcfa.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\gcfa.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\bpvl.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\bpvl.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winwtkc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winwtkc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winjpqha.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winjpqha.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\gqbc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\gqbc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\atsg.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\atsg.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winpoya.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winpoya.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winqxemg.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winqxemg.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\oxkx.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\oxkx.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\fjlc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\fjlc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winlsbksf.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winlsbksf.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\wingicw.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\wingicw.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\wincxsf.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\wincxsf.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\wincrhx.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\wincrhx.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winyfavy.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winyfavy.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winoctij.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winoctij.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winroui.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winroui.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winpvbb.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winpvbb.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\sygvp.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\sygvp.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winibljh.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winibljh.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\kieoen.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\kieoen.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\windrkkc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\windrkkc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winxshqe.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winxshqe.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\hxhbm.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\hxhbm.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winfxnvf.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winfxnvf.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\yodgud.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\yodgud.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\wingqrrwc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\wingqrrwc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\dkla.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\dkla.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winpyvsg.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winpyvsg.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\gqjspp.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\gqjspp.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winfiecbq.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winfiecbq.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\lowmc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\lowmc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\wintveb.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\wintveb.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winhrmqg.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winhrmqg.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\jvhpc.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\jvhpc.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winuiumvk.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winuiumvk.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winuucfp.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winuucfp.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winnenwd.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winnenwd.exe:*:Enabled:ipsec -- File not found
"C:\Programme\Mozilla Firefox\plugin-container.exe" = C:\Programme\Mozilla Firefox\plugin-container.exe:*:Enabled:ipsec -- (Mozilla Corporation)
"C:\DOKUME~1\user\LOKALE~1\Temp\jiwjb.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\jiwjb.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\pqbjvf.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\pqbjvf.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\drpol.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\drpol.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winreyem.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winreyem.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\bksyo.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\bksyo.exe:*:Enabled:ipsec -- ()
"C:\DOKUME~1\user\LOKALE~1\Temp\oyuwsn.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\oyuwsn.exe:*:Enabled:ipsec -- ()
"C:\DOKUME~1\user\LOKALE~1\Temp\winodsn.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winodsn.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\vjgvh.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\vjgvh.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\ptccgp.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\ptccgp.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\ydtcp.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\ydtcp.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\hiskj.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\hiskj.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\luiqa.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\luiqa.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winughs.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winughs.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winsaxi.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winsaxi.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winivdip.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winivdip.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\winiylj.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\winiylj.exe:*:Enabled:ipsec -- File not found
"C:\DOKUME~1\user\LOKALE~1\Temp\jdsh.exe" = C:\DOKUME~1\user\LOKALE~1\Temp\jdsh.exe:*:Enabled:ipsec -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FE1E412-D114-46E8-A891-5BE087B256A5}" = MVision
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{81C9205D-3BC2-4059-A303-61405032A482}" = Xerox Netzwerkscanner-Hilfsprogramm2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-00A4-0407-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90F80407-6000-11D3-8CFE-0150048383C9}" = Tool zum Entfernen verborgener Daten
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ADFBC522-0E15-4E35-B932-8CE2EE0DDEA3}" = Microsoft Office 2003 Spracheinstellungen
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6828215-1469-43A2-8BEE-F5A970F98161}" = Microsoft Office 2003 International Character Toolbar
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEE3FBB3-3C09-4B88-97CA-CA6F9129F5A9}" = InterCafe 2008
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}" = Test Drive Unlimited
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}" = Safari
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F9B915DF-B79C-4747-9BA3-9705A57DC717}" = Act of War - Direct Action
"{FB706A00-C234-4716-AB1F-27DCB192C664}" = Opera 9.26
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Catan Online Welt" = Catan Online Welt
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"DivX Setup.divx.com" = DivX-Setup
"GameSpy Arcade" = GameSpy Arcade
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{1170D24F-42B7-40CF-AA1B-6395CE562354}" = Gears of War
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null
"Jetfighter 5_is1" = Jetfighter 5
"lvdrivers_11.50" = Logitech QuickCam-Treiberpaket
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PalTalk8.2" = PaltalkScene
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Tomb Raider: Anniversary" = Tomb Raider: Anniversary 1.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3781621405-2229333351-2813762238-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 09.08.2010 10:48:39 | Computer Name = PC-11 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office Outlook
2003 (KB980373)
Error - 09.08.2010 10:48:39 | Computer Name = PC-11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Office Source Engine" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.08.2010 10:48:39 | Computer Name = PC-11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Office Source Engine" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.08.2010 10:48:49 | Computer Name = PC-11 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2003 (KB982311)
Error - 09.08.2010 10:48:49 | Computer Name = PC-11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Office Source Engine" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.08.2010 10:48:49 | Computer Name = PC-11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Office Source Engine" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.08.2010 10:48:59 | Computer Name = PC-11 | Source = Windows Update Agent | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Office 2003 (KB976382)
Error - 09.08.2010 10:48:59 | Computer Name = PC-11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Office Source Engine" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.08.2010 10:48:59 | Computer Name = PC-11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Office Source Engine" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 09.08.2010 10:52:34 | Computer Name = PC-11 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Client Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
|
|
09.08.2010, 18:06
| #6 |
| /// Malware-holic | weder Zugriff auf die Registry, den Taskmanager, noch online update • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun das Folgende in die Textbox. :OTL PRC - C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\oyuwsn.exe () PRC - C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\bksyo.exe () SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File not found SRV - (iClientService) -- C:\WINDOWS\System32\IClientService.exe File not found SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys File not found DRV - (PciCon) -- F:\PciCon.sys File not found DRV - (mlwahn) -- C:\WINDOWS\System32\drivers\bnjagds.sys File not found DRV - (cpuz132) -- C:\DOKUME~1\user\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found DRV - (amsint32) -- C:\WINDOWS\System32\drivers\iilonn.sys File not found O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found O3 - HKU\S-1-5-21-3781621405-2229333351-2813762238-1005\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found O4 - HKLM..\Run: [nwiz] File not found O4 - HKLM..\Run: [PC-11] C:\WINDOWS\system32\PC-11.vbs () O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument dieses posten bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
09.08.2010, 18:19
| #7 |
| | weder Zugriff auf die Registry, den Taskmanager, noch online update Das kam bei raus.... All processes killed ========== OTL ========== No active process named oyuwsn.exe was found! No active process named bksyo.exe was found! Service ose stopped successfully! Service ose deleted successfully! File C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE File not found not found. Service iClientService stopped successfully! Service iClientService deleted successfully! File C:\WINDOWS\System32\IClientService.exe File not found not found. Service clr_optimization_v2.0.50727_32 stopped successfully! Service clr_optimization_v2.0.50727_32 deleted successfully! File C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe File not found not found. Service AppMgmt stopped successfully! Service AppMgmt deleted successfully! File C:\WINDOWS\System32\appmgmts.dll File not found not found. Service PxHelp20 stopped successfully! Service PxHelp20 deleted successfully! File C:\WINDOWS\System32\Drivers\PxHelp20.sys File not found not found. Service PciCon stopped successfully! Service PciCon deleted successfully! File F:\PciCon.sys File not found not found. Service mlwahn stopped successfully! Service mlwahn deleted successfully! File C:\WINDOWS\System32\drivers\bnjagds.sys File not found not found. Service cpuz132 stopped successfully! Service cpuz132 deleted successfully! File C:\DOKUME~1\user\LOKALE~1\Temp\cpuz132\cpuz132_x32.sys File not found not found. Error: Unable to stop service amsint32! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amsint32 deleted successfully. File C:\WINDOWS\System32\drivers\iilonn.sys File not found not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_USERS\S-1-5-21-3781621405-2229333351-2813762238-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\PC-11 deleted successfully. File move failed. C:\WINDOWS\system32\PC-11.vbs scheduled to be moved on reboot. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent\ deleted successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User User: LocalService User: NetworkService User: user ->Flash cache emptied: 708 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 6341147 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33237 bytes User: user ->Temp folder emptied: 279113850 bytes ->Temporary Internet Files folder emptied: 975572 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 40783645 bytes ->Google Chrome cache emptied: 6340428 bytes ->Apple Safari cache emptied: 236544 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2134333 bytes %systemroot%\System32 .tmp files removed: 11447 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 69947 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 321,00 mb OTL by OldTimer - Version 3.2.9.1 log created on 08092010_191215 Files\Folders moved on Reboot... C:\WINDOWS\system32\PC-11.vbs moved successfully. Registry entries deleted on Reboot... |
|
09.08.2010, 18:23
| #8 |
| /// Malware-holic | weder Zugriff auf die Registry, den Taskmanager, noch online update ok, dann mit combofix weiter. otl war nicht ganz so erfolgreich wie ichs gern gehabt hätte :-) |
Linear-Darstellung
