| |
| |||||||
Log-Analyse und Auswertung: wird mein PC ausspioniert?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
10.08.2010, 08:13
| #1 |
| |  wird mein PC ausspioniert? Moin Zusammen! Ich habe zuhause ein Netzwerk eingerichtet. Ich vermute jedoch, daß mein PC von Kumpels ausspioniert wird. Wie weiß ich nicht, doch der Verdacht liegt nahe, da teilweise Details bekannt sind oder Daten auch woanders auftauchen. Kann mir bitte jemand bei der Prüfung helfen, ob auf meinem PC eine Spyware installiert ist? Ich habe hier die Hijack Software laufen lassen, hier der Inhalt: quoteHiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 09:07:09, on 10.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\cisvc.exe C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE C:\Programme\Intel\Wireless\Bin\EvtEng.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\GIG\PdfFormServer\PdfFormServer.exe C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe C:\Programme\Tobit Radio.fx\Server\rfx-server.exe C:\Programme\Intel\Wireless\Bin\RegSrvc.exe C:\Programme\Dell Support Center\bin\sprtsvc.exe c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Intel\Wireless\Bin\WLKeeper.exe C:\Programme\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\Explorer.EXE C:\Programme\DellTPad\Apoint.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\Programme\DellTPad\ApMsgFwd.exe C:\Programme\DellTPad\HidFind.exe C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe C:\Programme\DellTPad\Apntex.exe C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe C:\Programme\Dell\QuickSet\quickset.exe C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Programme\Dell Support Center\bin\sprtcmd.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Programme\Spybot - Search & Destroy\TeaTimer.exe C:\Programme\Logitech\SetPoint\SetPoint.exe C:\Programme\ceytec internet+software GmbH\A Smaller Note 99\note.exe C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE C:\Programme\Tobit InfoCenter\DVWIN32.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\iTunes\iTunes.exe C:\Programme\iPod\bin\iPodService.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.1.22/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=0080703 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file) O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [dscactivate] "C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe" O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" O4 - HKLM\..\Run: [DellSupportCenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: A Smaller Note 99.lnk = C:\Programme\ceytec internet+software GmbH\A Smaller Note 99\note.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Programme\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O16 - DPF: {03C0000A-CF6D-4EF4-A2D6-376622318018} (RASplus_WatSear Control) - hxxp://217.91.207.201:12088/WatSearCtrl.cab O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} (RtspVaPgCtrlNew Class) - h**p://169.254.0.99/RtspVaPgDec.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - h**p://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253697622667 O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} (JInitiator 1.3.1.22) - O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bera.de O17 - HKLM\Software\..\Telephony: DomainName = Bera.de O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Bera.de O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Bera.de O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - (no file) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: David Replica (DavidReplica) - Tobit Software - C:\Programme\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe O23 - Service: David Service Layer (DavidServiceLayer) - Tobit Software - C:\Programme\Tobit InfoCenter\David\Code\SL.EXE O23 - Service: deltra Database Guardian (deltraDBGuard) - Unknown owner - C:\***\orgaMAX\DB-Server\bin\DelGuard.exe (file missing) O23 - Service: deltra Database Server (deltraDBServer) - Unknown owner - C:\***\orgaMAX\DB-Server\bin\delserv.exe (file missing) O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Update Service (gupdate1c977d4aff071f4) (gupdate1c977d4aff071f4) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDF FormServer (PdfFormServer) - GIG mbH - C:\Programme\GIG\PdfFormServer\PdfFormServer.exe O23 - Service: Radio.fx Server (Radio.fx) - Unknown owner - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe (file missing) O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Programme\Dell Support Center\bin\sprtsvc.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Programme\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 13560 bytes UNQUOTE Wäre sehr nett, bald was zu hören. Vielen Dank im voraus!! LG Der Nautiker |
|
10.08.2010, 09:59
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | wird mein PC ausspioniert? Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
10.08.2010, 10:34
| #3 |
| | wird mein PC ausspioniert? Hier das Ergebnis vom Scan
__________________Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4412 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10.08.2010 11:27:42 mbam-log-2010-08-10 (11-27-42).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 193605 Laufzeit: 5 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\WINDOWS\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. |
|
10.08.2010, 10:51
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wird mein PC ausspioniert? Du hast den Vollscan überlesen. 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.08.2010, 11:17
| #5 |
| | wird mein PC ausspioniert? hier das ergebnis von OTL 'Extras.txt': OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 10.08.2010 12:06:45 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 297,98 Gb Total Space | 158,46 Gb Free Space | 53,18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive H: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive O: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive P: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive S: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive T: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive U: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive V: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive W: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive X: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive Y: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Drive Z: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS
Computer Name: LAPTOP
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\ACDSee.exe" "%1" (ACD Systems, Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1927:TCP" = 1927:TCP:*:Enabled:eytron Cipc
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"13364:UDP" = 13364:UDP:*:Enabled:Print Server Utility
"13107:UDP" = 13107:UDP:*:Enabled:Print Server Utility
"69:UDP" = 69:UDP:*:Enabled:Print Server Utility
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Programme\Kyocera Mita\KyoNetCon\KyoNetCon.exe" = C:\Programme\Kyocera Mita\KyoNetCon\KyoNetCon.exe:*:Enabled:Kyocera Network Configuration -- File not found
"C:\Programme\TeamViewer3\TeamViewer.exe" = C:\Programme\TeamViewer3\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- File not found
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Programme\ABUS Security-Center\Installationsassistent 2\IW2.exe" = C:\Programme\ABUS Security-Center\Installationsassistent 2\IW2.exe:*:Enabled:Installation Wizard 2 -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Winfonie mobile 2\WinfonieMobile2.exe" = C:\Programme\Winfonie mobile 2\WinfonieMobile2.exe:*:Enabled:WinfonieMobile2 -- (Bertels + Hirsch)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Tobit Radio.fx\Server\rfx-server.exe" = C:\Programme\Tobit Radio.fx\Server\rfx-server.exe:*:Enabled:Radio.fx Server -- ()
"C:\Programme\Tobit Radio.fx\Client\rfx-client.exe" = C:\Programme\Tobit Radio.fx\Client\rfx-client.exe:*:Enabled:Radio.fx Client -- (Tobit.Software)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- File not found
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01866A44-A697-4821-871F-1CB9F907E8DE}" = OpenOffice.org 2.3
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell-Druckersoftware
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 19
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (DAVID)
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4394DC3A-5DAC-4C80-A86E-FF462D0AD653}" = Windows 7 Upgrade Advisor Beta
"{48AB06FF-059D-43DE-ACC1-15920D5A7FF2}" = JRE 1.4.2
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5F045A94-B4B0-4F24-BE71-8491B7121CB0}" = Auerswald COMtools 2.2.69
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{65B2B4C4-A67F-485E-9A6B-E72E07AB8DFF}" = Auerswald COMlist 2.4.36
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{86CEBAE9-5752-414A-86BC-170154E30E2A}" = Dell MFP Laser 3115cn Dienstprogramme Ver.1.0.2.1
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DA7286C-FBF6-48E4-A24A-FA9481EF4C0F}" = Dell MFP Laser 3115cn ScanButton-Manager Ver.1.1.0.2
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{938996BF-AE93-451A-853C-91F16CF4333A}" = Auerswald COMfortel Melody 1.0.37
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A344F95E-E51A-450C-8F84-C940BF61903E}" = OKI Color Swatch-Dienstprogramm
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB9E5A7B-009D-4A55-BB8C-8AB3FC72C841}" = eytron.® VMS
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{B256C380-AC47-4681-8342-7F42E4F0F434}" = JRE 1.6.1
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E11C46-E6EB-4BD2-9ADF-2A98ACBEB216}" = iTunes
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C87DEAF3-0964-419F-B747-DFBB5E8F0279}" = ScanSoft PaperPort 11
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CAFECAFE-0013-0001-0122-ABCDEFABCDEF}" = Oracle JInitiator 1.3.1.22
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D92776DD-F1B6-4E31-BDA2-A1D6EB58CC1C}" = Auerswald COMfortel Set 1.9.03
"{E3B99F3D-9856-482A-9048-305E28E2510C}" = Vodafone Mobile Connect Lite
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F24B25C8-26E2-4FA4-8801-5642B3073899}" = ACDSee 3.1 (SR-1)
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FDEC0704-D15E-4DB8-A624-2256DD4C65D7}" = Dell MFP Laser 3115cn Scanner-Treiber
"{FE23E2F5-553F-4861-B8AF-279791A5E28F}" = Auerswald COMset 2.6.28
"A Smaller Note 99" = A Smaller Note 99
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Auerswald CAPI 2.0 Treiber" = Auerswald CAPI 2.0 Treiber
"Auerswald ISDN WAN Treiber" = Auerswald ISDN WANTreiber
"Auerswald UNI TSP Treiber" = Auerswald UNI TSP Treiber
"Auerswald USB Treiber Preinstall" = Auerswald USB Treiber Preinstall
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CCleaner" = CCleaner (remove only)
"CHECK20" = CHECK20
"David Client" = David Client
"FileZilla Client" = FileZilla Client 3.3.2
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"IMDG-Code - Storck Verlag Hamburg - 03-09_is1" = IMDG-Code - Storck Verlag Hamburg - 03-09
"Installationsassistent2" = Installationsassistent2
"Jpeg Enhancer_is1" = Jpeg Enhancer 1.8
"LetsTrade" = LetsTrade Komponenten
"LiveViewer" = LiveViewer (Remove Only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MultiPlayer" = MultiPlayer (Remove Only)
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"orgaMAX_is1" = orgaMAX Business Software
"PDF FormServer_is1" = PDF FormServer 1.3.7.2
"PrintServer Network driver" = PrintServer Network driver
"ProInst" = Intel(R) PROSet/Wireless Software
"SearchAssist" = SearchAssist
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"TeamViewer 5" = TeamViewer 5
"Tobit Radio.fx Server" = Radio.fx
"VLC media player" = VLC media player 0.9.9
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"Winfonie mobile 2" = Winfonie mobile 2.2.2.41
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"xvid" = XviD MPEG-4 Video Codec
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Skat-Online V8" = Skat-Online V8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 30.07.2010 04:22:33 | Computer Name = LAPTOP | Source = UserInit | ID = 1000
Description = Folgendes Skript konnte nicht ausgeführt werden: \\bera-server\NETLOGON\beralogin.vbs.
Das Netzlaufwerk ist nicht erreichbar. Weitere Informationen über die Behebung
von Netzwerkproblemen finden Sie in der Windows-Hilfe.
Error - 30.07.2010 04:23:41 | Computer Name = LAPTOP | Source = AutoEnrollment | ID = 15
Description = Die automatische Zertifikatregistrierung für "***"
konnte keine Verbindung zum Active Directory (0x8007054b) herstellen. Die angegebene
Domäne ist nicht vorhanden oder es konnte keine Verbindung hergestellt werden.
Die Registrierung wird nicht durchgeführt.
Error - 30.07.2010 07:37:43 | Computer Name = LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 03.08.2010 01:37:35 | Computer Name = LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 04.08.2010 01:54:15 | Computer Name = LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 04.08.2010 01:59:33 | Computer Name = LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application dvwin32.exe, version 11.0.0.3092, faulting module
dvwin32.exe, fault address 0x005b54b2.
Error - 05.08.2010 01:05:31 | Computer Name = LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 06.08.2010 01:53:51 | Computer Name = LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 09.08.2010 02:02:35 | Computer Name = LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 10.08.2010 02:12:49 | Computer Name = LAPTOP | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 06.08.2010 10:40:46 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst CiSvc.
Error - 06.08.2010 10:41:17 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst CiSvc.
Error - 06.08.2010 10:54:10 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst CiSvc.
Error - 06.08.2010 10:56:03 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst CiSvc.
Error - 06.08.2010 11:05:22 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst CiSvc.
Error - 09.08.2010 02:03:43 | Computer Name = LAPTOP | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht
innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware
oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere
Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene
Transaktion durchzuführen.
Error - 09.08.2010 02:03:51 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst David
Service Layer.
Error - 09.08.2010 02:03:51 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "David Service Layer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.08.2010 02:14:12 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst David
Service Layer.
Error - 10.08.2010 02:14:12 | Computer Name = LAPTOP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "David Service Layer" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
und hier otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.08.2010 12:06:45 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 297,98 Gb Total Space | 158,46 Gb Free Space | 53,18% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive H: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive O: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive P: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive S: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive T: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive U: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive V: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive W: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive X: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive Y: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Drive Z: | 134,06 Gb Total Space | 49,26 Gb Free Space | 36,75% Space Free | Partition Type: NTFS Computer Name: LAPTOP Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 90 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Tobit InfoCenter\DVWIN32.EXE (Tobit.Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) PRC - C:\Programme\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe (Tobit Software) PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) PRC - C:\Programme\GIG\PdfFormServer\PdfFormServer.exe (GIG mbH) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) PRC - C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation) PRC - C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) PRC - C:\Programme\ceytec internet+software GmbH\A Smaller Note 99\note.exe (ceytec internet+software GmbH) PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) PRC - C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Programme\Dell\QuickSet\dadkeyb.dll () ========== Win32 Services (SafeList) ========== SRV - (RoxLiveShare9) -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe File not found SRV - (deltraDBServer) -- C:\***\orgaMAX\DB-Server\bin\delserv.exe File not found SRV - (deltraDBGuard) -- C:\***\orgaMAX\DB-Server\bin\DelGuard.exe File not found SRV - (Radio.fx) -- C:\Programme\Tobit Radio.fx\Server\rfx-server.exe () SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (DavidServiceLayer) -- C:\Programme\Tobit InfoCenter\David\Code\SL.EXE (Tobit Software) SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone) SRV - (DavidReplica) -- C:\Programme\Tobit InfoCenter\David\Apps\Replica\CODE\replica.exe (Tobit Software) SRV - (SQLWriter) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (MSSQL$DAVID) SQL Server (DAVID) -- c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (PdfFormServer) -- C:\Programme\GIG\PdfFormServer\PdfFormServer.exe (GIG mbH) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation) SRV - (WLANKEEPER) Intel(R) -- C:\Programme\Intel\Wireless\Bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (S24EventMonitor) Intel(R) -- C:\Programme\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation ) SRV - (RegSrvc) Intel(R) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation) SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (DLSDB) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.) SRV - (DLPWD) -- C:\Programme\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (RimUsb) -- C:\WINDOWS\System32\Drivers\RimUsb.sys File not found DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (ZTEusbnet) -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys (ZTE Corporation) DRV - (ZTEusbvoice) -- C:\WINDOWS\system32\drivers\zteusbvoice.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (massfilter) -- C:\WINDOWS\system32\drivers\massfilter.sys (ZTE Incorporated) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (O2SDRDR) -- C:\WINDOWS\system32\drivers\o2sd.sys (O2Micro ) DRV - (O2MDRDR) -- C:\WINDOWS\system32\drivers\o2media.sys (O2Micro ) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.) DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.) DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Roxio) DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Roxio) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (auusb) -- C:\WINDOWS\system32\drivers\auusb.sys (Auerswald GmbH & Co. KG ) DRV - (tausb) -- C:\WINDOWS\system32\drivers\tausb.sys (Auerswald GmbH & Co. KG ) DRV - (auwmac) Auerswald ISDN WAN Driver (Ver. %V_VERSION%) -- C:\WINDOWS\system32\drivers\auwmac.sys (Auerswald GmbH & Co. KG ) DRV - (APPDRV) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc) DRV - (Oscapi) -- C:\WINDOWS\system32\drivers\Oscapi20.sys (OSITRON GmbH) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=0080703 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=0080703 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.1.22/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.bera-papenburg.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.07.20 11:25:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.07.20 11:26:14 | 000,000,000 | ---D | M] [2008.07.09 10:24:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2010.08.06 11:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\bw41hz8l.default\extensions [2010.08.03 08:47:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\bw41hz8l.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.09.17 08:00:57 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\bw41hz8l.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2010.04.07 07:24:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\e9jug43o.***\extensions [2010.04.07 07:24:48 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\e9jug43o.***\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2009.07.08 07:29:43 | 000,002,164 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\bw41hz8l.default\searchplugins\bing.xml [2008.11.03 12:23:08 | 000,002,028 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\bw41hz8l.default\searchplugins\xing---powering-relationships.xml [2010.08.06 11:07:01 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2009.07.31 07:44:50 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2005.04.05 04:38:20 | 000,053,355 | ---- | M] (Oracle Corporation) -- C:\Programme\Mozilla Firefox\plugins\NPJinit13122.dll [2010.03.19 09:32:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.03.19 09:32:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.03.19 09:32:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.03.19 09:32:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.03.19 09:32:29 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.04 17:02:43 | 000,416,505 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 127.0.0.1 136136.net O1 - Hosts: 127.0.0.1 www.163ns.com O1 - Hosts: 127.0.0.1 163ns.com O1 - Hosts: 14376 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found. O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4 - HKLM..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\A Smaller Note 99.lnk = C:\Programme\ceytec internet+software GmbH\A Smaller Note 99\note.exe (ceytec internet+software GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {00000045-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/sg726acm.cab (Reg Error: Key error.) O16 - DPF: {03C0000A-CF6D-4EF4-A2D6-376622318018} hxxp://217.91.207.201:12088/WatSearCtrl.cab (RASplus_WatSear Control) O16 - DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} hxxp://169.254.0.99/RtspVaPgDec.cab (RtspVaPgCtrlNew Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1253697622667 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} Reg Error: Value error. (JInitiator 1.3.1.22) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Bera.de O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.08.13 13:54:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{586ca97c-6a0b-11de-921d-02010104e077}\Shell - "" = AutoRun O33 - MountPoints2\{586ca97c-6a0b-11de-921d-02010104e077}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{586ca97c-6a0b-11de-921d-02010104e077}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found O33 - MountPoints2\{587e3315-1553-11de-91df-02010104687b}\Shell - "" = AutoRun O33 - MountPoints2\{587e3315-1553-11de-91df-02010104687b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{587e3315-1553-11de-91df-02010104687b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{587e3318-1553-11de-91df-02010104687b}\Shell - "" = AutoRun O33 - MountPoints2\{587e3318-1553-11de-91df-02010104687b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{587e3318-1553-11de-91df-02010104687b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O33 - MountPoints2\{c607c9f0-ee0d-11de-9291-020101048040}\Shell - "" = AutoRun O33 - MountPoints2\{c607c9f0-ee0d-11de-9291-020101048040}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c607c9f0-ee0d-11de-9291-020101048040}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 90 Days ========== [2010.08.10 11:19:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes [2010.08.10 11:19:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.10 11:19:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.10 11:19:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.10 11:19:08 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.06 09:24:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ProgSense [2010.08.06 09:24:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GrabPro [2010.08.06 09:24:20 | 000,000,000 | ---D | C] -- C:\downloads [2010.08.06 09:24:18 | 000,000,000 | ---D | C] -- C:\Programme\Orbitdownloader [2010.08.06 09:24:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Orbit [2010.08.05 11:07:57 | 000,000,000 | ---D | C] -- C:\Programme\Hex-Editor MX [2010.08.05 10:56:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads [2010.07.21 14:53:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Bilder [2010.07.20 15:43:41 | 001,848,584 | ---- | C] (Tobit.Software) -- C:\WINDOWS\RXSUnins.exe [2010.07.20 15:43:41 | 001,848,584 | ---- | C] (Tobit.Software) -- C:\WINDOWS\RXCUnins.exe [2010.07.20 15:43:41 | 000,000,000 | ---D | C] -- C:\Programme\Tobit Radio.fx [2010.07.20 11:27:26 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.07.20 11:27:20 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.07.20 11:25:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime [2010.07.20 11:24:52 | 003,062,048 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll [2010.07.20 11:24:41 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.07.20 11:14:25 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2010.07.20 11:12:48 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update [2010.07.20 11:10:41 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2010.07.06 16:27:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\afzqfixq [2010.06.28 12:58:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Software4u [2010.06.16 15:43:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.06.16 07:20:06 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Musik [2010.06.16 07:20:02 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Videos [2010.05.18 16:35:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe [2010.05.18 16:35:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.08.10 11:59:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010.08.10 11:32:32 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dveamwvp.sys [2010.08.10 11:19:59 | 012,582,912 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat [2010.08.10 11:19:13 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.10 08:15:03 | 000,000,914 | ---- | M] () -- C:\WINDOWS\Tobit.ini [2010.08.10 08:13:52 | 000,170,285 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.10 08:13:52 | 000,121,572 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2010.08.10 08:13:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.10 08:13:44 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010.08.10 08:12:49 | 000,000,202 | ---- | M] () -- C:\WINDOWS\System32\PSLOG [2010.08.10 08:12:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.10 08:12:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.10 08:12:32 | 3219,574,784 | -HS- | M] () -- C:\hiberfil.sys [2010.08.06 12:57:53 | 000,000,546 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.06 12:57:53 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.06 12:57:53 | 000,000,211 | RHS- | M] () -- C:\boot.ini [2010.08.06 09:24:19 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Orbit.lnk [2010.08.06 08:37:27 | 000,223,567 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\screenshot passwort.JPG [2010.08.06 07:59:41 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\null [2010.08.05 14:39:01 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.08.04 17:04:44 | 000,000,390 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini [2010.08.04 17:02:43 | 000,416,505 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.08.03 09:33:06 | 000,082,432 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.30 10:23:36 | 000,000,963 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\A Smaller Note 99.lnk [2010.07.30 10:23:34 | 000,121,572 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2010.07.29 09:14:30 | 000,416,203 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100804-170243.backup [2010.07.23 11:57:22 | 000,415,318 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100729-091430.backup [2010.07.21 16:34:36 | 000,041,884 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2010.07.20 15:52:03 | 000,001,908 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Skat-Online V8.lnk [2010.07.20 11:28:27 | 000,049,880 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.07.20 11:07:50 | 000,208,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.20 11:03:28 | 000,000,274 | ---- | M] () -- C:\WINDOWS\wiso.ini [2010.07.19 12:53:02 | 000,412,718 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100723-115722.backup [2010.07.16 15:42:56 | 000,000,525 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2010.07.08 13:45:55 | 000,412,516 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100719-125302.backup [2010.06.17 11:40:21 | 000,000,292 | ---- | M] () -- C:\WINDOWS\TOBITADD.INI [2010.06.16 08:47:45 | 000,404,991 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100708-134555.backup [2010.06.10 16:16:59 | 000,000,256 | ---- | M] () -- C:\WINDOWS\System32\pool.bin [2010.06.10 15:41:19 | 036,910,734 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\LoaderBackup-(2010-06-10).ipd [2010.06.06 17:46:47 | 002,648,064 | ---- | M] () -- C:\WINDOWS\System32\DVMSG.DLL [2010.06.03 12:21:34 | 000,404,292 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100616-084745.backup [2010.06.01 09:57:14 | 001,848,584 | ---- | M] (Tobit.Software) -- C:\WINDOWS\RXSUnins.exe [2010.06.01 09:57:14 | 001,848,584 | ---- | M] (Tobit.Software) -- C:\WINDOWS\RXCUnins.exe [2010.05.31 10:25:43 | 000,397,558 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100603-122134.backup [2010.05.20 09:26:19 | 000,395,918 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100531-102543.backup [2010.05.18 16:35:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe [2010.05.18 16:35:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll [2010.05.12 15:16:21 | 000,395,820 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100520-092619.backup [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\Dokumente und Einstellungen\***\*.tmp files -> C:\Dokumente und Einstellungen\***\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.10 11:32:32 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\dveamwvp.sys [2010.08.10 11:19:13 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.08.06 09:24:19 | 000,000,698 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Orbit.lnk [2010.08.06 08:37:27 | 000,223,567 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\screenshot passwort.JPG [2010.07.20 15:52:03 | 000,001,908 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Skat-Online V8.lnk [2010.07.20 11:12:50 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.07.08 16:18:40 | 000,002,418 | ---- | C] () -- C:\WINDOWS\System32\bl_ovnet.set [2010.07.07 08:14:31 | 000,010,075 | ---- | C] () -- C:\WINDOWS\System32\ovnet.set [2010.07.06 16:26:41 | 000,003,503 | ---- | C] () -- C:\WINDOWS\System32\ymdvqdfr.dll [2010.07.06 16:26:41 | 000,000,077 | ---- | C] () -- C:\WINDOWS\System32\nuqalzlf.dll [2010.06.18 12:51:39 | 000,041,884 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.06.10 15:41:13 | 036,910,734 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\LoaderBackup-(2010-06-10).ipd [2010.05.28 11:12:55 | 002,134,016 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Zoll Frau Riekmann.WAV [2010.04.14 10:12:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEXTINF.INI [2010.03.17 12:31:47 | 000,031,658 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2009.09.23 14:25:00 | 000,000,720 | ---- | C] () -- C:\WINDOWS\System32\CameraTitle.ini [2009.08.17 12:04:47 | 000,000,101 | ---- | C] () -- C:\WINDOWS\PSXLPR.INI [2009.08.17 12:04:46 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\Bot.dll [2009.08.06 11:00:45 | 000,000,070 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2009.07.16 00:35:40 | 000,018,432 | ---- | C] () -- C:\WINDOWS\vmmreg3.dll [2009.06.11 12:48:45 | 003,345,408 | ---- | C] () -- C:\WINDOWS\System32\avcodec-51.dll [2009.06.11 12:48:45 | 001,605,632 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2009.06.11 12:48:45 | 000,448,512 | ---- | C] () -- C:\WINDOWS\System32\avformat-50.dll [2009.06.11 12:48:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\avutil-49.dll [2009.06.11 12:47:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009.06.11 12:47:50 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009.04.20 09:05:16 | 000,000,274 | ---- | C] () -- C:\WINDOWS\wiso.ini [2008.10.09 11:29:26 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.08.18 16:38:06 | 000,036,962 | ---- | C] () -- C:\WINDOWS\System32\ActPanel.dll [2008.07.25 08:08:39 | 000,000,292 | ---- | C] () -- C:\WINDOWS\TOBITADD.INI [2008.07.25 08:07:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\DVGRF.DLL [2008.07.25 08:07:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\IMGMSGMO.dll [2008.07.25 08:07:46 | 002,648,064 | ---- | C] () -- C:\WINDOWS\System32\DVMSG.DLL [2008.07.25 08:07:31 | 000,000,023 | ---- | C] () -- C:\WINDOWS\AVFD.INI [2008.07.25 08:07:27 | 006,502,912 | ---- | C] () -- C:\WINDOWS\TOBITCLT.DLL [2008.07.25 08:03:47 | 000,000,914 | ---- | C] () -- C:\WINDOWS\Tobit.ini [2008.07.18 08:00:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.07.14 10:04:32 | 000,017,036 | R--- | C] () -- C:\WINDOWS\System32\capi20.dll [2008.07.14 10:03:00 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\aucoinst.dll [2008.07.14 10:03:00 | 000,010,570 | R--- | C] () -- C:\WINDOWS\drvinfo.ini [2008.07.14 09:57:22 | 000,315,444 | ---- | C] () -- C:\WINDOWS\System32\isdnapi32.dll [2008.07.14 09:57:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AuerCapiJNINative.dll [2008.07.14 09:57:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\AuerUsbJNINative.dll [2008.07.10 09:36:45 | 000,000,107 | ---- | C] () -- C:\WINDOWS\OPHD.ini [2008.07.09 14:04:38 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_1430.ini [2008.07.09 08:33:49 | 000,000,039 | ---- | C] () -- C:\WINDOWS\orgaMAX.ini [2008.07.09 08:16:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2008.07.07 15:38:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2008.07.07 15:33:55 | 000,000,618 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2008.07.03 13:55:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.07.03 13:48:55 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini [2008.07.03 13:23:10 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.07.03 13:23:10 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.07.03 13:23:10 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.07.03 13:23:09 | 001,482,752 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.07.03 13:21:49 | 000,001,502 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2007.04.05 17:18:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\KcCodeU.dll [2004.08.13 14:04:30 | 000,000,942 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004.08.13 13:51:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.08.13 13:40:32 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll < End of report > |
|
10.08.2010, 11:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wird mein PC ausspioniert? Vollscan malwarebytes?
__________________ --> wird mein PC ausspioniert? |
|
10.08.2010, 12:00
| #7 |
| | wird mein PC ausspioniert? jau, kommt, ist noch am laufen... |
|
10.08.2010, 13:46
| #8 |
| | wird mein PC ausspioniert? so, gerade fertig, bitte schön: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4412 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10.08.2010 14:23:27 mbam-log-2010-08-10 (14-23-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|) Durchsuchte Objekte: 568952 Laufzeit: 2 Stunde(n), 4 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
10.08.2010, 14:35
| #9 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wird mein PC ausspioniert?Zitat:
Wer sollen die "Kumpels" sein, die Admins in der Firma!? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.08.2010, 11:45
| #10 |
| | wird mein PC ausspioniert? jein, dies ist meine Firma und es sind tatsächlich Kumpels, dich mich ab und an besuchen und auch mal im Internet surfen. Nun stellt sich für mich die Frage, ist dort etwas Verborgenes oder mache ich mir unnötig Gedanken. Wenn hier niemend helfen kann/will, dann bitte ich um Nennung eines Fachkundigen. Vielen Dank! |
|
13.08.2010, 12:45
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | wird mein PC ausspioniert? Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O33 - MountPoints2\{586ca97c-6a0b-11de-921d-02010104e077}\Shell - "" = AutoRun
O33 - MountPoints2\{586ca97c-6a0b-11de-921d-02010104e077}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{586ca97c-6a0b-11de-921d-02010104e077}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{587e3315-1553-11de-91df-02010104687b}\Shell - "" = AutoRun
O33 - MountPoints2\{587e3315-1553-11de-91df-02010104687b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{587e3315-1553-11de-91df-02010104687b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{587e3318-1553-11de-91df-02010104687b}\Shell - "" = AutoRun
O33 - MountPoints2\{587e3318-1553-11de-91df-02010104687b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{587e3318-1553-11de-91df-02010104687b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c607c9f0-ee0d-11de-9291-020101048040}\Shell - "" = AutoRun
O33 - MountPoints2\{c607c9f0-ee0d-11de-9291-020101048040}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c607c9f0-ee0d-11de-9291-020101048040}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
:Files
C:\WINDOWS\System32\afzqfixq
C:\WINDOWS\System32\drivers\dveamwvp.sys
C:\WINDOWS\System32\ovnet.set
C:\WINDOWS\System32\ymdvqdfr.dll
C:\WINDOWS\System32\nuqalzlf.dll
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu wird mein PC ausspioniert? |
| 0 bytes, ausspioniert, bho, bonjour, browser, downloader, einstellungen, error, excel, firefox, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, monitor, mozilla, netzwerk, plug-in, registry, rundll, server, software, spionage, spyware, system, vodafone, windows, windows xp |
Linear-Darstellung
