Trojaner und Probleme mit der Internetverbindung

Ginella · 15.08.2010, 12:57

Zu Schritt 3: Wenn du mit umgeleitet den Verbindungsabbruch meinst, dann nein. Die Login-Seiten lassen sich problemlos laden, aber das Einloggen habe ich noch nicht gewagt.

Swisstreasure · 15.08.2010, 17:35

Zitat:

Jetzt bin ich aber leicht frustriert: Der ESET Scan war eine wahre Geduldsprobe, nach mehr als 5 Stunden ist er nun endlich durch.
Es wurden 4 infizierte Objekte gefunden, alle aus Windows/System32. Aber ich finde leider kein logfile.

Wurde dann etwas gefunden?

Schritt 1

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
O32 - AutoRun File - [2004.12.22 14:58:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.05.10 09:48:26 | 000,000,032 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2001.06.17 12:50:18 | 000,000,000 | ---- | M] () - G:\autorun.bat -- [ NTFS ]
O32 - AutoRun File - [2007.05.10 09:48:26 | 000,000,032 | ---- | M] () - G:\AUTORUN.FCB -- [ NTFS ]
O32 - AutoRun File - [2009.02.08 11:36:23 | 000,000,100 | ---- | M] () - G:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 21:39:50 | 000,000,070 | R--- | M] () - H:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{406a89e6-f218-11dd-b211-0011d8223979}\Shell\AutoRun\command - "" = M:\setupSNK.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
@Alternate Data Stream - 72 bytes -> C:\Windows:22F68A74C4F2612B
@Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 2

Alte Java Installationen deinstallieren

Geh auf Start --> Systemsteuerung --> Software und deinstalliere alle Javaversionen außer der aktuellen Version Java 1.6.0 Update 21

Schritt 3

Malware mit Dr. Web CureIt! beseitigen

Downloade Dr. Web CureIt! und speichere es auf Deinem Desktop.
Dr. Web CureIt! ist für alle Computer mit MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP/2003/Vista Betriebssysteme geeignet.

Schalte Dein Antiviren-Programm ab.
Starte die launch.exe durch Doppelklick.
Dr. Web CureIt! legt nun automatisch einen eigenen Order in Deinem Userprofil an:
C:\Dokumente und Einstellungen\<DeinBenutzername>\DoctorWeb
Klicke auf "Starten".
Breche die Schnellüberprüfung ab.
(durch Klick auf den viereckigen grünen Button (rechts in der Mitte).
Stelle bei dem Reiter "Scannen" auf "Komplett scannen" um.
Starte nun den Komplett-Scan durch Klick auf den dreieckigen Button.
Wenn Funde gemacht werden, bitte desinfizieren lassen,
sollte das nicht möglich sein, die Funde verschieben lassen.
Wenn der Scan beendet ist und Funde zu verzeichnen waren:
im Menü auf Datei und Berichtliste speichern
und als DrWeb.cvs auf Deinem Desktop speichern.
Poste den Inhalt von DrWeb.cvs hier in den Thread.

Ginella · 15.08.2010, 19:37

Zitat:

Wurde dann etwas gefunden?

4 Funde, die nach dem Scan in die Quarantäne gewandert sind. Alle vier waren Versionen eines Trojaners, ich erinnere mich aber nicht mehr an die genaue Meldung.

Code:

ATTFilter

 All processes killed
========== OTL ==========
C:\AUTOEXEC.BAT moved successfully.
D:\autorun.inf moved successfully.
G:\autorun.bat moved successfully.
G:\AUTORUN.FCB moved successfully.
G:\AUTORUN.INF moved successfully.
File move failed. H:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{406a89e6-f218-11dd-b211-0011d8223979}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406a89e6-f218-11dd-b211-0011d8223979}\ not found.
File M:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File move failed. H:\setup.exe scheduled to be moved on reboot.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\Windows:22F68A74C4F2612B deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41 bytes
 
User: Eigene Bilder
 
User: ***
->Temp folder emptied: 129804747 bytes
->Temporary Internet Files folder emptied: 23735354 bytes
->Java cache emptied: 1557281 bytes
->FireFox cache emptied: 85793786 bytes
->Opera cache emptied: 25682455 bytes
->Flash cache emptied: 46000 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 234506 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes
->Java cache emptied: 55251 bytes
->Flash cache emptied: 534 bytes
 
%systemdrive% .tmp files removed: 4 bytes
%systemroot% .tmp files removed: 45988917 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 36352 bytes
Windows Temp folder emptied: 76012867 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 371,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08152010_200749

Files\Folders moved on Reboot...
File move failed. H:\Autorun.inf scheduled to be moved on reboot.
File move failed. H:\setup.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Ginella · 17.08.2010, 12:21

Hi,
DrWeb hat zwar einige Funde gemacht und auch gelöscht (glaube es waren 4 oder 5 bis dahin), ist dann aber im Verlauf des Scans abgestürzt. Soll ich es nochmal versuchen? Oder lieber noch ein anderes Programm benutzen?

Swisstreasure · 17.08.2010, 12:26

Findest Du kein log auf deinem Desktop?

Ich will mir nochmals ein frisches OTL log ansehen:

Erneuter Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in Code-Tags hier in den Thread.

Ginella · 17.08.2010, 13:36

OK, hier sind sie:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 17.08.2010 14:17:38 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,33 Gb Total Space | 4,40 Gb Free Space | 5,77% Space Free | Partition Type: NTFS
Drive D: | 76,34 Gb Total Space | 21,10 Gb Free Space | 27,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 294,20 Gb Free Space | 63,17% Space Free | Partition Type: NTFS
Drive H: | 36,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
 
Computer Name: MAXDATA-AD1C438
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\system32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Programme\WEBDE\SmartSurfer3.0\SmurfService.exe (United Internet AG)
PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\system32\bmwebcfg.exe (Bytemobile, Inc.)
PRC - c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe ()
PRC - C:\Windows\system32\sistray.exe (Silicon Integrated Systems Corporation)
PRC - C:\Windows\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\Windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\system32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (hasplms) -- C:\WINDOWS\System32\hasplms.exe (Aladdin Knowledge Systems Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Adobe Version Cue CS4) -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
SRV - (VMCService) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (SmartSurferManager) -- C:\Programme\WEBDE\SmartSurfer3.0\SmurfService.exe (United Internet AG)
SRV - (bmwebcfg) -- C:\WINDOWS\System32\bmwebcfg.exe (Bytemobile, Inc.)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (LVSrvLauncher) -- C:\Programme\Gemeinsame Dateien\Logitech\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- c:\Programme\Gemeinsame Dateien\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (prfldsvc) -- C:\Programme\Microsoft Private Folder 1.0\PrfldSvc.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (ulisa) Telekom ISDN-Adapter (USB) -- C:\WINDOWS\System32\Drivers\ulisa.sys File not found
DRV - (TYKeeper) -- C:\WINDOWS\System32\drivers\TYKeeper.sys File not found
DRV - (SiSCom) -- C:\DOKUME~1\***\LOKALE~1\Temp\Temporäres Verzeichnis 1 für SiS651_3590.zip\SiS651\UtilDLL\SiSCom.sys File not found
DRV - (massfilter) -- C:\WINDOWS\System32\drivers\massfilter.sys File not found
DRV - (DwProt) --  File not found
DRV - (Tcpip6) -- C:\Windows\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (CBN) -- C:\Windows\system32\drivers\CBN.SYS (MARX Datentechnik GmbH )
DRV - (avgntflt) -- C:\Windows\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hardlock) -- C:\Windows\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\Windows\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (ssmdrv) -- C:\Windows\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (akshasp) -- C:\Windows\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (aksfridge) -- C:\Windows\system32\drivers\aksfridge.sys (Aladdin Knowledge Systems Ltd.)
DRV - (adfs) -- C:\WINDOWS\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (hwdatacard) -- C:\Windows\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ACEDRV09) -- C:\Windows\system32\drivers\ACEDRV09.sys (Protect Software GmbH)
DRV - (MXOPSWD) -- C:\Windows\system32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (LVPr2Mon) -- C:\Windows\system32\drivers\LVPr2Mon.sys ()
DRV - (LVMVDrv) -- C:\Windows\system32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\system32\drivers\Lvckap.sys ()
DRV - (LVUSBSta) -- C:\Windows\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (Prvflder) -- C:\Windows\system32\drivers\prvflder.sys (Windows (R) 2000 DDK provider)
DRV - (nv) -- C:\Windows\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (gameenum) -- C:\Windows\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (SiS315) -- C:\Windows\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\Windows\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)
DRV - (SISNIC) -- C:\Windows\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (SISAGP) -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys (Silicon Integrated Systems Corporation)
DRV - (SiSide) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (PfModNT) -- C:\Windows\system32\drivers\PfModNT.sys (Creative Technology Ltd.)
DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows (R) 2000 DDK provider)
DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)
DRV - (fpcibase) -- C:\Windows\system32\drivers\fpcibase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\Windows\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\aspi32.BAK (Adaptec)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/fsc
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {AE37D527-6604-461c-8102-975CF8053A2F}:0.5.3.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.07 09:55:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.14 00:41:50 | 000,000,000 | ---D | M]
 
[2009.01.07 19:40:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.08.17 12:36:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\extensions
[2009.09.04 15:41:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.07 00:13:46 | 000,000,000 | ---D | M] (BBCode) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\extensions\{AE37D527-6604-461c-8102-975CF8053A2F}
[2009.06.17 10:50:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\extensions\moveplayer@movenetworks.com
[2010.08.16 11:33:34 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-1.xml
[2009.07.23 11:21:43 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-10.xml
[2009.08.07 14:14:53 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-11.xml
[2009.09.13 09:57:17 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-12.xml
[2009.10.29 22:21:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-13.xml
[2010.08.14 10:38:18 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-14.xml
[2009.03.12 11:52:23 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-2.xml
[2009.03.30 17:48:24 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-3.xml
[2009.03.30 18:03:58 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-4.xml
[2009.04.17 10:45:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-5.xml
[2009.04.25 19:11:25 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-6.xml
[2009.05.01 00:00:11 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-7.xml
[2009.06.13 23:25:46 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-8.xml
[2009.07.07 11:02:33 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin-9.xml
[2009.02.05 00:17:56 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\icqplugin.xml
[2010.04.09 10:48:34 | 000,008,339 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\jngfgnwh.default\searchplugins\oneriot.xml
[2010.08.17 13:12:05 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2008.10.07 10:30:08 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.08.14 00:41:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.14 00:41:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.02.19 19:56:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.02.19 19:56:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.02.19 19:56:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.02.19 19:56:53 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.02.19 19:56:53 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.09.01 11:30:03 | 000,326,007 | R--- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (no name) - {F869BB38-FFEF-4589-B986-610B7AD0ADA2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\pdf24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\Windows\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Utility Tray.lnk = C:\Windows\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Desktop Calendar StartUp.lnk = C:\Dokumente und Einstellungen\***\Desktop\DESKCAL.EXE (Shinonon Free Softrware)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: PDF in Word öffnen (PDF Converter 2.0) - C:\Programme\ScanSoft\PDF Converter 2.0\IEShellExt.dll (ScanSoft, Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.05.10 09:48:26 | 000,000,032 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 21:39:50 | 000,000,070 | R--- | M] () - H:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.16 13:38:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\DoctorWeb
[2010.08.15 20:07:49 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.14 19:33:33 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.14 00:42:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.08.14 00:41:50 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.08.14 00:41:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.14 00:41:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.14 00:41:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.14 00:41:50 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.08.13 21:47:10 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.13 18:46:05 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2010.08.13 18:31:20 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.08.13 17:57:10 | 000,000,000 | ---D | C] -- C:\Programme\HijackThis
[2010.08.12 18:00:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\2010_08_12
[2004.11.24 21:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[17 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.17 13:23:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.17 12:54:10 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.08.17 12:25:31 | 000,002,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk
[2010.08.17 11:58:36 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.17 11:58:02 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.17 11:57:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.17 11:57:38 | 1575,800,832 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.17 11:57:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.17 09:30:59 | 015,204,352 | ---- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.dat
[2010.08.17 09:30:35 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\***\ntuser.ini
[2010.08.16 17:43:25 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Outlook.lnk
[2010.08.16 12:49:46 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Word.lnk
[2010.08.15 20:45:58 | 048,399,040 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\drweb-cureit.exe
[2010.08.14 01:26:35 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
[2010.08.14 00:42:22 | 000,100,908 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\SystemLook.exe
[2010.08.14 00:41:36 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.08.14 00:41:36 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.08.14 00:41:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.08.14 00:41:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.08.14 00:41:36 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.08.13 22:24:23 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\sf2r6r7z.exe
[2010.08.13 22:23:22 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2010.08.13 22:22:38 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2010.08.13 21:47:12 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2010.08.13 18:31:23 | 000,000,697 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.08.13 13:23:47 | 000,003,838 | ---- | M] () -- C:\Dokumente und Einstellungen\***\DEFAULT.MST
[2010.08.12 18:18:46 | 000,137,835 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Bewilligungsbescheid BfA_.pdf
[2010.08.10 16:35:54 | 000,001,515 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\RecConfig.xml
[2010.08.09 13:38:04 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Haushaltsübersicht aug.xls
[2010.08.09 13:36:42 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Excel.lnk
[2010.08.05 15:42:48 | 000,029,068 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Pfarrer_luegen_nie-1.pdf
[2010.08.02 13:58:44 | 000,000,004 | ---- | M] () -- C:\Dokumente und Einstellungen\***\MJ_TIME
[2010.08.01 21:19:42 | 000,095,232 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.01 21:02:47 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.07.31 10:58:13 | 000,022,528 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Haushaltsübersicht.xls
[2010.07.26 10:12:08 | 000,001,538 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk
[2010.07.26 09:45:31 | 000,025,088 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\test.doc
[17 C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\***\Eigene Dateien\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.15 20:38:31 | 048,399,040 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\drweb-cureit.exe
[2010.08.14 01:26:35 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\MBRCheck.exe
[2010.08.14 00:42:22 | 000,100,908 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\SystemLook.exe
[2010.08.13 22:24:19 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\sf2r6r7z.exe
[2010.08.13 22:23:22 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2010.08.13 22:22:38 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2010.08.13 18:31:23 | 000,000,697 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\CCleaner.lnk
[2010.08.12 18:18:46 | 000,137,835 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Bewilligungsbescheid BfA_.pdf
[2010.08.05 15:42:48 | 000,029,068 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Pfarrer_luegen_nie-1.pdf
[2010.07.26 10:12:08 | 000,001,538 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PDF24 Editor.lnk
[2010.07.26 09:45:31 | 000,025,088 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\test.doc
[2009.04.18 13:28:17 | 000,108,021 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2009.04.18 13:27:54 | 000,102,507 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2009.04.16 08:57:26 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2009.02.10 00:31:47 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.06.12 15:19:11 | 000,000,019 | ---- | C] () -- C:\WINDOWS\geo.ini
[2008.04.28 14:26:24 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\CallSimReader.dll
[2008.04.28 14:26:20 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\SimReader.dll
[2008.01.26 20:11:44 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini
[2008.01.05 22:27:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007.12.08 00:22:22 | 000,042,594 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007.11.19 00:09:24 | 000,320,512 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2007.11.19 00:09:24 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\libtiff-3.dll
[2007.11.19 00:09:24 | 000,312,320 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2007.11.19 00:09:24 | 000,235,520 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[2007.11.19 00:09:24 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\libvorbis-0.dll
[2007.11.19 00:09:24 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\libpng12-0.dll
[2007.11.19 00:09:24 | 000,113,664 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2007.11.19 00:09:24 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2007.11.19 00:09:24 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2007.11.19 00:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\libvorbisfile-3.dll
[2007.11.19 00:09:24 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\libogg-0.dll
[2007.07.15 00:34:38 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007.04.29 19:04:07 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2007.02.16 12:23:07 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.02.16 12:23:06 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.02.07 21:20:09 | 000,003,038 | ---- | C] () -- C:\WINDOWS\tm.ini
[2006.12.25 16:06:14 | 000,000,145 | ---- | C] () -- C:\WINDOWS\powerpnt.ini
[2006.11.15 23:03:12 | 000,024,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006.11.15 23:00:56 | 001,678,368 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006.10.27 20:16:49 | 000,000,487 | ---- | C] () -- C:\WINDOWS\Capictrl.INI
[2006.10.27 19:43:04 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI
[2006.10.22 11:50:15 | 000,000,660 | ---- | C] () -- C:\WINDOWS\scummvm.ini
[2006.09.26 21:30:22 | 000,006,537 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.06.19 23:33:54 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2005.12.03 22:21:18 | 000,000,725 | ---- | C] () -- C:\WINDOWS\mob_Ripper.INI
[2005.11.27 16:40:06 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2005.11.27 16:40:06 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2005.11.27 16:37:21 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2005.11.27 16:37:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2005.11.27 16:34:22 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE P2400EFGD.ini
[2005.11.16 23:58:23 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CBNDLL.DLL
[2005.11.16 23:58:22 | 000,003,062 | ---- | C] () -- C:\WINDOWS\mobjects.ini
[2005.11.16 23:58:14 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2005.11.11 13:47:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005.11.11 13:47:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005.11.11 13:47:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005.11.11 13:47:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005.11.11 13:47:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005.11.11 13:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005.11.11 13:47:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.11.11 12:43:28 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2005.11.11 12:43:24 | 000,887,296 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005.10.19 20:51:43 | 000,003,509 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.08.31 10:20:00 | 000,233,557 | ---- | C] () -- C:\WINDOWS\System32\esint54.dll
[2005.06.01 22:10:44 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005.05.16 00:38:30 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2005.05.10 22:04:19 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\lfplt11n.dll
[2005.05.10 22:04:15 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2005.05.10 22:04:15 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2005.04.05 23:09:30 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2005.01.28 23:57:28 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.01.21 23:55:58 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS58.DLL
[2005.01.20 22:42:04 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE P2400EIPS.ini
[2005.01.18 23:37:17 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.01.18 23:11:49 | 000,002,331 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005.01.18 23:07:51 | 000,000,298 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005.01.14 11:33:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005.01.14 10:58:46 | 000,050,458 | ---- | C] () -- C:\WINDOWS\System32\interceptor.sys
[2005.01.14 10:57:47 | 000,001,110 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2005.01.14 10:54:56 | 000,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004.10.12 08:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004.10.12 08:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004.10.12 08:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004.10.09 08:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004.10.05 10:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004.10.03 19:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
< End of report >

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 17.08.2010 14:17:38 - Run 3
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 76,33 Gb Total Space | 4,40 Gb Free Space | 5,77% Space Free | Partition Type: NTFS
Drive D: | 76,34 Gb Total Space | 21,10 Gb Free Space | 27,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 294,20 Gb Free Space | 63,17% Space Free | Partition Type: NTFS
Drive H: | 36,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
 
Computer Name: MAXDATA-AD1C438
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- 
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Paint Shop Pro 9] -- "C:\Programme\Jasc Software Inc\Paint Shop Pro 9\\Paint Shop Pro 9.exe" "/Browse" "%L" (Jasc Software, Inc.)
Directory [dm Fotowelt] -- "C:\Programme\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1947:TCP" = 1947:TCP:*:Enabled:HASP SRM 
"1947:UDP" = 1947:UDP:*:Enabled:HASP SRM 
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite -- File not found
"C:\Programme\m.objects v3\mobjects.exe" = C:\Programme\m.objects v3\mobjects.exe:*:Enabled:m.objects Application -- (m.objects)
"C:\Windows\system32\dpvsetup.exe" = C:\Windows\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"F:\bin\decoshow_server_cdrom.exe" = F:\bin\decoshow_server_cdrom.exe:*:Enabled:decoshow_server_cdrom.exe -- File not found
"C:\Programme\ICQ\Icq.exe" = C:\Programme\ICQ\Icq.exe:*:Disabled:ICQ -- File not found
"C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" = C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe:*:Enabled:MobileConnect -- (Vodafone)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"C:\Windows\system32\fxsclnt.exe" = C:\Windows\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\0000169BA77570A6\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe" = C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\0000169BA77570A6\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe:*:Enabled:Skype -- File not found
"C:\Windows\system32\hasplms.exe" = C:\Windows\system32\hasplms.exe:*:Enabled:HASP LLM -- (Aladdin Knowledge Systems Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""2Flyer Screensaver Builder Pro"_is1" = 2FlyerPro
""Wickie" = "Wickie - Ylvi ist entführt"
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{094C28D2-3FE2-417C-AF0B-425FE891F04A}" = Motorola Phone Tools
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0CB3C535-1171-4A20-B549-E2CB5DEB9723}" = MySQL Connector/ODBC 3.51
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10110FE9-1EE8-4A3D-ADFD-1294F86BE5FC}" = Logitech QuickCam
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{11CA6E01-3992-4115-AB6E-D325552C166D}" = WEB.DE SmartSurfer AutoUpdate 5.2
"{146EE173-D92C-41F6-B184-5335AD8CFA58}" = Adobe Setup
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1C8466F1-8D45-45D9-B8CD-D5B243D4E0D6}" = Adobe Creative Suite 4 Production Premium
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{25BB07FA-D9A0-478E-8A4B-38466A4E8BF2}" = Serif PagePlus SE 1.0
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A414CBE-CDF3-48C6-A91B-D3D4522F8EB5}" = HASP SRM Run-time
"{2DA41901-48B8-4F95-ACB6-2209C532FF34}" = Optimus Light
"{2FBC726B-4E5E-4FAE-B222-C3D343E50015}" = EPSON Photo Print
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5305386A-B4A5-4F47-98CB-823301E495DA}" = ScanSoft PDF Converter 2.0
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{644EA08F-87D2-48C0-AE94-B327D1C85A97}" = Microsoft Private Folder 1.0
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8304BFDD-2852-4ABB-9412-2EFA1D8FA561}" = HS Energieberater 6 Plus
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83E8A5D2-39E5-40AD-8C79-DA5AF45A86A7}" = HS Energieberater 7 Plus
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{ADD38E43-C5C7-4F2B-95B3-D5EAC039A032}" = Free-Jahreskalender
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B21BDC7C-49A1-4155-9425-2F9DED3CD5ED}" = Adobe Setup
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"{BA63612E-0458-416A-ADCD-B2349194F20F}" = Creative Zen Nano Plus
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEF726DD-4037-4214-8C6A-E625C02D2870}" = Logitech Audio Echo Cancellation Component
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D9226EB1-C528-48AC-B423-BD9240E1F60B}" = Opera 9.62
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EA516024-D84D-41F1-814F-83175A6188F2}" = Logitech Video Enumerator
"{EB909D22-8D05-43CC-ABDD-8F74DAE36533}" = Adobe Setup
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F5C63795-2708-4D15-BF18-5ABBFF7DFFC8}" = iTunes
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{F843C6A3-224D-4615-94F8-3C461BD9AEA0}" = Jasc Paint Shop Pro 9
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F99BB8CD-D2E2-4D7D-8374-871D644FB500}" = Jahrbuch Sport und Zucht 2008
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer
"Adobe_1f3d5fcc5fe78dc374b6ccbd2d399ba" = Adobe Encore CS4 Library
"Adobe_360f1c6ef75d7a91261c7e6612f0e46" = Adobe After Effects CS4 Template Projects & Footage
"Adobe_3d93a3f0a9b616dcf6ecc835a3278f7" = Adobe Creative Suite 4 Production Premium
"ALBIS" = ALBIS Demoversion
"AlphaCode Studio" = AlphaCode Studio 1.01
"AP Tuner 3.06" = AP Tuner 3.06
"Ashampoo CD Recording Suite 4" = Ashampoo CD Recording Suite 4
"Ashampoo Fotobuch" = Ashampoo Fotobuch 3.05
"Ashampoo Magic Defrag" = Ashampoo Magic Defrag
"Audacity_is1" = Audacity 1.2.4
"Audiograbber" = Audiograbber 1.83 SE 
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Bubble Puzzle '97" = Bubble Puzzle '97
"CadStd" = CadStd
"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Clonk Planet" = Clonk Planet
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Deluxe Tuner" = Deluxe Tuner
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"dm Fotowelt" = dm Fotowelt
"DreamChess" = DreamChess 0.2.0
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"DriverAgent.exe" = DriverAgent by eSupport.com
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"Easy2Sync für Outlook" = Easy2Sync für Outlook
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint" = Easy-WebPrint
"EVEREST Corporate Edition_is1" = EVEREST Corporate Edition v5.00
"FixFoto_is1" = FixFoto 2.84
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"Free Window Registry Repair" = Free Window Registry Repair
"Galileo Video-Training_is1" = Galileo Video-Training
"geotrainer_is1" = Geographie Trainer
"Google Updater" = Google Updater
"HASP HL Device Driver" = HASP HL Device Driver
"HijackThis" = HijackThis 2.0.2
"HS Euro Kalkulator 4" = HS Euro Kalkulator 4
"InstallShield_{B8281D46-D846-4BB9-BC84-F1115A7BF820}" = Maxtor Manager
"InstallShield_{F99BB8CD-D2E2-4D7D-8374-871D644FB500}" = Jahrbuch Sport und Zucht 2008
"IrfanView" = IrfanView (remove only)
"Jasc Paint Shop Pro 9.01 Patch" = Jasc Paint Shop Pro 9.01 Patch
"Kopfrechnen trainieren_is1" = Kopfrechnen trainieren 2.0
"LingoPad_is1" = LingoPad 2.4 (Build 314)
"m.objects Demos "Lernen"" = m.objects Demos "Lernen"
"m.objects Help" = m.objects Help
"m.objects v3" = m.objects v3
"m.objects v4" = m.objects v4
"m.objects v5" = m.objects v5
"MAGIX Foto Clinic 4.5 D" = MAGIX Foto Clinic 4.5 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.0.3
"Mein bunter Ponyhof" = Mein bunter Ponyhof
"Meine kleine Farm 2" = Meine kleine Farm 2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NVIDIA Drivers" = NVIDIA Drivers
"PanoramaStudio" = PanoramaStudio 1.3 (deinstallieren)
"PhotoFiltre" = PhotoFiltre
"Phototool 1.8" = Phototool 1.8
"Power Retouche Demo" = Power Retouche Demo
"QcDrv" = Logitech® Camera-Treiber
"QuicktimeAlt_is1" = QuickTime Alternative 1.69
"RealPlayer 12.0" = RealPlayer
"RegistryBooster 2_is1" = Uniblue RegistryBooster 2
"Revo Uninstaller" = Revo Uninstaller 1.83
"Scribus 1.3.3.13" = Scribus 1.3.3.13
"ShapeCollage" = Shape Collage
"ShiftN_is1" = ShiftN 2.7
"Siedler3Deinstall" = Siedler3
"SilverFast Epson-SE" = SilverFast Epson-SE 6.5.5r3
"SilverFast NikonM-SE" = SilverFast NikonM-SE 6.6.0r4c
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Skype_is1" = Tom - Skype (BETA)
"ST6UNST #2" = CDoclose (C:\Programme\cdopcl\)
"ST6UNST #3" = CDoclose (C:\Programme\cdopcl\) #3
"SysInfo" = Creative-Systeminformationen
"SystemRequirementsLab" = System Requirements Lab
"Teachmaster_is1" = Teachmaster 3.2
"ThumbsPlus 2002" = ThumbsPlus Version 2002-R (Standard-Edition)
"Total Uninstall 4_is1" = Total Uninstall 4.40
"TweakPower" = TweakPower
"Ultimate MP3 Studio Uninstall" = Ultimate MP3 Studio
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Visitenkarten-Designer 3" = Visitenkarten-Designer 3
"Visitenkarten-Druckerei 11_is1" = DATA BECKER Visitenkarten-Druckerei 11
"WEB.DE SmartSurfer" = WEB.DE SmartSurfer
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR Archivierer
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 2.7
"Wondershare Photo Collage Studio_is1" = Wondershare Photo Collage Studio 4.2.8
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.92
"Xvid_is1" = Xvid 1.1.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2010 20:23:06 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 16.08.2010 21:23:06 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 16.08.2010 22:23:05 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 16.08.2010 23:23:05 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 00:23:06 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 01:23:06 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 02:23:06 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 03:23:06 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
Error - 17.08.2010 06:01:14 | Computer Name = MAXDATA-AD1C438 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung notepad.exe, Version 5.1.2600.2180, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 17.08.2010 06:23:05 | Computer Name = MAXDATA-AD1C438 | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 15.08.2010 14:27:09 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:09 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:09 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:09 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:09 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:09 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:09 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:10 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:10 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
Error - 15.08.2010 14:27:10 | Computer Name = MAXDATA-AD1C438 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Anwendungsverwaltung" wurde mit folgendem Fehler beendet:
   %%126
 
 
< End of report >

Swisstreasure · 17.08.2010, 13:42

Kaspersky Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Bitte während des Scans alle Hintergrundwächter abstellen/deaktivieren.
Java muss installiert, aktiv und erlaubt sein.
Bebilderte Anleitung von sundavis.
Dieser Scanner entfernt die Funde nicht, gibt aber einen guten Überblick.

Wir werden Dir helfen, die Funde manuell vom System zu entfernen.
Die Datenschutzerklärung akzeptieren.
Programm installieren lassen.
Update der Signaturen installieren lassen.
Wenn der Status "Complete" ist,
Scan-Einstellungen (Settings) Standard lassen
Links den Link "My Computer" anklicken.
Scan beginnt automatisch.
Wenn der Scan fertig ist, auf "View scan report" klicken,
"Save report as" und Dateityp auf .txt umstellen,
und auf dem Desktop als Kaspersky.txt speichern.
Logdatei hier posten.
Deinstallation ist nicht nötig, alle Dateien werden in temporären Ordnern gespeichert.

Ginella · 21.08.2010, 16:04

Hi,

entschuldige, dass ich mich jetzt erst zurückmelde. Bin gerade sehr im Prüfungsstress, daher muss ich den Kaspersky Scan auf nächste Woche verschieben.

Trojaner und Probleme mit der Internetverbindung

Plagegeister aller Art und deren Bekämpfung: Trojaner und Probleme mit der Internetverbindung