|
Plagegeister aller Art und deren Bekämpfung: Sparkassen 40 TAN TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.08.2010, 17:48 | #1 |
| Sparkassen 40 TAN Trojaner Hallo, ich habe den 40TAN Trojaner der Sparkasse. Konto ist bereits gesperrt. Ich habe mehrere externe Festplatten am PC und diese sind teilweise noch partioniert. Reicht es eigentlich nur die System-Partition zu formatieren? Was mache ich mit den ganzen persönlichen Daten (Fotos, Office-Daten, Videos, etc.) Kann ich diese extern sichern oder könnte auch da ein Virus drin sein? Hier die OTL Ergebnisse: AN DIESER STELLE SCHONMAL VIELEN DANK FüR DIE TOLLE UNTERSTÜTZUNG!!!!! OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.08.2010 18:16:09 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 83,24 Gb Total Space | 4,69 Gb Free Space | 5,63% Space Free | Partition Type: NTFS Drive D: | 97,58 Gb Total Space | 81,07 Gb Free Space | 83,08% Space Free | Partition Type: NTFS Drive E: | 97,74 Gb Total Space | 51,67 Gb Free Space | 52,86% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 292,97 Gb Total Space | 72,07 Gb Free Space | 24,60% Space Free | Partition Type: NTFS Drive H: | 172,79 Gb Total Space | 23,61 Gb Free Space | 13,66% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive K: | 270,43 Gb Total Space | 116,76 Gb Free Space | 43,18% Space Free | Partition Type: NTFS Drive L: | 97,66 Gb Total Space | 1,63 Gb Free Space | 1,67% Space Free | Partition Type: NTFS Drive N: | 97,66 Gb Total Space | 26,06 Gb Free Space | 26,68% Space Free | Partition Type: NTFS Drive Z: | 19,52 Gb Total Space | 11,14 Gb Free Space | 57,07% Space Free | Partition Type: FAT32 Computer Name: PROC-PC Current User Name: Oliver Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe (OldTimer Tools) PRC - D:\Internet\Programme\Browser\Avant\Avant Browser\ybrowser.exe (Avant Force) PRC - D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe (Avant Force) PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) PRC - C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - D:\Programme\Microsoft\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) PRC - D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - D:\Internet\Security\ZoneAlarm\zlclient.exe (Zone Labs, LLC) PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC) PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe () PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - D:\Programme\System\Tuning\TuneUp-Trial\MemOptimizer.exe (TuneUp Software GmbH) PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe () PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe () PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.) PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd) PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation) MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation) MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten) SRV - (dgdersvc) -- C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.) SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG) SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (AAV UpdateService) -- C:\Programme\Gemeinsame Dateien\AAV\aavus.exe () SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe () SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe () SRV - (FirebirdServerMAGIXInstance) -- D:\Programme\Multimedia\Video\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.) SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd) DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation) DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation) DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia) DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC) DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.) DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc) DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider) DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation) DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (phil2vid) Philips VGA-Kamera (USB) -- C:\WINDOWS\system32\drivers\philcam2.sys (Microsoft Corporation) DRV - (ENUM1394) -- C:\WINDOWS\system32\drivers\enum1394.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR IE - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/ IE - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/" FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Programme\Multimedia\Handy\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.31 14:12:38 | 000,000,000 | ---D | M] [2009.06.01 12:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions [2009.06.01 12:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org [2007.01.25 19:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Firefox\Profiles\3s06528p.default\extensions O1 HOSTS File: ([2010.08.02 20:27:49 | 000,416,860 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 14390 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Internet\Downloads\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [GrooveMonitor] D:\Programme\Microsoft\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] D:\Programme\Multimedia\Video\Quick Time\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [ZoneAlarm Client] D:\Internet\Security\ZoneAlarm\zlclient.exe (Zone Labs, LLC) O4 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007..\Run: [{F1227F20-4350-B24C-31A6-3C4B7AD0B072}] C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ebkara\faes.exe File not found O4 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007..\Run: [SpybotSD TeaTimer] D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007..\Run: [TuneUp MemOptimizer] D:\Programme\System\Tuning\TuneUp-Trial\MemOptimizer.exe (TuneUp Software GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Download by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation) O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Multimedia\PDA\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Multimedia\PDA\ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab (Anark Client 4.0 ActiveX Control) O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class) O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281438820190 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281438801831 (MUWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1208983189 (Image Uploader Control) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.29 13:36:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH) NetSvcs: WmdmPmSp - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe" ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1 ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall ActiveX: Microsoft Base Smart Card Crypto Provider Package - Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point (54619756233228288) ========== Files/Folders - Created Within 30 Days ========== [2010.08.14 17:57:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe [2010.08.11 10:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak [2010.08.11 00:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles [2010.08.11 00:08:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft [2010.08.11 00:00:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe [2010.08.10 13:14:47 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui [2010.08.09 23:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Avira [2010.07.29 17:31:33 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys [2010.07.29 17:31:33 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys [2010.07.29 17:31:33 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys [2010.07.29 17:31:33 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys [2010.07.29 17:31:33 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys [2010.07.29 17:31:33 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys [2010.07.29 17:31:33 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys [2010.07.23 10:52:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\SelfMV [2010.07.23 10:19:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Oliver\Recent [2010.07.18 11:49:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.08.14 18:16:54 | 121,772,064 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2010.08.14 18:14:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job [2010.08.14 17:57:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe [2010.08.14 17:31:37 | 000,001,212 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1327998448-2116585525-2031262003-1007UA.job [2010.08.14 17:12:50 | 000,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2010.08.14 17:12:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.14 17:10:39 | 000,196,128 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2010.08.14 17:10:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.14 17:09:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.13 23:57:03 | 018,087,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\NTUSER.DAT [2010.08.13 23:57:02 | 001,439,972 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx [2010.08.13 08:29:00 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1327998448-2116585525-2031262003-1007Core.job [2010.08.11 14:45:05 | 000,002,455 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Word.lnk [2010.08.11 09:07:20 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2010.08.11 08:59:49 | 000,427,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.11 01:36:52 | 001,079,388 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.11 01:36:52 | 000,479,960 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.11 01:36:52 | 000,457,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.11 01:36:52 | 000,094,160 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.11 01:36:52 | 000,078,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.11 01:11:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.11 00:13:22 | 000,000,693 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.09 19:14:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.08.08 18:36:10 | 000,082,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.07 17:39:46 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Oliver\ntuser.ini [2010.08.07 16:30:16 | 000,002,461 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Excel.lnk [2010.08.06 17:17:46 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2010.08.06 14:55:16 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2010.08.06 14:55:06 | 000,000,088 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\85E23DA753.sys [2010.08.02 20:27:49 | 000,416,860 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.08.01 21:59:22 | 000,002,301 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\PAINT 11.lnk [2010.08.01 21:04:11 | 000,000,982 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avant Browser [Private Mode].lnk [2010.08.01 21:04:11 | 000,000,826 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avant Browser.lnk [2010.08.01 21:03:07 | 000,002,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\DRAW 11.lnk [2010.07.31 12:34:45 | 000,002,383 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Google Chrome.lnk [2010.07.30 09:27:16 | 000,002,559 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Outlook.lnk [2010.07.23 00:01:09 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.08.01 21:04:11 | 000,000,982 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avant Browser [Private Mode].lnk [2010.07.04 19:42:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2010.07.04 19:42:38 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2010.05.25 08:45:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2010.05.25 08:45:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2010.05.25 08:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2010.05.25 08:45:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2010.02.25 20:24:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2010.01.18 15:06:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2009.04.23 11:51:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2009.04.23 11:41:10 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll [2008.11.26 18:05:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll [2008.11.18 10:53:03 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll [2008.11.18 10:53:03 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll [2008.11.18 10:52:45 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll [2008.11.17 13:55:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.10.14 10:14:17 | 000,066,992 | ---- | C] () -- C:\WINDOWS\System32\Smart.dll [2008.10.14 10:14:17 | 000,016,637 | ---- | C] () -- C:\WINDOWS\System32\Vantage.dll [2008.10.07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008.08.04 12:57:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2008.03.06 13:03:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI [2008.03.02 03:05:11 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\146A437136.sys [2008.02.29 16:17:18 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2008.02.27 21:05:53 | 000,000,873 | ---- | C] () -- C:\WINDOWS\uninst.ini [2007.12.12 13:37:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll [2007.10.26 09:35:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.08.26 18:36:10 | 000,000,182 | ---- | C] () -- C:\WINDOWS\VideodeLuxe.INI [2007.07.04 13:51:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll [2007.06.02 20:22:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll [2007.05.30 11:34:22 | 000,000,317 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5.INI [2007.05.17 14:15:22 | 000,000,255 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.01.22 21:15:14 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini [2007.01.22 21:15:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini [2007.01.22 21:15:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini [2007.01.22 21:14:09 | 000,001,384 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2007.01.22 21:14:09 | 000,000,148 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2007.01.14 20:05:33 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.12.31 13:52:31 | 000,000,470 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2006.12.31 13:52:31 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2006.12.31 13:52:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2006.10.31 14:16:45 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\midas.dll [2006.10.31 14:16:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll [2006.10.27 18:23:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DMX4ALL.dll [2006.10.23 11:14:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\CoInstaller7x.dll [2006.10.23 11:13:03 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll [2006.10.17 12:28:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [2006.10.17 12:19:47 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.10.17 12:19:46 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.10.16 13:39:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.10.16 13:07:13 | 000,000,187 | ---- | C] () -- C:\WINDOWS\WISO.INI [2006.10.13 17:05:18 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2006.10.13 17:05:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2006.10.13 17:05:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2006.10.13 17:05:17 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2006.10.10 17:08:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll [2006.10.09 14:01:38 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006.10.09 13:55:55 | 000,010,956 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.10.09 13:55:55 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\EC23ACB85A.sys [2006.10.09 12:42:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.09.29 14:24:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.09.29 14:05:58 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.09.29 13:11:58 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.09.20 08:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Buhl.ini [2005.08.05 14:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2005.07.01 13:14:48 | 000,000,966 | ---- | C] () -- C:\WINDOWS\System32\Generic.ini [2005.07.01 10:38:06 | 000,000,232 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini [2005.07.01 10:37:46 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini [2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll [2004.06.02 05:54:32 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll ========== LOP Check ========== [2006.10.23 15:32:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BullGuard [2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sonavis [2008.05.21 15:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2007.01.30 09:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk [2008.01.23 22:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2006.10.16 13:07:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications [2010.07.04 12:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2010.01.18 15:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe [2008.03.07 18:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2008.11.17 19:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier [2008.03.02 02:25:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound [2009.05.02 00:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.07.04 12:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2008.09.02 13:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008.06.04 09:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Resolume 2.4 [2010.07.04 19:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung [2008.11.06 14:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2010.08.09 14:16:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2007.08.26 05:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2007.05.11 19:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings [2006.10.23 15:32:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BullGuard [2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Sonavis [2006.10.23 12:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander [2007.05.17 14:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\AAV [2008.03.06 13:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Audacity [2007.01.30 10:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Autodesk [2008.11.17 12:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Azureus [2008.11.04 12:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Bookmarks [2007.01.25 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DataDesign [2009.06.29 18:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\EasyView [2007.11.23 16:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant [2010.01.14 13:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire [2008.04.18 16:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\MAGIX [2007.02.27 23:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Neo-Modus.com [2009.05.02 00:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Nokia [2010.06.06 21:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Orbit [2008.02.18 13:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Palettes [2008.09.02 13:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PC Suite [2008.11.06 14:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Publish Providers [2010.07.04 19:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Samsung [2007.01.22 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\ScanSoft [2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sonavis [2008.11.06 14:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sony [2007.12.03 20:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Template [2007.08.26 05:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TuneUp Software [2007.12.18 19:23:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TVcentral-Core [2010.08.08 03:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ucez [2007.12.18 19:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\VMedia [2009.04.11 00:40:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\WEB.DE [2010.08.06 17:17:46 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2010.08.14 18:14:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2007.05.17 14:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\AAV [2008.01.27 19:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Adobe [2010.01.28 11:16:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\AdobeUM [2009.11.19 11:58:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ahead [2007.06.26 22:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Apple Computer [2008.03.06 13:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Audacity [2007.01.30 10:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Autodesk [2008.09.02 21:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Avant Profiles [2010.08.09 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Avira [2008.11.17 12:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Azureus [2008.11.04 12:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Bookmarks [2006.12.31 13:55:23 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Brother [2009.07.18 11:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Corel [2010.01.30 10:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\CyberLink [2007.01.25 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DataDesign [2010.01.14 13:37:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DivX [2010.07.21 21:37:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\dvdcss [2009.06.29 18:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\EasyView [2007.01.17 01:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Google [2007.11.23 16:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant [2006.10.23 14:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Help [2006.09.29 13:48:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Identities [2008.03.07 18:29:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\InstallShield [2007.07.04 13:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ipswitch [2010.01.14 13:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire [2006.10.16 16:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Macromedia [2008.04.18 16:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\MAGIX [2008.03.07 18:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Media Player Classic [2009.07.07 11:35:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft [2009.06.01 12:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla [2007.02.27 23:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Neo-Modus.com [2010.01.18 16:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Nero [2009.05.19 19:46:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\NeroDigital™ [2009.05.02 00:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Nokia [2010.06.06 21:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Orbit [2008.02.18 13:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Palettes [2008.09.02 13:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PC Suite [2008.11.06 14:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Publish Providers [2007.04.12 15:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Real [2010.07.04 19:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Samsung [2007.01.22 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\ScanSoft [2010.08.11 09:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Skype [2010.08.11 09:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\skypePM [2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sonavis [2008.11.06 14:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sony [2006.10.09 11:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sun [2007.12.03 20:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Template [2007.08.26 05:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TuneUp Software [2007.12.18 19:23:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TVcentral-Core [2010.08.08 03:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ucez [2010.08.08 20:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\vlc [2007.12.18 19:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\VMedia [2009.04.11 00:40:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\WEB.DE [2008.11.26 15:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2007.12.07 11:18:50 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe [2007.11.23 16:40:53 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\021ACF16-B511-480C-8452-A9B5B44B16F4\AutoRunCE.exe [2007.11.23 16:40:53 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\021ACF16-B511-480C-8452-A9B5B44B16F4\1\module.exe [2007.11.23 16:40:51 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\0CAE36B9-2F53-4D1B-8F5B-CAAF207A9DD8\AutoRunCE.exe [2007.11.23 16:40:52 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\0CAE36B9-2F53-4D1B-8F5B-CAAF207A9DD8\1\module.exe [2007.11.23 16:40:36 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\35AA2005-6AA6-4DD0-8574-3F0B68965F6B\AutoRunCE.exe [2007.11.23 16:40:36 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\35AA2005-6AA6-4DD0-8574-3F0B68965F6B\1\module.exe [2007.11.23 16:40:42 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\41A38A3C-3AC1-4FB9-B954-86EBE46596F7\AutoRunCE.exe [2007.11.23 16:40:43 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\41A38A3C-3AC1-4FB9-B954-86EBE46596F7\1\module.exe [2007.11.23 16:40:33 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\5BFA70DD-3788-4B4B-89EF-385680506BF0\AutoRunCE.exe [2007.11.23 16:40:33 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\5BFA70DD-3788-4B4B-89EF-385680506BF0\1\module.exe [2007.11.23 16:40:57 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\7207E74E-7780-4C0C-A5E4-88B4DF03E648\AutoRunCE.exe [2007.11.23 16:40:58 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\7207E74E-7780-4C0C-A5E4-88B4DF03E648\1\module.exe [2007.11.23 16:40:26 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\75D73B55-1C14-4EE3-B645-13AC7C8BC51D\AutoRunCE.exe [2007.11.23 16:40:31 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\75D73B55-1C14-4EE3-B645-13AC7C8BC51D\1\module.exe [2007.11.23 16:40:48 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\83BF4069-2F63-47C8-9DF2-FE9DABAC2988\AutoRunCE.exe [2007.11.23 16:40:49 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\83BF4069-2F63-47C8-9DF2-FE9DABAC2988\1\module.exe [2007.11.23 16:40:39 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\844DBF3E-6170-441B-B095-C5F2AF5400F2\AutoRunCE.exe [2007.11.23 16:40:39 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\844DBF3E-6170-441B-B095-C5F2AF5400F2\1\module.exe [2007.11.23 16:40:56 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B02F9D0E-74A3-4FF4-BA55-30AA3FD3CA02\AutoRunCE.exe [2007.11.23 16:40:57 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B02F9D0E-74A3-4FF4-BA55-30AA3FD3CA02\1\module.exe [2007.11.23 16:40:45 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B3785413-4608-4294-B928-F4513A5D5954\AutoRunCE.exe [2007.11.23 16:40:47 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B3785413-4608-4294-B928-F4513A5D5954\1\module.exe [2007.11.23 16:40:40 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B4F53095-A2D7-4D68-AF6D-C87023E8CC50\AutoRunCE.exe [2007.11.23 16:40:41 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B4F53095-A2D7-4D68-AF6D-C87023E8CC50\1\module.exe [2007.11.23 16:40:34 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B522CE8E-FD00-45D1-8320-85CA07663468\AutoRunCE.exe [2007.11.23 16:40:35 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B522CE8E-FD00-45D1-8320-85CA07663468\1\module.exe [2007.11.23 16:40:54 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\C1A59315-E86C-4DD9-9C88-1A9B205B8DAF\AutoRunCE.exe [2007.11.23 16:40:55 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\C1A59315-E86C-4DD9-9C88-1A9B205B8DAF\1\module.exe [2007.11.23 16:40:50 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\D3AAE88B-490F-443A-92AE-6A87B426BFB4\AutoRunCE.exe [2007.11.23 16:40:50 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\D3AAE88B-490F-443A-92AE-6A87B426BFB4\1\module.exe [2007.11.23 16:40:37 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\DD76F126-F74D-4A9C-BB3D-0128DC139B4D\AutoRunCE.exe [2007.11.23 16:40:38 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\DD76F126-F74D-4A9C-BB3D-0128DC139B4D\1\module.exe [2007.11.23 16:40:44 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\F3F0FE29-ACDE-45DE-8AB3-55F1AD9FA569\AutoRunCE.exe [2007.11.23 16:40:45 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\F3F0FE29-ACDE-45DE-8AB3-55F1AD9FA569\1\module.exe [2009.06.01 12:32:47 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\crashreporter.exe [2009.06.01 12:32:48 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\updater.exe [2009.06.01 12:32:48 | 000,014,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpcshell.exe [2009.06.01 12:32:48 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpicleanup.exe [2009.06.01 12:32:48 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpidl.exe [2009.06.01 12:32:48 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpt_dump.exe [2009.06.01 12:32:48 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpt_link.exe [2009.06.01 12:32:48 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xulrunner-stub.exe [2009.06.01 12:32:48 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xulrunner.exe [2006.10.16 16:43:16 | 000,839,680 | ---- | M] (Macromedia, Inc.) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Macromedia\Authorware Web Player\NP32ASW\webplr08\webplr.exe [2009.07.08 14:43:36 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{BE6F412F-C276-4FD8-B3E1-F996CC172776}\_16496df1.exe [2009.07.08 14:43:36 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{BE6F412F-C276-4FD8-B3E1-F996CC172776}\_2cd672ae.exe [2009.07.08 14:43:36 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{BE6F412F-C276-4FD8-B3E1-F996CC172776}\_69525f90.exe [2009.04.12 16:22:32 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}\_18be6784.exe [2009.04.12 16:22:32 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}\_294823.exe [2009.04.12 16:22:32 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}\_4ae13d6c.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys < MD5 for: ATAPI.SYS > [2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\atapi.sys [2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2006.03.24 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\eventlog.dll [2006.03.24 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2006.03.24 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: IASTOR.SYS > [2006.07.06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\I386\IASTOR.SYS < MD5 for: NETLOGON.DLL > [2006.03.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\netlogon.dll [2006.03.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll [2006.03.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\9a1182b50c9ecbd8bedf4c560755eafc\sp2qfe\netlogon.dll [2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\c73c85abcd9580c46805ff94bb133fb8\sp2qfe\netlogon.dll < MD5 for: NVATABUS.SYS > [2005.01.20 09:45:30 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\I386\NVATABUS.SYS < MD5 for: SCECLI.DLL > [2006.03.24 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\scecli.dll [2006.03.24 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll [2006.03.24 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll [2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll < MD5 for: USERINIT.EXE > [2006.03.24 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\userinit.exe [2006.03.24 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe [2006.03.24 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: VIAMRAID.SYS > [2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\WINDOWS\I386\VIAMRAID.SYS < MD5 for: WINLOGON.EXE > [2006.03.24 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\winlogon.exe [2006.03.24 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2006.03.24 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.03.24 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006.03.24 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2007.01.14 20:05:33 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2006.09.29 15:22:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2006.09.29 15:22:35 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2006.09.29 15:22:34 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2010.05.04 19:14:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2010.05.04 19:14:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2010.05.04 19:14:14 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > Extra.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.08.2010 18:16:09 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free 3,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 83,24 Gb Total Space | 4,69 Gb Free Space | 5,63% Space Free | Partition Type: NTFS Drive D: | 97,58 Gb Total Space | 81,07 Gb Free Space | 83,08% Space Free | Partition Type: NTFS Drive E: | 97,74 Gb Total Space | 51,67 Gb Free Space | 52,86% Space Free | Partition Type: NTFS F: Drive not present or media not loaded Drive G: | 292,97 Gb Total Space | 72,07 Gb Free Space | 24,60% Space Free | Partition Type: NTFS Drive H: | 172,79 Gb Total Space | 23,61 Gb Free Space | 13,66% Space Free | Partition Type: NTFS I: Drive not present or media not loaded Drive K: | 270,43 Gb Total Space | 116,76 Gb Free Space | 43,18% Space Free | Partition Type: NTFS Drive L: | 97,66 Gb Total Space | 1,63 Gb Free Space | 1,67% Space Free | Partition Type: NTFS Drive N: | 97,66 Gb Total Space | 26,06 Gb Free Space | 26,68% Space Free | Partition Type: NTFS Drive Z: | 19,52 Gb Total Space | 11,14 Gb Free Space | 57,07% Space Free | Partition Type: FAT32 Computer Name: PROC-PC Current User Name: Oliver Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe (Avant Force) .url [@ = InternetShortcut] -- D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe (Avant Force) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "D:\Programme\Microsoft\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force) htmlfile [opennew] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force) htmlfile [print] -- "D:\Programme\Microsoft\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force) https [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force) InternetShortcut [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "D:\Programme\Multimedia\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [CEWE FOTOSCHAU] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotobuch 2008\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" () Directory [dm Fotowelt] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotobuch 2008\dm Fotowelt\dm Fotowelt.exe" "%1" () Directory [dm Fotowelt.exe] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotowelt\dm Fotowelt\dm Fotowelt.exe" "%1" () Directory [dm-Fotowelt] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotobuch 2008\dm Fotowelt\dm-Fotowelt.exe" "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CeWe Fotobuch.exe] -- "D:\Programme\Multimedia\Foto\DM-Foto\Mein CeWe Fotobuch\Mein CeWe Fotobuch.exe" "%1" () Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "D:\Programme\Multimedia\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation) "C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) "D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe" = D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation) "C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation) "D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe" = D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation) "D:\Internet\Downloads\LimeWire\LimeWire.exe" = D:\Internet\Downloads\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC) "D:\Programme\Microsoft\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Programme\Microsoft\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation) "D:\Programme\Microsoft\Microsoft Office\Office12\GROOVE.EXE" = D:\Programme\Microsoft\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation) "D:\Programme\Microsoft\Microsoft Office\Office12\ONENOTE.EXE" = D:\Programme\Microsoft\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation) "D:\Internet\Downloads\Orbitdownloader\orbitdm.exe" = D:\Internet\Downloads\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "D:\Internet\Downloads\Orbitdownloader\orbitnet.exe" = D:\Internet\Downloads\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com) "C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4 "_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar) "{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime "{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional "{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater "{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar "{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite "{1394842A-A6B5-45EE-9EF5-2854E8DD8740}" = Samsung PC Studio "{190B4E60-FE37-4B8C-A661-172997347A90}" = Sony Media Manager 2.2 "{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver "{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11 "{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F7F3E8C-956E-445C-BECE-4947D164A0BF}" = Sony Vegas 7.0 "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86 "{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar) "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{247A11CA-F5CE-4DD6-85E2-64850E64E064}" = USB2.0 CARD READER "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13 "{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1 "{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger "{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar) "{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software "{2f6a2b22-ab3b-44b6-b583-d8bc8017946b}" = Nero 9 Trial "{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8 "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode "{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent "{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite "{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision "{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4 "{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant "{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista "{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works "{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01) "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone SE "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0 "{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights "{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar "{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA "{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture "{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw "{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP "{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content "{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters "{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92F88A83-588F-436B-8AF8-293CF4E25B93}" = NetObjects Fusion 11.0 "{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM "{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1 "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap "{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget "{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch "{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player "{B7088B71-86FC-4F5E-B295-68FAB7B6C85B}" = Steuer-Spar-Erklärung 2007 "{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008 "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter "{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00 "{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA "{C097ACF1-CB6C-4C5A-B46E-027C7855156E}" = ArrayCalc "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007 "{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension "{CE83500A-D08A-45AA-B6C0-25D7F8E11653}" = Data LifeSaver "{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones "{D0CC1431-915D-4454-A045-232155BFD498}" = TVsweeper "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0 "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0 "{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0 "{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8 "{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "{DB4868DE-7A32-4CFA-90D5-D2F262EA79D4}" = USB Developer's uStudio "{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core "{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution "{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live "{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}" = EASE Focus "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows "{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance "{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer "{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN-Karte "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F35D3C6B-609A-4090-8531-C9F4FD889045}" = ChamSys MagicQ PC "{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools "{F79A208D-D929-11D9-9D77-000129760D75}" = MagicDirector 1.2 "{F7B25385-8FFA-4B09-AE05-BF73A72A8EDE}" = NetObjects Fusion 8 "{FAF88B432344413595BB2DED98385684}" = DivX User Guide "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool "1F811665-E818-4956-9173-35CD47C9DCE0" = Otto "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "895796011BF8712107F83ADBED4F62C65CB79C70" = Windows-Treiberpaket - Das (Siudi) USB (05/30/2008 1.4.0) "9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1) "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Autodesk Express Viewer" = Autodesk Express Viewer "AvantBrowser" = Avant Browser (remove only) "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8) "CamSpy_is1" = CamSpy V.3.6.4 "CDex" = CDex extraction audio "Clarke Tech Editor Studio_is1" = Clarke Tech Editor Studio 3.07 "Click'N Design 3D for AfterBurner(tm) (V5)" = Click'N Design 3D for AfterBurner(tm) (V5) "DC++" = DC++ 0.706 "DF CrcSfv_is1" = DF CrcSfv 1.3 "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "dm Fotowelt" = dm Fotowelt "dm-DIGI-Foto" = dm-DIGI-Foto "dm-Fotowelt" = dm-Fotowelt "DVD Decrypter" = DVD Decrypter (Remove Only) "E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1) "ENTERPRISE" = Microsoft Office Enterprise 2007 "F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3) "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Google Calendar Sync" = Google Calendar Sync "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11 "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager "InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2 "InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0 "InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies "InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools "LimeWire" = LimeWire 5.1.3 "MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D) "MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D) "MAGIX Music Manager D" = MAGIX Music Manager (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D) "MAGIX PC Visit D" = MAGIX PC Visit "MAGIX Video deLuxe 2006 D" = MAGIX Video deLuxe 2006 (D) "MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.1.4 (D) "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.23.0 (D) "MakeMKV" = MakeMKV v1.4.12_beta "Medion GoPal Assistant" = Medion GoPal Assistant 3.00.0545 "Mein CeWe Fotobuch" = Mein CeWe Fotobuch "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "myDMX_is1" = myDMX "navigating.de POI-Warner GoPal Edition" = navigating.de POI-Warner GoPal Edition "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Nokia PC Suite" = Nokia PC Suite "NVIDIA Drivers" = NVIDIA Drivers "Orbit_is1" = Orbit Downloader "ProtectDisc Driver 10" = ProtectDisc Helper Driver 10 "RealPlayer 6.0" = RealPlayer "Resolume 2.41_is1" = Resolume 2.41 "SopCast" = SopCast 3.0.3 "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20 "ST6UNST #1" = TGeb V5.4 "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "SystemRequirementsLab" = System Requirements Lab "VLC media player" = VLC media player 1.0.5 "VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "WIC" = Windows Imaging Component "Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0 "Windows Live Toolbar" = Windows Live Toolbar "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinRAR archiver" = WinRAR Archivierer "WMCSetup" = Windows Media Connect "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WS_FTP Pro" = Ipswitch WS_FTP Pro "Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7 "X10Hardware" = X10 Hardware(TM) "ZoneAlarm" = ZoneAlarm ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 13.08.2010 12:13:43 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 13.08.2010 12:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 13:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 14:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 15:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 16:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 17:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 14.08.2010 11:10:42 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 14.08.2010 11:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 14.08.2010 12:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = [ Application Events ] Error - 13.08.2010 12:13:43 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 13.08.2010 12:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 13:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 14:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 15:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 16:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 13.08.2010 17:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 14.08.2010 11:10:42 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 14.08.2010 11:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = Error - 14.08.2010 12:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20 Description = [ OSession Events ] Error - 30.06.2009 11:44:52 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 184 seconds with 0 seconds of active time. This session ended with a crash. Error - 30.06.2009 12:03:47 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 189 seconds with 0 seconds of active time. This session ended with a crash. Error - 12.07.2009 03:36:35 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 78 seconds with 60 seconds of active time. This session ended with a crash. Error - 06.08.2009 15:31:23 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 241 seconds with 60 seconds of active time. This session ended with a crash. Error - 06.08.2009 15:54:45 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1394 seconds with 60 seconds of active time. This session ended with a crash. Error - 31.08.2009 08:11:44 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 64 seconds with 0 seconds of active time. This session ended with a crash. Error - 04.01.2010 18:35:56 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 843 seconds with 360 seconds of active time. This session ended with a crash. Error - 25.02.2010 10:17:23 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20536 seconds with 660 seconds of active time. This session ended with a crash. Error - 03.03.2010 03:31:45 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 371 seconds with 120 seconds of active time. This session ended with a crash. Error - 07.03.2010 14:21:40 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9325 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 13.08.2010 07:21:26 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 13.08.2010 07:21:26 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TrueVector Internet Monitor. Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TrueVector Internet Monitor. Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst "Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058 < End of report > |
16.08.2010, 08:25 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen 40 TAN TrojanerZitat:
Folge dem Artikel zur Neuinstallation des Betriebssystems.
__________________ |
16.08.2010, 11:15 | #3 |
| Sparkassen 40 TAN Trojaner Kann man anhand der Dateien sehen,
__________________wo sich der Trojaner befindet? Wie er heißt? Wo er herkommt? Wer Schuld ist? |
16.08.2010, 11:26 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen 40 TAN TrojanerZitat:
Du minimierst das Risiko deutlich, wenn Du beim Surfen auf Adminrechte verzichtest und Deine Programme, Windows und den IE ständig aktuell hälst.
__________________ Logfiles bitte immer in CODE-Tags posten |
16.08.2010, 11:48 | #5 |
| Sparkassen 40 TAN Trojaner Alles klar. Nachdem die Sparkasse den Zugang gelöscht hat, kann ich nicht mehr nachschauen, ob sich der Trojaner noch im System befindet, da er sich ja nur meldet, wenn ich mich eingeloggt habe. Gibt es eine Möglichkeit zu überprüfen, ob er noch da ist??? |
16.08.2010, 12:02 | #6 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen 40 TAN TrojanerZitat:
__________________ --> Sparkassen 40 TAN Trojaner |
Themen zu Sparkassen 40 TAN Trojaner |
0x00000001, 40 tan, 40tan, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, components, crypto, decrypter, desktop, downloader, druck, einstellungen, error, excel.exe, festplatte, firefox, google, home, iastor.sys, installation, kaspersky, location, logfile, media center, microsoft office word, mozilla, msvcr80.dll, object, office 2007, oldtimer, plug-in, realtek, registry, rundll, safer networking, saver, sched.exe, security, security update, senden, service pack 1, software, sptd.sys, staropen, super, tan trojaner, trojane, trojaner, virus, vlc media player, windows internet, windows internet explorer, wrapper |