| |
| |||||||
Log-Analyse und Auswertung: syspck32.exe Win32/Rootkit.Kryptik.AF trojanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.09.2010, 07:12
| #1 |
 |  syspck32.exe Win32/Rootkit.Kryptik.AF trojan Hallo, ich hatte (oder habe immer noch?) auf meinem Rechner Malware. Das äußerte sich z.B. durch eine Datei namens syspck32.exe im Autostart-Ordner und avdrn.dat im "Anwendungsdaten"-Ordner. Ich habe Malwarebytes und meinen Virenscanner (ESET Nod32) genutzt, um etliche Einträge und Dateien (zumeist unter ...\system32\drivers - vom Virenscanner als "Win32/Rootkit.Kryptik.AF trojan" gekennzeichnet: ~60 Dateien mit der gleichen Größe) zu entfernen. Nach erneutem Durchlauf findet Malwarebytes als auch der Virenscanner nichts Verdächtiges mehr. Lt. Anleitung hier in diesem Forum habe ich nochmal alle Tools, die es über "load.exe" zu laden gibt, durchlaufen lassen. MalwareBytes LOG: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4656
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20.09.2010 15:46:03
mbam-log-2010-09-20 (15-46-03).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146214
Laufzeit: 10 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:46 on 20/09/2010 (*******)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
Gmer.txt Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-21 03:25:36
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\MAXIMI~1\LOKALE~1\Temp\kxrdqpow.sys
---- System - GMER 1.0.15 ----
SSDT 89C09580 ZwAssignProcessToJobObject
SSDT 89C0A100 ZwDebugActiveProcess
SSDT 89C09B30 ZwDuplicateObject
SSDT 89C08CC0 ZwOpenProcess
SSDT 89C08FC0 ZwOpenThread
SSDT 89C099C0 ZwProtectVirtualMemory
SSDT 89C09860 ZwSetContextThread
SSDT 89C096E0 ZwSetInformationThread
SSDT 89C06700 ZwSetSecurityObject
SSDT 89C09420 ZwSuspendProcess
SSDT 89C092C0 ZwSuspendThread
SSDT 89C08E50 ZwTerminateProcess
SSDT 89C09150 ZwTerminateThread
SSDT 89C09F50 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xB9C59ABF]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[332] ntdll.dll!LdrLoadDll 7C9263C3 5 Bytes JMP 004013F0 C:\Programme\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Programme\Mozilla Firefox\firefox.exe[332] WS2_32.dll!connect 71A14A07 5 Bytes JMP 04852850 C:\Programme\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[332] WS2_32.dll!WSAConnect 71A20C81 5 Bytes JMP 04852A50 C:\Programme\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabKernel.dll
.text C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe[1956] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x05 0x8E 0xBD 0x29 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xC7 0x2B 0xB1 0xB1 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x62 0x2B 0x08 0xDF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xDB 0x11 0x49 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x47 0x91 0xD7 0xA0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x98 0x3F 0xBE 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x5A 0xF3 0xEB 0x13 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xB7 0x16 0x05 0x61 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xF0 0x1B 0x3E 0x8E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xCD 0x4E 0xC2 0x36 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x4A 0x2F 0xBE ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xB1 0xCF 0x01 0x7D ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x1E 0x9D 0xC7 0x27 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0x4A 0x2F 0xBE ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xDA 0x31 0x5B 0xF1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x34 0x44 0x60 0x5D ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 3B2C00A74762A1F89A4A9495728923323A7727628EF902060A668ACABA6B6301D84373FC0C36695852B00CD3606FC78B94899C65B857FCD451FE3DDD1D2209F50200A12F1E7E40C526EDED08597C27999BA99BA51B3C62747C6CF0EE806DB392936B0ADC3A238CB4DDD1E83FD070A64E9F8FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933FEBC9E127BECC74C5D575E7D6A3B9808C038D530D6EB345254EC4C8791926AF11C50EA4BD63E00D251FB123311B4C0DF8087C4BB1D67D1C270E8434D6917B320B7314A579AFE53E66817F7C4B3422EE644D4ADBA5C3404B77F5311A9266A976F9CA714AC74A387B4CEDE0B3C627DA889749C62ACC7F27B7F9A85CBFE45B634A913F8138261D5C2E51E26F244B82BFD799D5F8150BEA5D3F2DC4BAA42855C0968E8DF3B22A2718E7DF3B2791D9BC6633B4D8FCFFB630507BB67E58BFB6A6FFB1DEE8BA26BBC8659CE72418C182EFBEEAA9595B5169EF975585B8B6FCA3E37568A781C01CEF9D975043F80419EDDAC9BF38E4DBD1C19A2651CE1637A5F8C2FC5C75F28365367E41B978391CCAAD6EDCA99D208191E4452FD2DA68CF47E2406DCC100B94492D4D2E1DDEB8D0BCB8A0B3E717F081A40D10FCB87D816CD029A200FB9BA4E50BC5905C9F72CFE79A532801E24B8873BB93A9
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 539D3ED1966AF8AFA671C2B66CE4F82E44721BCF221C3EB25FA863369F3A29150A834F4FB9B18200B1F5D4CCAFCB70182467E07FB771F6F5A069AA71A15A0CEE08CB09DD027C39AB8C71DD6F704ECF12F804904E5ADF28FB076B9701DABDF644CB9D1720AEA32F97A4368353330473A6C2E9E6266CDA1994453D20A2AF513B4857144646C835DD7EECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667A6171C11EC38DE3DA6171C11EC38DE3DE69390472A03F2EDB053C3577738BD9B986A3AD0B8125D0D4BED55BAE9EAED7212F37A507A07D7F55AF18E2F47BC606E1722AD135B2297AAE981C02A05540F451E595A6B3B47DF097BD86B0D512A096BDB41BFFEFC5412111A1E5176A7D005665212669595EA394067308411DA4E6B9BE5E6B0701E4222DAABF97BE02E636C22688EE710E37A64BB66419A1B5CDE0D0FAAD7538CF6E7F4A7DEF448ED2E6F35C90E65BFE03965B51B32FC7E5384F14658117C12BA71A4071BE60ED6E3EE3FA3316451DC4F59FD5604F9F49A223481460D76DEE7A4ACBEAC5CEEE95650EA00CD32032FC7E83C7AC2A061606737816F8EC7A8B0663B7A5D0C1813D28C825344A1A7F3029A008E764B9EFE19F584B57EF4296DC4B031610D9FFCE435D30F8AFEDCF333EE02A9B06E9
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter OTL logfile created on: 21.09.2010 03:29:19 - Run 1 OTL by OldTimer - Version 3.2.14.0 Folder = C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free Paging file location(s): C:\pagefile.sys 765 1400 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 32,23 Gb Total Space | 7,22 Gb Free Space | 22,41% Space Free | Partition Type: NTFS Drive D: | 42,30 Gb Total Space | 1,88 Gb Free Space | 4,45% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: NOTEBOOK Current User Name: NUTZER Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.09.20 15:27:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools\OTL.exe PRC - [2009.12.15 11:24:48 | 000,293,376 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer\gmer.exe PRC - [2009.09.11 08:24:32 | 000,735,960 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe PRC - [2009.09.11 08:23:46 | 002,054,360 | ---- | M] (ESET) -- C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe PRC - [2009.07.09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (SafeList) ========== MOD - [2010.09.20 15:27:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools\OTL.exe MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2006.05.03 23:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) SRV - [2010.04.06 21:45:23 | 001,265,264 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe -- (aawservice) SRV - [2009.09.11 08:33:18 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv) SRV - [2009.09.11 08:24:32 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - [2009.07.09 12:22:18 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.10.24 16:35:44 | 000,128,296 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.09.04 07:02:24 | 001,295,616 | ---- | M] (O&O Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2007.08.29 19:27:41 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2006.03.20 13:53:52 | 000,081,920 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\VSGate.exe -- (VSGate) SRV - [2006.03.20 13:34:28 | 000,147,456 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrAdm.exe -- (LcSvrAdm) SRV - [2006.03.20 13:28:50 | 000,217,088 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrHis.exe -- (LcSvrHis) SRV - [2006.03.20 13:23:04 | 001,302,528 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrAuf.exe -- (LcSvrAuf) SRV - [2006.03.20 13:17:40 | 000,368,640 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrPas.exe -- (LcSvrPAS) SRV - [2006.03.20 13:16:12 | 000,233,472 | ---- | M] (Volkswagen AG) [On_Demand | Stopped] -- c:\Programme\ElsaWin_322\bin\LcSvrDba.exe -- (LcSvrDba) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\Sandra.sys -- (SANDRA) DRV - [2009.09.11 08:26:26 | 000,096,408 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir) DRV - [2009.09.11 08:23:50 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv) DRV - [2009.09.11 08:17:16 | 000,116,008 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon) DRV - [2009.03.19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2009.03.19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc) DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.04.13 20:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nscirda.sys -- (NSCIRDA) DRV - [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\Changer.sys -- (Changer) DRV - [2008.04.13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2007.08.29 19:04:13 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006.05.18 10:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2006.05.18 10:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2005.02.10 18:52:36 | 000,157,056 | R--- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21) DRV - [2005.02.08 15:33:06 | 000,970,240 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005.01.25 08:27:14 | 001,038,208 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2005.01.25 08:26:36 | 000,207,616 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2005.01.25 08:26:28 | 000,703,616 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2004.10.29 12:48:10 | 003,222,784 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2004.06.25 08:31:00 | 000,276,480 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camchal.sys -- (CAMCHALA) DRV - [2004.06.25 08:29:00 | 000,034,048 | R--- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camcaud.sys -- (CAMCAUD) DRV - [2003.05.22 04:47:12 | 000,175,360 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2001.11.01 16:30:30 | 000,041,759 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.22 10:02:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.01 19:44:43 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.01.17 14:15:00 | 000,000,000 | ---D | M] [2008.12.05 19:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Extensions [2010.09.20 15:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions [2010.06.25 20:02:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.06.25 20:02:23 | 000,000,000 | ---D | M] (NoScript) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2009.06.06 11:52:18 | 000,000,000 | ---D | M] (IE Tab) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9} [2010.09.14 20:11:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\extensions\firefox@tvunetworks.com [2010.04.08 17:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions [2010.03.08 19:05:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.04.08 17:03:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2010.03.08 19:05:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\hutkynxc.test\extensions\staged-xpis [2010.09.15 13:46:05 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\searchplugins\icqplugin-1.xml [2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Mozilla\Firefox\Profiles\dvuhxngd.default\searchplugins\icqplugin.xml [2010.09.20 15:41:27 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2006.07.31 17:07:16 | 000,098,304 | ---- | M] (Zylom) -- C:\Programme\Mozilla Firefox\plugins\npzylomgamesplayer.dll [2010.08.01 19:44:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.01 19:44:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.01 19:44:31 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.01 19:44:31 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.01 19:44:31 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Programme\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation) O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [egui] C:\Programme\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O8 - Extra context menu item: &Download by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Programme\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263744009265 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\Programme\ElsaWin_322\bin\wiprot.dll (TODO: <Company name>) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.08.28 23:49:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell - "" = AutoRun O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{02c7e5b6-c671-11dc-b627-0016360ddfaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell - "" = AutoRun O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{302abbda-bb91-11dc-b60d-0016360ddfaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: ciphtdde - (C:\WINDOWS\system32\ntvdyi64.dll) - C:\WINDOWS\System32\ntvdyi64.dll File not found O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "SandraAgentSrv" MsConfig - Services: "gusvc" MsConfig - Services: "Adobe LM Service" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Acrobat - Schnellstart.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^NUTZER^Startmenü^Programme^Autostart^syspck32.exe - C:\Dokumente und Einstellungen\NUTZER\Startmenü\Programme\Autostart\syspck32.exe - File not found MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= - File not found MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ6\ICQ.exe File not found MsConfig - StartUpReg: ICQ Lite - hkey= - key= - C:\Programme\ICQLite\ICQLite.exe File not found MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: OODefragTray - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe File not found MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Java\jre1.6.0_03\bin\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SystemTray - hkey= - key= - File not found MsConfig - StartUpReg: THGuard - hkey= - key= - C:\Programme\TrojanHunter 5.0\THGuard.exe File not found MsConfig - StartUpReg: updateMgr - hkey= - key= - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm () Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll () Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation) Unable to start service SrService! ========== Files/Folders - Created Within 90 Days ========== [2010.09.20 15:52:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer [2010.09.20 15:33:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.09.20 15:32:31 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.09.20 15:27:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools [2010.09.19 14:05:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\2010-09-19 [2010.09.16 17:22:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\NUTZER\Recent [2010.09.14 20:11:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\TVUAx [2010.09.13 18:35:02 | 000,000,000 | ---D | C] -- C:\backup [2010.09.10 16:12:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Fussboden [2010.08.18 22:32:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Wohnung_Baederstrasse_4 [2010.08.05 21:34:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Profilfotos [2010.07.04 21:14:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\DEU-ARG [2010.07.03 15:19:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Suedafrika_Janni [2010.06.26 12:45:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\AOL [2010.06.26 12:44:58 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.2 [2008.03.23 12:00:34 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lexlog.dll [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.09.20 15:51:20 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.09.20 15:48:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.09.20 15:48:01 | 001,318,635 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor [2010.09.20 15:47:20 | 012,058,624 | -H-- | M] () -- C:\Dokumente und Einstellungen\NUTZER\NTUSER.DAT [2010.09.20 15:47:20 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\NUTZER\ntuser.ini [2010.09.20 15:46:59 | 000,000,020 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\defogger_reenable [2010.09.20 15:27:17 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer.zip [2010.09.20 15:27:17 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\defogger.exe [2010.09.20 15:24:03 | 000,388,659 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Load.exe [2010.09.19 14:11:58 | 001,094,246 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0003.BMP [2010.09.19 14:07:23 | 001,094,246 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0002.BMP [2010.09.19 14:06:37 | 000,088,190 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0001.BMP [2010.09.17 21:08:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010.09.17 21:08:05 | 000,089,088 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.17 06:58:28 | 000,040,261 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Einstellungstests - Bewerbu...pdf [2010.09.16 20:20:52 | 000,026,112 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Anschreiben Polizei.doc [2010.09.16 18:56:50 | 000,000,162 | -H-- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\~$schreiben Polizei.docm [2010.09.14 19:10:20 | 002,505,423 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Osmo-Optimal-behandelt_2009.pdf [2010.09.14 19:04:38 | 001,470,490 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Holzbodenoele.pdf [2010.09.14 18:32:53 | 000,907,934 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Technisches%20Merkblatt%20Bona%20Mix%20und%20Fill.pdf [2010.09.12 19:32:42 | 000,001,517 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.usr [2010.09.08 17:20:41 | 000,025,600 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Eigene Dateien\Anschreiben Polizei.doc [2010.08.12 20:02:47 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.12 17:05:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.12 16:54:35 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.12 16:54:34 | 001,006,570 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.12 16:54:34 | 000,452,544 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2010.08.12 16:54:34 | 000,081,324 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2010.08.12 16:54:34 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.07.29 20:00:29 | 000,000,624 | ---- | M] () -- C:\WINDOWS\win.ini [2010.07.29 20:00:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010.07.29 20:00:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2010.06.30 21:54:39 | 000,004,475 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\HearstCastle.jpg [2010.06.30 21:49:09 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Kosten_SA.xls [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.20 15:46:52 | 000,000,020 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\defogger_reenable [2010.09.20 15:27:17 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\defogger.exe [2010.09.20 15:27:15 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Gmer.zip [2010.09.20 15:24:03 | 000,388,659 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Load.exe [2010.09.19 14:11:47 | 001,094,246 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0003.BMP [2010.09.19 14:07:12 | 001,094,246 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0002.BMP [2010.09.19 14:06:33 | 000,088,190 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\MC_Abrechnung0001.BMP [2010.09.17 06:58:28 | 000,040,261 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Einstellungstests - Bewerbu...pdf [2010.09.16 18:59:46 | 000,026,112 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Anschreiben Polizei.doc [2010.09.16 18:56:50 | 000,000,162 | -H-- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\~$schreiben Polizei.docm [2010.09.14 19:10:20 | 002,505,423 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Osmo-Optimal-behandelt_2009.pdf [2010.09.14 19:04:38 | 001,470,490 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Holzbodenoele.pdf [2010.09.14 18:32:53 | 000,907,934 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Technisches%20Merkblatt%20Bona%20Mix%20und%20Fill.pdf [2010.09.08 17:20:40 | 000,025,600 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Eigene Dateien\Anschreiben Polizei.doc [2010.08.08 21:04:14 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.06.30 21:54:38 | 000,004,475 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\HearstCastle.jpg [2010.06.28 15:45:23 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Desktop\Kosten_SA.xls [2010.04.06 22:35:09 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010.02.28 16:27:27 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\V0WIN771.SYS [2010.02.13 17:03:16 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2009.10.05 21:49:09 | 000,000,218 | -H-- | C] () -- C:\WINDOWS\V0WIN769.SYS [2009.10.05 21:47:47 | 000,000,051 | ---- | C] () -- C:\WINDOWS\TSetup.INI [2009.08.29 23:21:35 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2009.01.31 10:22:55 | 000,000,056 | ---- | C] () -- C:\WINDOWS\Acroread.ini [2009.01.28 20:25:58 | 000,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll [2008.12.13 18:41:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2008.12.13 18:39:59 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2008.11.02 21:32:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2008.09.19 16:44:21 | 000,000,035 | ---- | C] () -- C:\WINDOWS\m_s.ini [2008.03.23 12:00:31 | 000,000,709 | ---- | C] () -- C:\WINDOWS\LMAAX2DD.ini [2008.03.23 08:49:20 | 000,000,157 | ---- | C] () -- C:\WINDOWS\matlab.ini [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2008.01.11 19:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wiso.ini [2008.01.09 23:46:02 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\706E5248BC.sys [2008.01.09 23:34:27 | 000,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2007.12.22 13:08:09 | 000,000,253 | ---- | C] () -- C:\WINDOWS\tm.ini [2007.12.01 19:28:40 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2007.10.28 23:04:13 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini [2007.08.29 21:57:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007.08.29 20:37:24 | 000,089,088 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.08.29 20:16:00 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2007.08.29 19:32:24 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2007.08.29 19:32:17 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.08.29 19:32:16 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2007.08.29 19:32:11 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2007.08.29 19:32:11 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2007.08.29 19:14:28 | 000,000,928 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.08.29 00:20:53 | 000,001,366 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\FASTWiz.html [2007.08.29 00:01:53 | 000,033,503 | ---- | C] () -- C:\Dokumente und Einstellungen\NUTZER\Lokale Einstellungen\Anwendungsdaten\FASTWiz.log [2005.08.22 05:44:00 | 000,012,244 | ---- | C] () -- C:\WINDOWS\MSUMLT_Y.INI [2004.01.13 18:46:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI ========== LOP Check ========== [2009.12.20 18:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2010.04.29 16:27:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2010.02.04 19:59:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Downloaded Installations [2008.09.18 19:26:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2009.10.05 21:46:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HSETU [2009.09.17 23:54:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2009.09.27 18:56:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OfficeRecovery [2009.09.17 23:41:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2008.07.08 20:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TechSmith [2010.03.16 21:30:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2008.12.29 22:14:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2010.04.06 21:42:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2009.08.29 15:01:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.02.28 12:56:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\BOM [2010.01.17 13:16:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\BPFTP [2008.03.08 11:42:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Canon [2008.09.10 16:02:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Dev-Cpp [2009.11.09 21:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\GrabPro [2010.09.18 19:14:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\ICQ [2008.03.01 10:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\ICQ Toolbar [2007.12.20 16:14:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\ICQLite [2009.08.29 15:35:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\MPEG Streamclip [2009.09.17 23:30:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Nokia [2009.09.17 23:57:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Nseries [2010.09.19 20:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Orbit [2009.09.17 23:41:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\PC Suite [2008.12.13 18:51:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\Samsung [2010.02.25 18:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\streamripper [2008.07.08 20:44:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\TechSmith [2009.01.28 20:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\TrojanHunter [2010.04.12 19:36:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NUTZER\Anwendungsdaten\WinEdt [2010.04.09 15:59:29 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010.09.20 15:47:59 | 000,021,109 | ---- | M] () -- C:\aaw7boot.log [2007.08.28 23:49:28 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010.07.29 20:00:29 | 000,000,211 | -HS- | M] () -- C:\boot.ini [2004.08.04 14:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2007.08.28 23:49:28 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007.08.28 23:49:28 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2007.08.29 18:42:00 | 000,000,006 | ---- | M] () -- C:\ISACER.ID [2010.08.02 21:26:45 | 000,000,158 | ---- | M] () -- C:\mbam-error.txt [2007.08.28 23:49:28 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004.08.04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008.08.27 21:33:51 | 000,251,712 | RHS- | M] () -- C:\ntldr [2010.09.20 15:48:04 | 802,160,640 | -HS- | M] () -- C:\pagefile.sys < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.04.18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006.06.29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.06.29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2007.08.28 23:48:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2003.06.18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll [2005.08.22 05:44:00 | 000,010,240 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\MIMFPR_Y.DLL [2008.07.06 12:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.08.29 01:32:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2007.08.29 01:32:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2007.08.29 01:32:18 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\user32.dll /md5 > [2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll < MD5 for: EXPLORER.EXE > [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: WINLOGON.EXE > [2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 48 bytes -> C:\Dokumente und Einstellungen\All Users\DRM:الهريرة @Alternate Data Stream - 130 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8B4F37E5 @Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A5B56640 < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.09.2010 03:29:19 - Run 1
OTL by OldTimer - Version 3.2.14.0 Folder = C:\Dokumente und Einstellungen\NUTZER\Desktop\MFTools
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): C:\pagefile.sys 765 1400 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,23 Gb Total Space | 7,22 Gb Free Space | 22,41% Space Free | Partition Type: NTFS
Drive D: | 42,30 Gb Total Space | 1,88 Gb Free Space | 4,45% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NOTEBOOK
Current User Name: NUTZER
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Disabled:ElsaWinRPC
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath -- File not found
"C:\Dokumente und Einstellungen\NUTZER\Desktop\eMule0.48a\emule.exe" = C:\Dokumente und Einstellungen\NUTZER\Desktop\eMule0.48a\emule.exe:*:Enabled:eMule -- File not found
"C:\Programme\eMule0.48a\emule.exe" = C:\Programme\eMule0.48a\emule.exe:*:Enabled:eMule -- (hxxp://www.emule-project.net)
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component -- (TVU networks)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts -- (Zhejiang University)
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP1\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- File not found
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Orbitdownloader\orbitdm.exe" = C:\Programme\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Orbitdownloader\orbitnet.exe" = C:\Programme\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1" = WikidPad 1.7
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8304BFDD-2852-4ABB-9412-2EFA1D8FA561}" = HS Energieberater 6 Plus
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9112CADD-8FC9-4B75-BB46-40D9544D4359}}_is1" = dena - Energieausweis für Gebäude 3.0 (Formularapplikation)
"{9112CXXX-8FC9-4B75-BB46-40D9544D4657}}_is1" = dena - Energieausweis für Gebäude
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F59C3AE-81B0-4EF6-9762-D674BB079705}" = Nokia Software Updater
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A35883BD-9C83-4625-82F3-90F86728C662}" = FreeUndelete
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CADE1721-0AE3-4FE9-B37F-CF98CA42A14F}" = Borland Database Engine
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D8E1DFEE-622B-46BA-AEFF-AB7E541C0B21}" = Steuer-Spar-Erklärung 2010
"{DA0BF7AB-88EB-4675-8FA1-531EAD938821}" = SnagIt 8
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E3FED8DD-4690-4E7D-BC23-6C6494CC0443}" = Nokia Ovi Suite
"{E653C735-0D84-AD30-7C75-91C8DC421031}" = Nero 7 Demo
"{E6CB18CD-04EF-4C6A-A5F3-5F49E7332895}" = O&O Defrag Professional Edition
"{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = TIxx21/x515
"{EFA800BF-C5C8-46D1-B49D-13920D05417C}" = ESET NOD32 Antivirus
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F9EA1C47-64A6-45E4-9A80-8CC1575B971D}" = Nokia Ovi System Utilities
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Windows-Treiberpaket - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Windows-Treiberpaket - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AFPL Ghostscript 8.51" = AFPL Ghostscript 8.51
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"ATI Display Driver" = ATI Display Driver
"Biet-O-Matic v2.12.6" = Biet-O-Matic v2.12.6
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00661025" = SoftV92 Data Fax Modem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ElsaWin" = ElsaWin
"ERUNT_is1" = ERUNT 1.1j
"EVA2009" = EVA2009
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FixFoto_is1" = FixFoto 2.82
"FTDICOMM" = FTDI USB Serial Converter Drivers
"GSview 4.8" = GSview 4.8
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{E7A744FD-E1B8-4FF6-ADC1-EA4C32181457}" = Texas Instruments PCIxx21/x515 drivers.
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.3.5 Full
"Lexmark_HostCD" = Lexmark Software deinstallieren
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.6" = MiKTeX 2.6
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3018
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.0.3
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.4.7.2
"Ulisess Seguridad 10B" = Ulisess Seguridad 10B
"VAG-COM311_DE" = VAG-COM 311 Deutsch
"VLC media player" = VLC media player 1.0.1
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinEdt_is1" = WinEdt
"WinMerge_is1" = WinMerge 2.12.4
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 04.07.2010 14:27:16 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3828, fehlgeschlagenes
Modul sqlite3.dll, Version 3.6.22.0, Fehleradresse 0x0006006e.
Error - 07.07.2010 13:44:15 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung plugin-container.exe, Version 1.9.2.3828,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x0000100b.
Error - 15.07.2010 09:17:22 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.9.2.3828, fehlgeschlagenes
Modul grabxpcom.dll, Version 0.0.0.0, Fehleradresse 0x0001d478.
Error - 02.08.2010 15:22:21 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 02.08.2010 15:23:04 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 08.08.2010 10:45:00 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 08.08.2010 10:45:37 | Computer Name = NOTEBOOK | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
Error - 03.09.2010 09:47:36 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 7.0.8.218, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x24002bcb.
Error - 16.09.2010 12:57:24 | Computer Name = NOTEBOOK | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.
Error - 17.09.2010 00:57:38 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrobat.exe, Version 7.0.8.218, fehlgeschlagenes
Modul acrobat.dll, Version 7.1.0.649, Fehleradresse 0x0004675d.
[ System Events ]
Error - 07.09.2010 11:49:24 | Computer Name = NOTEBOOK | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{9C623475-FAF8-4E0D-B897-EC7801EDBAE0} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 07.09.2010 13:41:19 | Computer Name = NOTEBOOK | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{9C623475-FAF8-4E0D-B897-EC7801EDBAE0} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 13.09.2010 09:55:19 | Computer Name = NOTEBOOK | Source = PlugPlayManager | ID = 12
Description = Das Gerät "TOSHIBA CD/DVDW SD-R6472" (IDE\CdRomTOSHIBA_CD/DVDW_SD-R6472________________TU51____\3531373630313831353820202020202020202020)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Bonjour-Dienst" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.09.2010 09:29:50 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 20.09.2010 09:29:51 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe LM Service" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 20.09.2010 21:29:44 | Computer Name = NOTEBOOK | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 20.09.2010 21:29:44 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
< End of report >
Für alle Antworten schon mal Danke im Voraus! Grüße |
| Themen zu syspck32.exe Win32/Rootkit.Kryptik.AF trojan |
| 0 bytes, 0x00000001, acroiehelper.dll, ad-aware, adobe, alternate, antivirus, bho, bonjour, components, controlset002, defogger, defogger_disable.log, desktop, downloader, einstellungen, ekrn.exe, email, eset nod32, extras.txt, firefox, firefox.exe, flash player, hijack, hijackthis, jusched.exe, load.exe, location, logfile, maßnahme, mmc.exe, mozilla, mozilla thunderbird, national, netzwerk, ntdll.dll, oldtimer, otl.txt, picasa, plug-in, registry, required, rundll, saver, scan, searchplugins, shell32.dll, skype.exe, software, starten, super, system, system restore, temp, trojan, udp, vlc media player, windows internet, windows internet explorer |
Baum-Darstellung