e-mail missbrauch durch trojaner?

miri 1 · 02.10.2010, 19:38

Hallo,
von meinem pc wurde vermutlich durch dritte mein e-mail telefonbuch geknackt weil unter meinem e-mail namen an viele adressen eine spam-mail versendet wurde die nicht von mir stammt.
Hier der Logfile von hijackthis: Bitte um überprüfung
HiJackthis Logfile:

Code:

ATTFilter

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:59:47, on 14.04.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16809)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\aol\1177122876\ee\aolsoftware.exe
C:\Program Files\Common Files\Logitech\QCDriver2\LVComS.exe
C:\Program Files\Real\RealPlayer\realplay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe
C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe
C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
C:\PROGRA~1\T-Online\T-ONLI~1\Notifier\Notifier.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\AOL 9.0 VRa\waol.exe
C:\Program Files\AOL 9.0 VRa\shellmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = htt://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = htt://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = htt://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = htt://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = htt://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = htt://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~1\TerraTec\TERRAT~1\THCDES~1.DLL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1177122876\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [QCDriverInstaller] C:\PROGRA~1\COMMON~1\Logitech\QCDRIV~1\Lqdsw.exe /addrun /l 1031 /LaunchAtStart
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [qpepdbwf] C:\ProgramData\qpepdbwf\lmnobixg.exe
O4 - HKCU\..\Run: [Sly1cjZbeI] C:\ProgramData\jovytitq\bktubihk.exe
O4 - HKCU\..\Run: [f4a5939e] rundll32.exe "C:\Users\Claudia\AppData\Local\Temp\fxnyiglg.dll",b
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VRa\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: p6_19_erinnerung.lnk = C:\Program Files\phase6\phase6_19\WinStart\WinStart.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\Windows\system32\Shdocvw.dll
O13 - Gopher Prefix: 
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - hxxp://ww.ipix.com/viewers/ipixx.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - htt://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
 
--
End of file - 8989 bytes

--- --- ---

markusg · 02.10.2010, 20:45

ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

miri 1 · 02.10.2010, 23:46

mOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 02.10.2010 22:33:17 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Claudia\Documents\Downloads
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
447,00 Mb Total Physical Memory | 100,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 27,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 77,70 Gb Total Space | 20,97 Gb Free Space | 26,99% Space Free | Partition Type: NTFS
Drive D: | 63,34 Gb Total Space | 51,62 Gb Free Space | 81,49% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 587,09 Mb Free Space | 83,59% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 3,74 Gb Total Space | 2,64 Gb Free Space | 70,71% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: CLAUDIA-PC
Current User Name: Claudia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Claudia\Documents\Downloads\OTL.ex (OldTimer Tools)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
PRC - C:\Programme\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
PRC - C:\Programme\AOL 9.0 VRa\shellmon.exe (AOL, LLC.)
PRC - C:\Programme\AOL 9.0 VRa\waol.exe (AOL, LLC.)
PRC - C:\Programme\Brother\ControlCenter3\BrccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - c:\Programme\Powercinema\Kernel\TV\CLSched.exe ()
PRC - c:\Programme\Powercinema\Kernel\TV\CLCapSvc.exe ()
PRC - C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Programme\Common Files\aol\1177122876\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Claudia\Documents\Downloads\OTL.ex (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (BcmSqlStartupSvc) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- c:\Program Files\Powercinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe ()
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (o1394bul) -- C:\Users\Claudia\AppData\Local\Temp\o1394bul.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (SymSMR130) -- C:\Windows\System32\drivers\SymSMR130.SYS (Symantec Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (acedrv09) -- C:\Windows\System32\drivers\acedrv09.sys (Protect Software GmbH)
DRV - (acehlp09) -- C:\Windows\System32\drivers\acehlp09.sys (Protect Software GmbH)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (AF15BDA) Cinergy T USB XE (MKII) -- C:\Windows\System32\drivers\AF15BDA.sys (AfaTech                  )
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (PID_0920) Logitech QuickCam Express(PID_0920) -- C:\Windows\System32\drivers\LV532AV.SYS (Logitech Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = htp://format.packardbell.com/cgi-bin/redirect/?country=DE&range=AD&phase=8&key=IESTART
IE - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = htp://www.google.de/
IE - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: "htp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.startup.homepage: "htp://de.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Google"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://ww.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "htp://www.yahoo.com/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.14 12:54:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.02 22:21:06 | 000,000,000 | ---D | M]
 
[2008.08.28 18:04:45 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\mozilla\Extensions
[2010.10.02 22:27:54 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\lkoirlao.default\extensions
[2009.08.09 11:44:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\lkoirlao.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.03 13:27:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\lkoirlao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.08.09 08:51:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\lkoirlao.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.09.12 14:33:42 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Claudia\AppData\Roaming\mozilla\Firefox\Profiles\lkoirlao.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.09.12 14:33:19 | 000,003,915 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Mozilla\FireFox\Profiles\lkoirlao.default\searchplugins\sweetim.xml
[2010.10.02 22:27:54 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2007.04.21 04:21:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.10.02 22:21:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.14 12:54:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 12:54:14 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.14 12:54:14 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 12:54:14 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 12:54:14 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Programme\TerraTec\TerraTec Home Cinema\THCDeskBand.dll (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1177122876\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LVCOMS] C:\Programme\Common Files\Logitech\QCDriver2\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005..\Run: []  File not found
O4 - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2187160593-2300224093-1119510219-1005\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} hxxp://www.ipix.com/viewers/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Claudia\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.05.06 14:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3d420d58-8375-11de-997d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3d420d58-8375-11de-997d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{55ad3605-8404-11de-8a88-b9ee3d6c1684}\Shell - "" = AutoRun
O33 - MountPoints2\{55ad3605-8404-11de-8a88-b9ee3d6c1684}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{d4e4947c-9c6c-11de-af0b-c41d73978b1d}\Shell - "" = AutoRun
O33 - MountPoints2\{d4e4947c-9c6c-11de-af0b-c41d73978b1d}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- [2007.10.23 09:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Programme\Common Files\aol\1177122876\ee\aolsoftware.exe (America Online, Inc.)
MsConfig - StartUpReg: MobileConnect - hkey= - key= -  File not found
MsConfig - StartUpReg: PCMService - hkey= - key= - c:\Program Files\Powercinema\PCMService.exe (CyberLink Corp.)
MsConfig - StartUpReg: Picasa Media Detector - hkey= - key= - C:\Program Files\Picasa2\PicasaMediaDetector.exe File not found
MsConfig - StartUpReg: QCDriverInstaller - hkey= - key= - C:\Programme\Common Files\Logitech\QCDriver2\Lqdsw.exe (Logitech Inc.)
MsConfig - StartUpReg: RealTray - hkey= - key= - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
MsConfig - StartUpReg: SmpcSys - hkey= - key= - C:\Programme\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
MsConfig - StartUpReg: toolbar_eula_launcher - hkey= - key= - C:\Programme\Packard Bell\GOOGLE_EULA\EULALauncher.exe ( )
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WindowsWelcomeCenter - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Adobe Shockwave Director 10.1
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: ccc-core-static - msiexec /fums {B9701D86-3D63-7F49-9948-27670574B4CC} /qb
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.02 22:23:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.10.02 22:21:05 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.10.02 22:21:05 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.10.02 22:21:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.10.02 22:21:05 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.10.02 21:19:37 | 000,063,536 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymSMR130.SYS
[2010.10.02 21:19:14 | 000,000,000 | ---D | C] -- C:\Users\Claudia\AppData\Local\NPE
[2010.09.30 08:26:09 | 000,000,000 | ---D | C] -- C:\Users\Claudia\Documents\IMGP1248
[2010.09.12 14:32:46 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2010.09.12 14:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010.09.03 14:00:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.09.03 13:58:02 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2010.09.03 13:58:00 | 000,712,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.02 23:01:47 | 003,145,728 | -HS- | M] () -- C:\Users\Claudia\ntuser.dat
[2010.10.02 23:00:49 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\Erweiterte Garantie.job
[2010.10.02 22:51:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 22:51:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.02 22:24:48 | 000,001,893 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.10.02 21:19:38 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\SymSMR130.dat
[2010.10.02 21:19:37 | 000,063,536 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SymSMR130.SYS
[2010.10.02 21:19:35 | 000,708,082 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.02 21:19:35 | 000,664,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.02 21:19:35 | 000,144,434 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.02 21:19:35 | 000,124,938 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.02 21:19:34 | 001,636,350 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.10.02 21:01:58 | 000,000,562 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Claudia.job
[2010.10.02 15:32:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.02 08:38:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.02 08:38:16 | 469,032,960 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.02 00:10:44 | 002,745,719 | -H-- | M] () -- C:\Users\Claudia\AppData\Local\IconCache.db
[2010.09.30 08:26:02 | 002,282,684 | ---- | M] () -- C:\Users\Claudia\Documents\IMGP1248.zip
[2010.09.23 23:23:22 | 000,000,425 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010.09.23 23:23:22 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010.09.21 08:04:12 | 000,284,931 | ---- | M] () -- C:\Users\Claudia\Documents\16
[2010.09.20 22:26:32 | 000,040,448 | ---- | M] () -- C:\Users\Claudia\Documents\Mini-PlanSeptember-Oktober2010-1.doc
[2010.09.14 11:46:19 | 000,361,192 | ---- | M] () -- C:\Users\Claudia\Documents\Querido.odt
[2010.09.13 18:14:47 | 001,350,120 | ---- | M] () -- C:\Users\Claudia\Documents\DSC00389.jpg
[2010.09.12 17:36:23 | 000,088,064 | ---- | M] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.12 16:39:02 | 000,839,231 | ---- | M] () -- C:\Users\Claudia\Documents\Lebensmittel-Liste.pdf
[2010.09.12 16:34:14 | 000,159,043 | ---- | M] () -- C:\Users\Claudia\Documents\Figurcoach_Plan_1.pdf
[2010.09.03 17:15:41 | 000,010,752 | ---- | M] () -- C:\Users\Claudia\Documents\EsgibtdaeinenMenschen.doc
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.02 21:19:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\SymSMR130.dat
[2010.09.30 08:25:37 | 002,282,684 | ---- | C] () -- C:\Users\Claudia\Documents\IMGP1248.zip
[2010.09.21 08:04:09 | 000,284,931 | ---- | C] () -- C:\Users\Claudia\Documents\16
[2010.09.20 22:26:30 | 000,040,448 | ---- | C] () -- C:\Users\Claudia\Documents\Mini-PlanSeptember-Oktober2010-1.doc
[2010.09.14 11:45:43 | 000,361,192 | ---- | C] () -- C:\Users\Claudia\Documents\Querido.odt
[2010.09.13 18:14:25 | 001,350,120 | ---- | C] () -- C:\Users\Claudia\Documents\DSC00389.jpg
[2010.09.12 16:38:49 | 000,839,231 | ---- | C] () -- C:\Users\Claudia\Documents\Lebensmittel-Liste.pdf
[2010.09.12 16:34:08 | 000,159,043 | ---- | C] () -- C:\Users\Claudia\Documents\Figurcoach_Plan_1.pdf
[2010.09.03 17:15:32 | 000,010,752 | ---- | C] () -- C:\Users\Claudia\Documents\EsgibtdaeinenMenschen.doc
[2009.10.15 21:17:33 | 000,000,056 | ---- | C] () -- C:\Windows\Bibi9.ini
[2009.09.08 12:08:12 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009.06.23 19:01:38 | 000,007,376 | ---- | C] () -- C:\Users\Claudia\AppData\Local\d3d9caps.dat
[2008.10.21 11:28:52 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.10.21 10:36:37 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.10.14 10:26:53 | 000,000,025 | ---- | C] () -- C:\Windows\CDE CX5400G.ini
[2008.10.11 17:37:27 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2008.10.11 17:34:50 | 000,001,102 | ---- | C] () -- C:\Windows\disney.ini
[2008.10.10 18:35:05 | 000,000,045 | ---- | C] () -- C:\Windows\tkkg_5.ini
[2008.10.07 15:32:11 | 000,000,018 | ---- | C] () -- C:\Windows\gfact.ini
[2008.10.05 20:43:17 | 000,000,670 | ---- | C] () -- C:\Windows\cncscore.ini
[2008.06.02 20:37:41 | 000,000,048 | ---- | C] () -- C:\Windows\PacWorld.ini
[2008.05.16 14:19:41 | 000,000,197 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2008.01.05 23:08:48 | 000,000,277 | ---- | C] () -- C:\Windows\madagascar.ini
[2007.12.01 21:01:55 | 000,015,387 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007.12.01 20:46:03 | 000,000,552 | ---- | C] () -- C:\Windows\_delis32.ini
[2007.08.24 15:33:42 | 000,088,064 | ---- | C] () -- C:\Users\Claudia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.24 15:20:01 | 000,000,095 | ---- | C] () -- C:\Users\Claudia\AppData\Local\fusioncache.dat
[2007.04.21 13:44:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.02.13 09:48:38 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006.11.02 12:25:25 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscld.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[1999.08.10 18:02:20 | 000,116,736 | ---- | C] () -- C:\Windows\System32\LFKODAK.DLL
[1999.08.10 18:02:16 | 000,343,040 | ---- | C] () -- C:\Windows\System32\lffpx7.dll
[1999.04.11 22:54:20 | 000,285,696 | ---- | C] () -- C:\Windows\System32\cncs232.dll
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
 
========== LOP Check ==========
 
[2008.11.18 16:56:02 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\AppData\Roaming\.#
[2007.08.24 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\acccore
[2007.08.26 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Azureus
[2009.08.20 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Graboid Inc
[2009.08.18 21:06:38 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\live-player
[2007.08.24 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Packard Bell
[2008.11.26 14:30:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\PC-FAX TX
[2008.11.11 16:30:43 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ScanSoft
[2007.11.03 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\T-Online
[2009.03.21 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TerraTec
[2007.08.24 16:30:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2009.08.07 19:27:15 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vodafone
[2010.10.02 23:00:49 | 000,000,344 | ---- | M] () -- C:\Windows\Tasks\Erweiterte Garantie.job
[2010.10.02 00:15:53 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2008.11.18 16:56:02 | 000,000,000 | -HSD | M] -- C:\Users\Claudia\AppData\Roaming\.#
[2007.08.24 16:50:59 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\acccore
[2008.01.14 19:54:36 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Adobe
[2009.08.08 16:24:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\AOL
[2007.08.24 15:21:52 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ATI
[2007.08.26 19:51:37 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Azureus
[2008.11.17 17:22:56 | 000,000,000 | R--D | M] -- C:\Users\Claudia\AppData\Roaming\Brother
[2008.09.20 23:00:17 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\CyberLink
[2007.08.24 16:29:02 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Google
[2009.08.20 19:07:36 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Graboid Inc
[2007.08.24 15:17:17 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Identities
[2008.10.21 11:31:28 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\InstallShield
[2009.08.18 21:06:38 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\live-player
[2007.11.11 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Macromedia
[2010.10.02 22:39:12 | 000,000,000 | --SD | M] -- C:\Users\Claudia\AppData\Roaming\Microsoft
[2010.03.09 18:27:59 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Move Networks
[2008.08.28 18:04:45 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Mozilla
[2009.08.18 20:59:31 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\MozillaControl
[2010.09.29 16:26:39 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\OpenOffice.org2
[2007.08.24 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Packard Bell
[2008.11.26 14:30:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\PC-FAX TX
[2007.08.24 17:09:30 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Roxio
[2008.11.11 16:30:43 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\ScanSoft
[2010.03.21 00:42:42 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Sun
[2007.11.03 15:53:46 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\T-Online
[2007.08.24 15:26:59 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Talkback
[2009.03.21 13:54:47 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\TerraTec
[2007.08.24 16:30:53 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Thunderbird
[2009.08.18 21:01:51 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\vlc
[2009.08.07 19:27:15 | 000,000,000 | ---D | M] -- C:\Users\Claudia\AppData\Roaming\Vodafone
 
< %APPDATA%\*.exe /s >
[2010.04.12 21:19:58 | 000,004,286 | R--- | M] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Installer\{680E66F3-1A4D-4221-B017-DF323A8B8DBA}\_24F11A7D03031983DF2FAE.exe
[2010.04.12 21:19:58 | 000,004,286 | R--- | M] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Installer\{680E66F3-1A4D-4221-B017-DF323A8B8DBA}\_6536A90B0865D5C9BD4901.exe
[2010.04.12 21:19:58 | 000,004,286 | R--- | M] () -- C:\Users\Claudia\AppData\Roaming\Microsoft\Installer\{680E66F3-1A4D-4221-B017-DF323A8B8DBA}\_6FEFF9B68218417F98F549.exe
[2010.03.09 18:27:59 | 000,144,053 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Move Networks\uninstall.exe
[2010.02.11 21:31:38 | 000,097,216 | ---- | M] () -- C:\Users\Claudia\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\drivers\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\System32\netlogon.dll
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\System32\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.08.24 15:46:39 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2007.08.24 15:46:36 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2007.08.24 15:46:36 | 000,633,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\System32\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\System32\drivers\ws2ifsl.sys
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.03.09 18:49:34 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2010.03.09 18:49:34 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010.03.09 18:50:34 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2006.11.02 11:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2007.08.24 15:55:51 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\xmas.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\WKHilde2008.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\WHY_THERE_ARE_NO_ITALIAN_MUSLIMS:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\wein3:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Weihnachtskarte2008.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Weihnachten:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Wasula&Patenkinder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Vision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Ulisse001:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Terminliste:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\sitzen_pinkeln:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\simpsons_files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\SantonsFlores:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\RIMG0016.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\restore:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Poskkarten_Tacuri-Lopez_Vorderseite:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\pic28650:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\PeterBond.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\PatentreffenMÜ2010(13):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Patentreffen_2008_1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\pasaka.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Padrinos4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\P1010337.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\notas.bmp:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Neuer Ordner:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Neuer Ordner (6):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Neuer Ordner (4):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Neuer Ordner (3):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Neuer Ordner (2):Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Mini-Plan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\MeineForderungen:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Meine empfangenen Dateien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Maske+Schutzengel.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\MarmaniAdolfoPJan1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Klett:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\JuanCarlosSeco2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\JuanCarlosSeco1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\jamminposterWeb:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\jamminposterWeb.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\InhalteBolivien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMGP1696:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMGP1689:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMGP1248:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMGP1111:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMGP0807:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\img-3111333-0001:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMG_0264_peque:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMG_0032:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Imagen023:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\image001:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\IMAGE_040:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\HPIM0371:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Hirschberg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\HelmutSteiningerfarbig.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\German_Wings_20_05_08.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\FAQ-AR:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Erding:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Emma4:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Eigene PaperPort-Dokumente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSCN1958.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSCN1905:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSCN1789.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC09822.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC04694.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC04218:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC03478:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC03471.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC03325:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC03268.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC03119.jpe:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DSC00257:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\DEP_SITO_FINANCIERO:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Daten_w_IsmaelFlores:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Daten_JuvenalLira:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Comic_Denke.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Claudia.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\CIMG0078.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Chrubasik_C_Übertrag_RiesterRente:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\C2ZUPY-13809538-20090313182932.xml_email:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Brief an Blanca von Wasula und Jan:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Brief an Blanca von Wasula 2:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Blanca:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\BILD0493.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\BILD0492.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\BILD0489.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\BILD0485.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\BILD0483.JPG:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Belgien:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\BABYIBIZAPARTY_1.wmv:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Ausrüstungsliste_Kunde:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\ATT00001:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Anlage:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Amrillis7:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\aham.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\AdolfoMamani1:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\Activision:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\20100602_EinladungPatentreffenMünchen2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\20100531_EinladungHauptversammlung2010:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\20100416_Liste_EmailsPatenkinder:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\20080923_Kaution:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\05-04-18.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\028:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\02.jpg:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Claudia\Documents\0062133368:Roxio EMC Stream
< End of report >

--- --- ---
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 02.10.2010 22:33:18 - Run 1
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Claudia\Documents\Downloads
Windows Vista Home Basic Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
447,00 Mb Total Physical Memory | 100,00 Mb Available Physical Memory | 22,00% Memory free
1,00 Gb Paging File | 0,00 Gb Available in Paging File | 27,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 77,70 Gb Total Space | 20,97 Gb Free Space | 26,99% Space Free | Partition Type: NTFS
Drive D: | 63,34 Gb Total Space | 51,62 Gb Free Space | 81,49% Space Free | Partition Type: NTFS
Drive E: | 702,31 Mb Total Space | 587,09 Mb Free Space | 83,59% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
Drive G: | 6,67 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 3,74 Gb Total Space | 2,64 Gb Free Space | 70,71% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded
 
Computer Name: CLAUDIA-PC
Current User Name: Claudia
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- 
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0538D4D7-9B88-467A-99FA-83C1A9AFF3DA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1DE616D8-EEA1-46DB-A90E-CD793A3E6BE3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{20BF7FB3-1F81-4C97-A5EF-E7C6E6CD924B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{29995701-C635-46D2-83E1-F4D9702E6B58}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{3275D8DC-13C9-4FEA-8C9A-F266FC04E62C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{4044BB46-8C54-438D-8393-E4F87EC18476}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{5B85FFD5-7643-449A-85B8-43D66FC60E27}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6ABDBC36-088E-413D-B813-735AFCD180C1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A1460ADE-24C0-4C4D-BD01-2F2C32EFA5F5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BEABAFDB-7413-486D-BA26-4ECF1227DA3B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C0373BFC-7647-4454-B6D3-904F4D122192}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CA329D81-6F77-4AD1-BC72-6675565520AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E059CA23-D4DE-47F2-8701-8538945D25F2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F74575C0-3C6E-4B76-8A95-99739237EE6E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02AAEDCC-FC54-4E29-A792-9CC118844F17}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{08D6D65B-65A7-4AB0-B5A4-DDE750097DD8}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe | 
"{08EF7F18-23F0-4D64-B95D-77D4851CFEEE}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{0BE919F5-88F7-43C8-BDA0-74ABB8CF663F}" = protocol=17 | dir=in | app=c:\users\claudia\documents\downloads\sweetimsetup.exe | 
"{0D3BE6A0-45DB-4521-9FAE-6E35A0CAE292}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{10856B05-B0DE-43C6-881B-DFA3D58F451F}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{10E49399-4EF7-4DC3-A642-C489B926E7BE}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{12FA3CAD-9237-4694-B355-94E600E540F5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{142CED4C-1344-41F2-841C-3D28DDB84408}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1177122876\ee\aolsoftware.exe | 
"{14DA8D6B-BF56-421B-BD03-4C7722F90AA6}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{238AB740-84CB-4E4C-B059-6A5A4AFA647A}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\local\temp\{d624c62d-5416-4f3f-ab48-d215e4aa257d}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{2A8DAEFE-514E-47CB-A8F5-BC44EBE303CB}" = dir=in | app=c:\program files\powercinema\kernel\dms\clmsservice.exe | 
"{2BCE998D-4AC7-48FE-8AA3-35E6C30B20A4}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{2E7B8F74-5BCE-494F-9056-CBF2867130E7}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{32DEA87D-5E54-4F63-8D51-18687AABA4CD}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{35C152B4-D995-445B-92E5-DB5FBD7576A8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{37648FBD-F314-4A66-A5EB-13D0F078AD2E}" = protocol=17 | dir=in | app=c:\users\claudia\appdata\local\temp\{8d88aee6-6db8-40e9-b61e-7d1db260bda7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{40895471-8DE9-491E-BFAF-14E69010AD51}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\local\temp\{8d88aee6-6db8-40e9-b61e-7d1db260bda7}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\cinergydvrhelper.exe | 
"{46BCEED7-7293-4344-B2B7-AB35D875B030}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4CE506C7-2DB7-460D-9F29-9FC1E221B3CC}" = protocol=6 | dir=in | app=c:\users\claudia\appdata\local\temp\{d624c62d-5416-4f3f-ab48-d215e4aa257d}\{63b9bab5-f36a-4a3b-9e5c-68a7f212bfb9}\insttool.exe | 
"{523DC6E5-B413-41A6-8769-69BA342AD550}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vra\waol.exe | 
"{53425DAA-CB9B-4345-A017-181ED50AF199}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe | 
"{5F8E62D5-CCB9-4E44-9098-9657BF4DBFC4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{5FC76520-6360-45C8-A51D-BC60B04DD14A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{664B8087-FA8C-49DD-8B4B-55C14386D343}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{68AFD3BB-B400-4BBB-AA28-B14BB4A2460F}" = protocol=6 | dir=in | app=c:\program files\powercinema\pcmservice.exe | 
"{6B4D668D-868A-4EE5-B9AB-5505368605C6}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{6EDC9B95-DEB8-4DAD-BA99-5E6476D62179}" = protocol=17 | dir=in | app=c:\program files\powercinema\pcmservice.exe | 
"{70E9B481-54EA-4982-B528-7AB322C2B212}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1177122876\ee\aolsoftware.exe | 
"{77A3F210-C717-4340-832C-916FC516A93E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{850BB1DC-138B-44B6-BB7E-256596AD946B}" = protocol=6 | dir=in | app=c:\program files\powercinema\powercinema.exe | 
"{878E226F-FEA9-4F8C-9E52-972D279D3F27}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{8AF90426-1153-4D1D-9F82-3869B8D77600}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1177122876\ee\aolsoftware.exe | 
"{9262EA7F-8A0E-41F6-A67D-EF7C5C38D20E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{92F088F8-D267-45B7-B8F6-4464EE6EF2B0}" = dir=in | app=c:\program files\powercinema\pcmservice.exe | 
"{953DD229-4CF4-440D-B430-9A476D5B73FD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe | 
"{9D997569-EA79-4182-87E7-C5FB14CE0811}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{ABD3D4D9-BC0A-4704-B7B2-EAE0542EFDA6}" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{AEEDE9DC-CC45-4C1C-9195-AC0D2250357C}" = dir=in | app=c:\program files\powercinema\kernel\dmp\clbrowserengine.exe | 
"{BA75AA19-AAE1-47FE-9A23-4467F84E65A6}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe | 
"{BC80E882-F2F5-45F0-8CC2-496D03590B74}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C671CF0E-8C6A-4B63-B3E6-462DBE419256}" = protocol=6 | dir=in | app=c:\users\claudia\documents\downloads\sweetimsetup.exe | 
"{CC35D0A9-2C57-4E66-A1D4-31689690E946}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe | 
"{CECFFCC5-C52D-452B-9C28-154C8D20DC26}" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D840E092-DCC3-46D3-9C69-521BCBC4803D}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1177122876\ee\aolsoftware.exe | 
"{D8F4DA0A-2C33-4405-8B11-48127662492E}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\tvtvsetup\tvtv_wizard.exe | 
"{DECD273F-DC21-42C5-A726-0FB67E103F71}" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrhelper.exe | 
"{E50AD260-B123-48E8-846E-60B7E70D5271}" = protocol=17 | dir=in | app=c:\program files\powercinema\powercinema.exe | 
"{E9D0DEA0-3CFF-4432-B4B2-979EA766FB1D}" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvr.exe | 
"{EBE8DC77-D5F2-4369-B4E9-706E9B91E24C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe | 
"{F303E5ED-798A-42EC-8792-F0FE6FC66E5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{F5199AC4-ED4F-416F-AEF9-526E43CA23CF}" = dir=in | app=c:\program files\powercinema\powercinema.exe | 
"TCP Query User{1567BDE3-D5DF-4034-A23C-E90F7EC1AE95}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
"TCP Query User{2445EEC4-DB28-40C7-B0A9-2B35DAF98841}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{3B14A3A1-5603-44BD-9E3A-111D9687781B}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"TCP Query User{3E7A9F6B-2878-494A-9CBF-D685F3C053F8}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=6 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"TCP Query User{5B26B3D8-E3C4-47CA-8624-DB5955213B1A}C:\program files\microsoft games\age of empires\empires.exe" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 
"TCP Query User{7463578B-CFAD-4EDC-BF8B-783D1DC6FF7A}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | 
"TCP Query User{EBCCD836-1A19-455A-BE7B-910B880D8373}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{015187D3-BD65-407B-AED9-2411B3ECCFC6}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"UDP Query User{31241E20-0E89-42F2-939C-6280CDE411AA}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"UDP Query User{7951FE05-08E5-4070-AF57-831DCB026567}C:\program files\microsoft games\age of empires\empires.exe" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires\empires.exe | 
"UDP Query User{C01BDB47-0F23-4E10-9527-A873CEC0312D}C:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe" = protocol=17 | dir=in | app=c:\program files\terratec\terratec home cinema\cinergydvrupdate\cinergydvrup_date.exe | 
"UDP Query User{D8B3885F-FB32-43D2-B1F2-0D4C2FF60681}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | 
"UDP Query User{EC2EC996-2140-44B2-B6D2-57A2B778C779}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe | 
"UDP Query User{F5FA5F44-8808-4406-9066-D20480A0EE3C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{0463B519-E4C8-4C16-84AA-4743D1ED91B5}" = Labtec WebCam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{08ED8855-4C2E-429B-A878-F129E1F624FA}" = SweetIM for Messenger 3.2
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar (TM)
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{56624BBF-8925-D5F8-7662-3ABE1BA7EC28}" = Catalyst Control Center Graphics Light
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58A8820A-CCF4-4A6E-A4B9-CECD87D3C7F2}" = ccc-Branding
"{61E7C563-8BDA-4E44-F9A8-F21E29F0F6A8}" = Catalyst Control Center Core Implementation
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{65D70656-D248-4C83-B594-E3029C43B37A}" = phase6_19
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{680E66F3-1A4D-4221-B017-DF323A8B8DBA}" = Gewichtslogger
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CEE2BFB-5F6B-48C9-9348-D2C9D46ADDD7}" = Lauras Tierklinik
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{924901FC-88E8-B25B-C0DD-9E029A6570FC}" = Catalyst Control Center Localization German
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A200E68-D5F4-4E70-910F-2871753A0E2B}" = Worms World Party
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}" = SweetIM Toolbar for Internet Explorer 3.9
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B489D5F8-D960-4399-9286-C59BF21991B5}" = Bärenbrüder
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B7FB0C86-41A4-4402-9A33-912C462042A0}" = Roxio Creator 9 LE
"{B9701D86-3D63-7F49-9948-27670574B4CC}" = ccc-core-static
"{C222C293-2B1F-C94F-088E-D3F55CF732FC}" = ccc-utility
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{E4C7B3EF-B3DB-4BB6-A812-E8FAE47534D3}" = OpenOffice.org 2.2
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}" = The Simpsons Hit & Run(TM)
"{F8C02517-4AC3-4026-8292-ACF23E98A7D7}" = Activision(R)
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"123 Free Memory Card Games" = 123 Free Memory Card Games
"3DJongg" = 3DJongg
"abramania - angeln" = abramania - angeln 1.0
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeReader" = Adobe Reader 8
"Age of Empires" = Microsoft Age of Empires
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5322
"Azureus Vuze" = Azureus Vuze
"Brave Dwarves: Back for Treasures Demo_is1" = Brave Dwarves: Back for Treasures Demo v1.0
"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2
"CCleaner" = CCleaner (remove only)
"CREATOR9" = Creator 9
"Die Wikinger 3: Auf Schatzsuche" = Die Wikinger 3: Auf Schatzsuche
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ESCX5400 Kopierhandbuch" = ESCX5400 Kopierhandbuch
"ESCX5400 Referenzhandbuch" = ESCX5400 Referenzhandbuch
"ESCX5400 Softwarehandbuch" = ESCX5400 Softwarehandbuch
"Fat Dragon Fungames" = Fat Dragon Fungames
"FirefoxDE" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"Grey Olltwit's Bowling Game" = Grey Olltwit's Bowling Game
"Grey Olltwit's Darts" = Grey Olltwit's Darts
"Grey Olltwit's Demolition Dumpout" = Grey Olltwit's Demolition Dumpout
"Grey Olltwit's Ice Hockey" = Grey Olltwit's Ice Hockey
"Grey Olltwit's Jet Ski" = Grey Olltwit's Jet Ski
"Grey Olltwit's One Arm Bandit Game" = Grey Olltwit's One Arm Bandit Game
"Grey Olltwit's Ski Run" = Grey Olltwit's Ski Run
"HijackThis" = HijackThis 2.0.2
"ImageWriter" = Packard Bell ImageWriter
"Infocentre" = Infocentre Rev. 2.0
"InstallShield_{0FB261F3-6F16-43FD-A404-F377C169B937}" = Madagascar
"InstallShield_{F8C02517-4AC3-4026-8292-ACF23E98A7D7}" = Madagascar 2(TM)
"LCDTest" = Packard Bell LCD Test
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NSS" = Norton Security Scan
"OFFICE Ready" = OFFICE Ready
"Picasa 3" = Picasa 3
"PowerCinema5" = Power Cinema 5
"PROHYBRIDR" = 2007 Microsoft Office system
"ProtectDisc Driver" = ProtectDisc Helper Driver
"Rainbow Islands - Candyland (Demo)" = Rainbow Islands - Candyland (Demo)
"RealPlayer 6.0" = RealPlayer 7 Basic
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SETUPMYPC_DE" = SetUp My PC
"Shockwave" = Shockwave player 10
"Superstar Chefs Trial Version_is1" = Superstar Chefs Trial Version 1.29
"Trash Killer 2_is1" = Trash Killer 2
"Updator" = Packard Bell Updator
"VIDEO_RIO" = Video ATI v8.332
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2187160593-2300224093-1119510219-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.10.2010 08:35:27 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.10.2010 08:57:02 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 01.10.2010 18:15:13 | Computer Name = Claudia-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 02.10.2010 02:51:04 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.10.2010 05:09:44 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.10.2010 05:23:17 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.10.2010 17:00:25 | Computer Name = Claudia-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 02.10.2010 17:19:16 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 02.10.2010 17:36:12 | Computer Name = Claudia-PC | Source = MsiInstaller | ID = 1023
Description = 
 
Error - 02.10.2010 17:49:11 | Computer Name = Claudia-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 02.10.2010 18:05:15 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:06:46 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:08:16 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:09:47 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:11:17 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:12:48 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:14:18 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:15:49 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:17:19 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
Error - 02.10.2010 18:18:50 | Computer Name = Claudia-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

--- --- ---

markusg · 03.10.2010, 10:24

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

miri 1 · 03.10.2010, 12:49

hier das Ergebnis:

Combofix Logfile:

Code:

ATTFilter

ComboFix 10-10-02.02 - Claudia 03.10.2010  13:11:22.1.1 - x86
Microsoft® Windows Vista™ Home Basic   6.0.6000.0.1252.49.1031.18.447.132 [GMT 2:00]
ausgeführt von:: c:\users\Claudia\Documents\Downloads\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Claudia\AppData\Roaming\.#
c:\users\Claudia\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\windows\pi.exe
D:\install.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-03 bis 2010-10-03  ))))))))))))))))))))))))))))))
.

2010-10-03 11:29 . 2010-10-03 11:30	--------	d-----w-	c:\users\Claudia\AppData\Local\temp
2010-10-03 11:29 . 2010-10-03 11:29	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-02 20:21 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll
2010-10-02 19:19 . 2010-10-02 19:32	--------	d-----w-	c:\users\Claudia\AppData\Local\NPE
2010-09-12 12:32 . 2010-09-12 12:33	--------	d-----w-	c:\program files\SweetIM
2010-09-12 12:32 . 2010-09-12 12:32	--------	d-----w-	c:\programdata\SweetIM
2010-09-03 12:00 . 2010-09-03 12:00	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-09-03 11:58 . 2008-06-26 03:20	347648	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2010-09-03 11:58 . 2008-06-26 03:20	712704	----a-w-	c:\windows\system32\WindowsCodecs.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-02 20:22 . 2008-06-09 08:52	--------	d-----w-	c:\program files\Common Files\Java
2010-10-02 20:20 . 2008-06-09 08:52	--------	d-----w-	c:\program files\Java
2010-10-02 19:19 . 2009-12-22 17:26	--------	d-----w-	c:\programdata\Norton
2010-10-02 19:19 . 2007-04-21 11:49	708082	----a-w-	c:\windows\system32\perfh007.dat
2010-10-02 19:19 . 2007-04-21 11:49	144434	----a-w-	c:\windows\system32\perfc007.dat
2010-10-01 16:56 . 2007-04-21 02:46	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-09-29 14:26 . 2007-11-04 13:40	--------	d-----w-	c:\users\Claudia\AppData\Roaming\OpenOffice.org2
2010-09-15 21:16 . 2007-04-21 02:22	--------	d-----w-	c:\programdata\Microsoft Help
2010-09-03 12:12 . 2007-11-30 22:05	--------	d-----w-	c:\program files\Windows Live
2010-08-30 12:34 . 2010-09-03 11:27	1496064	----a-w-	c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\lkoirlao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 12:33 . 2010-09-03 11:27	43008	----a-w-	c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\lkoirlao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 12:33 . 2010-09-03 11:27	338944	----a-w-	c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\lkoirlao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 12:33 . 2010-09-03 11:27	346112	----a-w-	c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\lkoirlao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-20 10:05 . 2010-08-31 18:38	319488	------w-	c:\programdata\AOL\UserProfiles\All Users\SUDS\CACHE\4525.4.4\TOD_RagaRefreshDE\phx.dll
2010-07-06 09:41 . 2010-08-31 18:38	275784	------w-	c:\programdata\AOL\UserProfiles\All Users\SUDS\CACHE\4525.4.4\WAOLFinder.exe
2007-04-21 02:45 . 2007-04-21 02:45	141824	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-04-21 11:55 . 2007-04-21 11:55	8192	--sha-w-	c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-06-13 15:25	1438520	----a-w-	c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-06-13 1438520]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.0 VRa\AOL.EXE" [2007-06-21 50480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"HostManager"="c:\program files\Common Files\AOL\1177122876\ee\AOLSoftware.exe" [2006-11-14 50736]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-06-07 111928]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
p6_19_erinnerung.lnk - c:\program files\phase6\phase6_19\WinStart\WinStart.exe [2007-2-11 49152]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2007-02-16 16:49	149024	----a-w-	c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2007-02-16 16:57	1945960	----a-w-	c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 00:04	39792	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-11-14 13:47	50736	----a-w-	c:\program files\Common Files\aol\1177122876\ee\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-02-14 18:45	159744	----a-w-	c:\program files\Powercinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCDriverInstaller]
2003-09-04 09:57	270336	----a-w-	c:\progra~1\COMMON~1\Logitech\QCDRIV~1\Lqdsw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2007-12-01 18:47	20480	----a-w-	c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2007-01-11 09:40	232184	----a-w-	c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmpcSys]
2006-10-23 14:49	1092152	----a-w-	c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 11:35	90112	----a-w-	c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
2007-02-20 16:20	28672	----a-w-	c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2007-02-16 16:45	1169776	----a-w-	c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2007-08-24 14:10	1006264	----a-w-	c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2006-11-02 12:34	2159104	----a-w-	c:\windows\System32\oobefldr.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 12:34	201728	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R3 o1394bul;o1394bul;c:\users\Claudia\AppData\Local\Temp\o1394bul.sys [x]
R3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\DRIVERS\LV532AV.SYS [2003-09-04 152576]
S2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [2007-06-18 373568]
S2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [2007-05-30 201696]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
.
Inhalt des "geplante Tasks" Ordners

2010-10-03 c:\windows\Tasks\Erweiterte Garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-04-21 16:38]

2010-10-02 c:\windows\Tasks\Norton Security Scan for Claudia.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-05 07:48]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://home.sweetim.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\lkoirlao.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.startup.homepage - hxxp://de.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\users\Claudia\AppData\Roaming\Mozilla\Firefox\Profiles\lkoirlao.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Claudia\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

MSConfigStartUp-MobileConnect - c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-10-03 13:29
Windows 6.0.6000  NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(720)
c:\windows\system32\relog_ap.dll
.
Zeit der Fertigstellung: 2010-10-03  13:37:55
ComboFix-quarantined-files.txt  2010-10-03 11:37

Vor Suchlauf: 14 Verzeichnis(se), 23.592.628.224 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 23.436.820.480 Bytes frei

- - End Of File - - 217485BDE67D38B13F7952145960A9D1

--- --- ---

markusg · 03.10.2010, 12:59

du hast doch true image, machst du damit auch system backups?
dein pc hat noch nie updates etc gesehen, da wäre vllt auch ne lösung ihn zurückzusetzen und dann vernünftig abzusichern.

miri 1 · 03.10.2010, 20:36

Nein, ich denke dass das meine Mutter nicht macht.
Ich glaube, das beim herunterfahren die forhandenen updates nicht installiert werden obwohl die Meldung angezeigt wird.

markusg · 03.10.2010, 20:39

ich würd vorschlagen das mal neu aufzusetzen und dann windows update so einzustellen dass sie automatisch instaliert werden. ich helf dir auch den pc noch n bissel abzusichern.

miri 1 · 03.10.2010, 21:05

heißt neu aufsetzen alles "platt machen"?
ich mach morgen weiter weil ich in die schule muss

markusg · 04.10.2010, 10:40

genau das heißt es

03.10.2010, 10:24	#4
markusg /// Malware-holic	e-mail missbrauch durch trojaner? bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix

03.10.2010, 12:59	#6
markusg /// Malware-holic	e-mail missbrauch durch trojaner? du hast doch true image, machst du damit auch system backups? dein pc hat noch nie updates etc gesehen, da wäre vllt auch ne lösung ihn zurückzusetzen und dann vernünftig abzusichern.

03.10.2010, 20:39	#8
markusg /// Malware-holic	e-mail missbrauch durch trojaner? ich würd vorschlagen das mal neu aufzusetzen und dann windows update so einzustellen dass sie automatisch instaliert werden. ich helf dir auch den pc noch n bissel abzusichern.

04.10.2010, 10:40	#10
markusg /// Malware-holic	e-mail missbrauch durch trojaner? genau das heißt es

e-mail missbrauch durch trojaner?

Log-Analyse und Auswertung: e-mail missbrauch durch trojaner?