| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.04.2011, 23:36
| #16 |
| /// Helfer-Team    |  Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 - berichte erneut über den Zustand des Computers - Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
19.04.2011, 23:56
| #17 |
 | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 Computer zeigt keine Auffälligkeiten, sieht gut aus (denke ich).
__________________Hier die Dateien: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.04.2011 00:41:46 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Boris\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 28,11 Gb Total Space | 11,92 Gb Free Space | 42,40% Space Free | Partition Type: NTFS Drive D: | 88,70 Gb Total Space | 11,65 Gb Free Space | 13,13% Space Free | Partition Type: NTFS Drive E: | 391,04 Gb Total Space | 93,71 Gb Free Space | 23,96% Space Free | Partition Type: NTFS Drive F: | 423,67 Gb Total Space | 31,00 Gb Free Space | 7,32% Space Free | Partition Type: NTFS Computer Name: REVOLTEC | User Name: Boris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - C:\Programme\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software) SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (PCToolsFirewallPlus) -- C:\Programme\PC Tools Firewall Plus\PC Tools Firewall Plus\FWService.exe (PC Tools) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LVUVC) Logitech HD Webcam C510(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (CompFilter) -- C:\WINDOWS\system32\drivers\lvbusflt.sys (Logitech Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools) DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools) DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools) DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools) DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools) DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- D:\Programme\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (cmpci) TerraTec Aureon 5.1 (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (cvspydr2) -- C:\WINDOWS\system32\drivers\cvspydr2.sys (Colorvision Inc) DRV - (cmigameport) -- C:\WINDOWS\system32\drivers\cmigameport.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.01.22 15:04:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2011.04.09 01:27:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4CC6B286-E374-4503-BAF4-EA14EFED32F2}: C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\{4CC6B286-E374-4503-BAF4-EA14EFED32F2} [2011.04.18 18:59:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2011.04.19 22:14:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Programme\Firefox\components [2011.04.05 04:16:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Programme\Firefox\plugins [2011.04.19 22:14:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.03.06 23:45:41 | 000,000,000 | ---D | M] [2010.09.03 23:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions [2010.09.03 23:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.01.19 14:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.04.13 12:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2011.04.19 22:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions [2010.03.18 14:17:44 | 000,000,000 | ---D | M] (Site Launcher) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67} [2010.07.23 09:35:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.01 20:45:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.07 20:37:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.01 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.01.27 07:57:54 | 000,000,000 | ---D | M] (printpdf) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\printpdf@pavlov.net [2011.04.01 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions O1 HOSTS File: ([2011.04.01 07:13:46 | 000,431,014 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14863 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [00PCTFW] C:\Programme\PC Tools Firewall Plus\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [FuzLez WheelsOfVolume] C:\Programme\FuzLez\WheelsOfVolume\WheelsOfVolume.exe () O4 - HKLM..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [LGODDFU] C:\Programme\LG_FWUpdate\fwupdate.exe (BitLeader) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WD Spindown Utility] C:\Programme\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ColorVisionStartup.lnk = D:\Programme\ColorVision\Utility\ColorVisionStartup.exe (ColorVision Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Boris\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DISABLETASKMGR = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263903900107 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291221168625 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.19 12:41:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.27 09:46:28 | 000,000,000 | ---D | M] - L:\Auto CDs -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.20 00:39:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe [2011.04.19 22:24:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\SUPERAntiSpyware.com [2011.04.19 22:24:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2011.04.19 22:24:49 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.04.19 22:17:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Boris\Recent [2011.04.19 22:14:46 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2011.04.19 22:14:35 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.04.19 22:14:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.04.19 22:14:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.04.19 22:14:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.04.19 22:14:35 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011.04.19 22:13:17 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.04.19 08:49:20 | 000,000,000 | ---D | C] -- C:\Avenger [2011.04.18 19:11:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Startmenü\Programme\Windows Recovery [2011.04.18 18:59:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\{4CC6B286-E374-4503-BAF4-EA14EFED32F2} [2011.04.15 11:37:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2011.04.13 13:12:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\NAVIGON [2011.04.13 13:10:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Application Data [2011.04.13 13:10:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NAVIGON [2011.04.13 13:08:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Eigene Dateien\NAVIGON [2011.04.13 12:10:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Eigene Dateien\TomTom [2011.04.13 12:10:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2011.04.13 12:09:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\TomTom [2011.04.13 12:09:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\TomTom [2011.04.13 12:09:42 | 000,000,000 | ---D | C] -- C:\Programme\TomTom International B.V [2011.04.13 12:06:51 | 000,000,000 | ---D | C] -- C:\Programme\TomTom DesktopSuite [2011.04.05 04:05:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox [2011.04.01 09:36:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\aPd16645oMdAc16645 [2011.04.01 06:53:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iEk16601lMbKl16601 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.20 00:39:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe [2011.04.20 00:13:38 | 000,000,333 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2011.04.20 00:13:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.19 23:07:01 | 000,089,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\K800_CIMG2557.JPG [2011.04.19 22:24:51 | 000,001,648 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.04.19 22:14:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.04.19 22:14:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.04.19 22:14:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.04.19 22:14:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.04.19 22:14:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011.04.19 21:50:48 | 000,504,657 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\unhide.exe [2011.04.19 08:46:41 | 000,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\avenger.exe [2011.04.19 00:08:32 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe [2011.04.18 19:13:27 | 000,000,392 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18210612 [2011.04.17 14:20:37 | 000,078,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 14:20:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.04.17 08:55:09 | 000,049,106 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\40562_193597.jpg [2011.04.16 20:34:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.16 16:50:12 | 000,237,871 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\pinguin.jpg [2011.04.15 09:05:27 | 001,907,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.15 07:45:49 | 000,502,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.15 07:45:49 | 000,481,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.15 07:45:49 | 000,095,040 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.15 07:45:49 | 000,079,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.13 13:12:01 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Sync.lnk [2011.04.13 13:10:17 | 000,000,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Fresh.lnk [2011.04.11 22:36:56 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Free M4a to MP3 Converter.lnk [2011.04.05 19:35:23 | 000,368,276 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Onlineabschluss_Easy_Privatstrom_12934019.pdf [2011.04.05 04:16:42 | 000,000,627 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.04.04 16:12:57 | 000,015,197 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\sign_from_god.jpg [2011.04.03 15:57:44 | 000,002,183 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011.04.01 07:13:46 | 000,431,014 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.03.31 06:23:48 | 004,652,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\was-ist-was.pdf [2011.03.29 09:11:43 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.19 23:07:01 | 000,089,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\K800_CIMG2557.JPG [2011.04.19 22:24:51 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.04.19 21:50:50 | 000,504,657 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\unhide.exe [2011.04.19 08:46:43 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\avenger.exe [2011.04.19 00:08:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe [2011.04.18 19:11:21 | 000,000,392 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18210612 [2011.04.17 08:55:04 | 000,049,106 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\40562_193597.jpg [2011.04.16 16:44:02 | 000,237,871 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\pinguin.jpg [2011.04.15 19:12:56 | 001,114,385 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Navigon 6310 Deutsch_manual.pdf [2011.04.13 13:12:01 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Sync.lnk [2011.04.13 13:10:17 | 000,000,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Fresh.lnk [2011.04.11 22:36:56 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Free M4a to MP3 Converter.lnk [2011.04.05 19:35:22 | 000,368,276 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Onlineabschluss_Easy_Privatstrom_12934019.pdf [2011.04.05 04:05:37 | 000,000,627 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.04.04 16:12:56 | 000,015,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\sign_from_god.jpg [2011.03.31 06:23:42 | 004,652,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\was-ist-was.pdf [2011.02.19 19:22:35 | 000,078,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.19 09:48:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2010.11.10 04:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010.10.05 15:04:15 | 000,000,333 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2010.09.30 19:30:07 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.09.23 02:04:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\AlfaBIG32.dll [2010.09.23 02:04:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\AlfaBIG22.dll [2010.09.11 04:26:10 | 000,000,143 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.08 16:57:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini [2010.08.07 13:00:48 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2010.07.27 07:35:53 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2010.07.27 07:35:23 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2010.04.13 08:15:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.03.30 19:55:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.02.24 20:01:23 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\AVSDVDPlayer.m3u [2010.01.28 07:29:46 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2010.01.27 09:13:19 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.01.22 10:13:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe [2010.01.20 22:44:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.01.20 22:44:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.01.20 15:31:58 | 000,000,480 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010.01.19 23:31:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.01.19 19:01:25 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2010.01.19 18:21:24 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010.01.19 14:18:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.01.19 14:15:46 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.01.19 13:26:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010.01.19 13:26:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010.01.19 13:26:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2010.01.19 13:26:22 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.01.19 13:26:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2010.01.19 13:26:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.01.19 12:54:41 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2010.01.19 12:53:41 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll [2010.01.19 12:42:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.01.19 12:40:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.01.19 12:37:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.01.19 12:36:41 | 001,907,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003.04.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003.04.02 14:00:00 | 000,502,352 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2003.04.02 14:00:00 | 000,481,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003.04.02 14:00:00 | 000,095,040 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2003.04.02 14:00:00 | 000,079,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003.04.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003.04.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.02.07 17:54:34 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmigameport.sys [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C31F31E6 @Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0A8E2C33 < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.04.2011 00:41:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Boris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 28,11 Gb Total Space | 11,92 Gb Free Space | 42,40% Space Free | Partition Type: NTFS
Drive D: | 88,70 Gb Total Space | 11,65 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
Drive E: | 391,04 Gb Total Space | 93,71 Gb Free Space | 23,96% Space Free | Partition Type: NTFS
Drive F: | 423,67 Gb Total Space | 31,00 Gb Free Space | 7,32% Space Free | Partition Type: NTFS
Computer Name: REVOLTEC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Programme\dm fotowelt\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm-Fotowelt] -- "D:\Programme\dm fotowelt\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp Lite 5.572\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp Lite 5.572\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp Lite 5.572\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\ICQ 7.0\ICQ7.0\ICQ.exe" = D:\Programme\ICQ 7.0\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"D:\Programme\ICQ 7.0\ICQ7.0\aolload.exe" = D:\Programme\ICQ 7.0\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"H:\fsetup.exe" = H:\fsetup.exe:*:Enabled:AVM FSetup Application
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Logitech\Vid HD\Vid.exe" = C:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"D:\Programme\Skype 5.0\Phone\Skype.exe" = D:\Programme\Skype 5.0\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@icon sushi_is1" = @icon sushi 1.21
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17A87ED9-129A-4516-A3BF-5E513D23C3BB}" = Aureon 5.1 Fun ControlPanel
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22A647A1-E442-7302-3905-DA8C5FDFCAFB}" = Catalyst Control Center Graphics Previews Common
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23768150-5EFE-14A4-CECE-914D03FF18B4}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{292899E7-6B8F-8099-0ACD-71D5F448106D}" = ccc-utility
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}" = ShaunWhiteSnowboarding
"{30A68EDA-53FA-43B5-8007-D18ED1F61659}" = PCWheel
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41B8A39C-E97D-FDE5-3A4A-8E6FA961E94E}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EDD761B-5253-4CD1-A309-9DFEE960E344}" = Logitech Gaming Software 5.09
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{5CA1C102-CFB3-9C8E-2DEF-E98A4B57C8CF}" = Catalyst Control Center InstallProxy
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7FAEAEC0-9E27-492F-AFB9-9D905B2779BE}" = MAGIX Web Designer 6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91031}" = Nero 8 Essentials
"{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.01
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C5CF53-FE88-B20E-CE8C-2B5CAA3ECFD0}" = ATI Catalyst Install Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ant Renamer 2_is1" = Ant Renamer
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS DVD Player_is1" = AVS DVD Player version 2.3
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"conduitEngine" = Conduit Engine
"Content Manager 2" = Content Manager 2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DVD Identifier_is1" = DVD Identifier
"DVDStyler_is1" = DVDStyler v1.7.4-1
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free AVI to FLV Converter 3000_is1" = Free AVI to FLV Converter 3000 ver.1.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Video Dub_is1" = Free Video Dub version 1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"FRITZ!DSL" = AVM FRITZ!DSL
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"Little Shop of Treasures Deluxe" = Little Shop of Treasures Deluxe
"Logitech Vid" = Logitech Vid HD
"MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Mp3tag" = Mp3tag v2.48
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"nik Sharpener Pro 2.0 Complete" = nik Sharpener Pro 2.0 Complete
"NVIDIA Drivers" = NVIDIA Drivers
"Orga-Nicer_is1" = Orga-Nicer v3.0
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"POI FINDER (Becker)_is1" = POI FINDER 3.74 (Becker)
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Spyder2express" = Spyder2express
"TaskMate Pro 1.85" = TaskMate Pro 1.85
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.8
"WheelsOfVolume" = FuzLez WheelsOfVolume
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-8
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Sansa Updater" = Sansa Updater
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.04.2011 00:47:53 | Computer Name = REVOLTEC | Source = ESENT | ID = 490
Description = svchost (1440) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 10.04.2011 01:03:17 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x05269290.
Error - 10.04.2011 01:03:57 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Error - 10.04.2011 10:51:23 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul divxdec.ax, Version 7.1.1.14, Fehleradresse 0x00029290.
Error - 11.04.2011 00:01:29 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x06879290.
Error - 13.04.2011 06:09:44 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:12:46 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:13:38 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 18.04.2011 14:21:24 | Computer Name = REVOLTEC | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1
Error - 18.04.2011 18:35:47 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung x8ycl4ww.exe, Version 1.0.15.15570, fehlgeschlagenes
Modul x8ycl4ww.exe, Version 1.0.15.15570, Fehleradresse 0x0000c676.
[ Application Events ]
Error - 01.04.2011 00:47:53 | Computer Name = REVOLTEC | Source = ESENT | ID = 490
Description = svchost (1440) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 10.04.2011 01:03:17 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x05269290.
Error - 10.04.2011 01:03:57 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Error - 10.04.2011 10:51:23 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul divxdec.ax, Version 7.1.1.14, Fehleradresse 0x00029290.
Error - 11.04.2011 00:01:29 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x06879290.
Error - 13.04.2011 06:09:44 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:12:46 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:13:38 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 18.04.2011 14:21:24 | Computer Name = REVOLTEC | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1
Error - 18.04.2011 18:35:47 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung x8ycl4ww.exe, Version 1.0.15.15570, fehlgeschlagenes
Modul x8ycl4ww.exe, Version 1.0.15.15570, Fehleradresse 0x0000c676.
[ System Events ]
Error - 19.04.2011 16:10:17 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 16:10:17 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 16:19:54 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 16:19:54 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 17:03:07 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 17:03:07 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 17:31:45 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 17:31:45 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 18:13:37 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 18:13:37 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
[ TuneUp Events ]
Error - 01.04.2011 14:43:09 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-01 20:43:09', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','5328',0)
Error - 01.04.2011 14:46:24 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-01 20:46:24', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','3816',0)
Error - 01.04.2011 15:09:05 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-01 21:09:05', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','1200',0)
Error - 02.04.2011 00:47:19 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-02 06:47:19', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','2564',0)
Error - 02.04.2011 07:30:26 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-02 13:30:26', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','3284',0)
Error - 05.04.2011 13:53:50 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-05 19:53:50', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','4268',0)
Error - 17.04.2011 06:19:04 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-17 12:19:04', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','3960',0)
Error - 18.04.2011 12:59:07 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-18 18:59:07', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','744',0)
Error - 18.04.2011 13:02:25 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-18 19:02:25', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','2832',0)
Error - 18.04.2011 17:02:01 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-18 23:02:01', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','2376',0)
< End of report >
[code] |
|
19.04.2011, 23:56
| #18 |
| | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 und wieder doppelt, sorry...
__________________ |
|
19.04.2011, 23:58
| #19 |
| | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 Computer zeigt keine Auffälligkeiten, sieht gut aus (denke ich). Hier die Dateien: OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 20.04.2011 00:41:46 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Boris\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free 5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 28,11 Gb Total Space | 11,92 Gb Free Space | 42,40% Space Free | Partition Type: NTFS Drive D: | 88,70 Gb Total Space | 11,65 Gb Free Space | 13,13% Space Free | Partition Type: NTFS Drive E: | 391,04 Gb Total Space | 93,71 Gb Free Space | 23,96% Space Free | Partition Type: NTFS Drive F: | 423,67 Gb Total Space | 31,00 Gb Free Space | 7,32% Space Free | Partition Type: NTFS Computer Name: REVOLTEC | User Name: Boris | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe (OldTimer Tools) PRC - D:\Programme\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) PRC - C:\WINDOWS\system32\bgsvcgen.exe (B.H.A Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Programme\ATI\ATI.ACE\Core-Static\MOM.exe (Advanced Micro Devices Inc.) PRC - C:\Programme\ATI\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) PRC - C:\Programme\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe (OldTimer Tools) MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (McAfee SiteAdvisor Service) -- c:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (LVPrcSrv) -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\WINDOWS\system32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software) SRV - (bgsvcgen) -- C:\WINDOWS\System32\bgsvcgen.exe (B.H.A Corporation) SRV - (PCToolsFirewallPlus) -- C:\Programme\PC Tools Firewall Plus\PC Tools Firewall Plus\FWService.exe (PC Tools) SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe () SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software) SRV - (IJPLMSVC) -- C:\Programme\Canon\IJPLM\ijplmsvc.exe () SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG) SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (LVUVC) Logitech HD Webcam C510(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.) DRV - (CompFilter) -- C:\WINDOWS\system32\drivers\lvbusflt.sys (Logitech Inc.) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys () DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.) DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (cdrbsdrv) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS (B.H.A Corporation) DRV - (pctplfw) -- C:\WINDOWS\system32\drivers\pctplfw.sys (PC Tools) DRV - (PCTFW-PacketFilter) -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys (PC Tools) DRV - (pctNDIS) -- C:\WINDOWS\system32\drivers\pctNdis.sys (PC Tools) DRV - (PCTFW-DNS) -- C:\WINDOWS\system32\drivers\pctNdis-DNS.sys (PC Tools) DRV - (pctgntdi) -- C:\WINDOWS\system32\drivers\pctgntdi.sys (PC Tools) DRV - (PCTAppEvent) -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys (PC Tools) DRV - ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}) -- D:\Programme\CyberLink\PowerDVD8\000.fcl (CyberLink Corp.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (Samsung Electronics Co., Ltd.) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (cmpci) TerraTec Aureon 5.1 (WDM) -- C:\WINDOWS\system32\drivers\cmaudio.sys (C-Media Inc) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (cvspydr2) -- C:\WINDOWS\system32\drivers\cvspydr2.sys (Colorvision Inc) DRV - (cmigameport) -- C:\WINDOWS\system32\drivers\cmigameport.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Bing IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1 ========== FireFox ========== FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.01.22 15:04:40 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2011.04.09 01:27:10 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{4CC6B286-E374-4503-BAF4-EA14EFED32F2}: C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\{4CC6B286-E374-4503-BAF4-EA14EFED32F2} [2011.04.18 18:59:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2011.04.19 22:14:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: D:\Programme\Firefox\components [2011.04.05 04:16:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: D:\Programme\Firefox\plugins [2011.04.19 22:14:35 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: D:\Programme\Mozilla Thunderbird\components [2011.03.06 23:45:41 | 000,000,000 | ---D | M] [2010.09.03 23:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions [2010.09.03 23:37:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.01.19 14:18:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2011.04.13 12:09:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2011.04.19 22:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions [2010.03.18 14:17:44 | 000,000,000 | ---D | M] (Site Launcher) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{20291fcc-1471-46c8-8213-5911f5ce6d67} [2010.07.23 09:35:09 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.01 20:45:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.04.07 20:37:14 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.04.01 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.01.27 07:57:54 | 000,000,000 | ---D | M] (printpdf) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\printpdf@pavlov.net [2011.04.01 20:45:19 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\Mozilla\Firefox\Profiles\kj7umdod.default\extensions\{dc572301-7619-498c-a57d-39143191b318}\modules\extensions O1 HOSTS File: ([2011.04.01 07:13:46 | 000,431,014 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 007guard.com - 007guard and Free Antivirus O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf! O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14863 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVD0.dll (Conduit Ltd.) O4 - HKLM..\Run: [00PCTFW] C:\Programme\PC Tools Firewall Plus\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [FuzLez WheelsOfVolume] C:\Programme\FuzLez\WheelsOfVolume\WheelsOfVolume.exe () O4 - HKLM..\Run: [IntelliPoint] C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [LGODDFU] C:\Programme\LG_FWUpdate\fwupdate.exe (BitLeader) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WD Spindown Utility] C:\Programme\Western Digital Technologies\Spindown\ExSpinDn.exe (Western Digital Technologies, Inc.) O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation) O4 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ColorVisionStartup.lnk = D:\Programme\ColorVision\Utility\ColorVisionStartup.exe (ColorVision Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = D:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Boris\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DISABLETASKMGR = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsMenu = 1 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - D:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-1708537768-1645522239-839522115-1004\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1263903900107 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1291221168625 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.01.19 12:41:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.08.27 09:46:28 | 000,000,000 | ---D | M] - L:\Auto CDs -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.20 00:39:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe [2011.04.19 22:24:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\SUPERAntiSpyware.com [2011.04.19 22:24:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SUPERAntiSpyware.com [2011.04.19 22:24:49 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware [2011.04.19 22:17:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Boris\Recent [2011.04.19 22:14:46 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2011.04.19 22:14:35 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.04.19 22:14:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.04.19 22:14:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.04.19 22:14:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.04.19 22:14:35 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011.04.19 22:13:17 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.04.19 08:49:20 | 000,000,000 | ---D | C] -- C:\Avenger [2011.04.18 19:11:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Startmenü\Programme\Windows Recovery [2011.04.18 18:59:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\{4CC6B286-E374-4503-BAF4-EA14EFED32F2} [2011.04.15 11:37:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2011.04.13 13:12:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\NAVIGON [2011.04.13 13:10:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Application Data [2011.04.13 13:10:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NAVIGON [2011.04.13 13:08:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Eigene Dateien\NAVIGON [2011.04.13 12:10:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Eigene Dateien\TomTom [2011.04.13 12:10:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2011.04.13 12:09:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\TomTom [2011.04.13 12:09:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\TomTom [2011.04.13 12:09:42 | 000,000,000 | ---D | C] -- C:\Programme\TomTom International B.V [2011.04.13 12:06:51 | 000,000,000 | ---D | C] -- C:\Programme\TomTom DesktopSuite [2011.04.05 04:05:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox [2011.04.01 09:36:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\aPd16645oMdAc16645 [2011.04.01 06:53:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\iEk16601lMbKl16601 [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.20 00:39:34 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Boris\Desktop\OTL.exe [2011.04.20 00:13:38 | 000,000,333 | ---- | M] () -- C:\WINDOWS\lgfwup.ini [2011.04.20 00:13:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.19 23:07:01 | 000,089,366 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\K800_CIMG2557.JPG [2011.04.19 22:24:51 | 000,001,648 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.04.19 22:14:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2011.04.19 22:14:23 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2011.04.19 22:14:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2011.04.19 22:14:23 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2011.04.19 22:14:23 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2011.04.19 21:50:48 | 000,504,657 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\unhide.exe [2011.04.19 08:46:41 | 000,731,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\avenger.exe [2011.04.19 00:08:32 | 000,089,088 | ---- | M] () -- C:\WINDOWS\System32\mbr.exe [2011.04.18 19:13:27 | 000,000,392 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18210612 [2011.04.17 14:20:37 | 000,078,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 14:20:37 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.04.17 08:55:09 | 000,049,106 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\40562_193597.jpg [2011.04.16 20:34:54 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.16 16:50:12 | 000,237,871 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\pinguin.jpg [2011.04.15 09:05:27 | 001,907,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.15 07:45:49 | 000,502,352 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.15 07:45:49 | 000,481,004 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.15 07:45:49 | 000,095,040 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.15 07:45:49 | 000,079,268 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.13 13:12:01 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Sync.lnk [2011.04.13 13:10:17 | 000,000,807 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Fresh.lnk [2011.04.11 22:36:56 | 000,000,704 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Free M4a to MP3 Converter.lnk [2011.04.05 19:35:23 | 000,368,276 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Onlineabschluss_Easy_Privatstrom_12934019.pdf [2011.04.05 04:16:42 | 000,000,627 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.04.04 16:12:57 | 000,015,197 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\sign_from_god.jpg [2011.04.03 15:57:44 | 000,002,183 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk [2011.04.01 07:13:46 | 000,431,014 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2011.03.31 06:23:48 | 004,652,960 | ---- | M] () -- C:\Dokumente und Einstellungen\Boris\Desktop\was-ist-was.pdf [2011.03.29 09:11:43 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp files -> C:\Dokumente und Einstellungen\Boris\Eigene Dateien\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.19 23:07:01 | 000,089,366 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\K800_CIMG2557.JPG [2011.04.19 22:24:51 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2011.04.19 21:50:50 | 000,504,657 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\unhide.exe [2011.04.19 08:46:43 | 000,731,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\avenger.exe [2011.04.19 00:08:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\mbr.exe [2011.04.18 19:11:21 | 000,000,392 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18210612 [2011.04.17 08:55:04 | 000,049,106 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\40562_193597.jpg [2011.04.16 16:44:02 | 000,237,871 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\pinguin.jpg [2011.04.15 19:12:56 | 001,114,385 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Navigon 6310 Deutsch_manual.pdf [2011.04.13 13:12:01 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Sync.lnk [2011.04.13 13:10:17 | 000,000,807 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\NAVIGON Fresh.lnk [2011.04.11 22:36:56 | 000,000,704 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Free M4a to MP3 Converter.lnk [2011.04.05 19:35:22 | 000,368,276 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\Onlineabschluss_Easy_Privatstrom_12934019.pdf [2011.04.05 04:05:37 | 000,000,627 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.04.04 16:12:56 | 000,015,197 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\sign_from_god.jpg [2011.03.31 06:23:42 | 004,652,960 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Desktop\was-ist-was.pdf [2011.02.19 19:22:35 | 000,078,336 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.01.19 09:48:17 | 000,000,552 | ---- | C] () -- C:\WINDOWS\wiso.ini [2010.11.10 04:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2010.11.10 04:45:30 | 010,871,128 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2010.11.10 04:45:20 | 000,316,248 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2010.11.10 04:31:42 | 000,026,286 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2010.10.05 15:04:15 | 000,000,333 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2010.09.30 19:30:07 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.09.23 02:04:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\AlfaBIG32.dll [2010.09.23 02:04:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\AlfaBIG22.dll [2010.09.11 04:26:10 | 000,000,143 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010.09.08 16:57:13 | 000,000,109 | ---- | C] () -- C:\WINDOWS\disney.ini [2010.08.07 13:00:48 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2010.07.27 07:35:53 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2010.07.27 07:35:23 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2010.05.07 19:46:36 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2010.05.07 19:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2010.04.13 08:15:24 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.03.30 19:55:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2010.02.24 20:01:23 | 000,000,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Boris\Anwendungsdaten\AVSDVDPlayer.m3u [2010.01.28 07:29:46 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2010.01.27 09:13:19 | 000,000,040 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.01.22 10:13:32 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe [2010.01.20 22:44:03 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.01.20 22:44:03 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.01.20 15:31:58 | 000,000,480 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010.01.19 23:31:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2010.01.19 19:01:25 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini [2010.01.19 18:21:24 | 000,001,732 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010.01.19 14:18:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.01.19 14:15:46 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.01.19 13:26:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2010.01.19 13:26:22 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2010.01.19 13:26:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2010.01.19 13:26:22 | 000,219,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2010.01.19 13:26:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2010.01.19 13:26:22 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2010.01.19 12:54:41 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2010.01.19 12:53:41 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\ssp2ml3.dll [2010.01.19 12:42:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.01.19 12:40:14 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.01.19 12:37:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.01.19 12:36:41 | 001,907,120 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.06.19 20:06:22 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2009.06.19 20:06:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003.04.02 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2003.04.02 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2003.04.02 14:00:00 | 000,502,352 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2003.04.02 14:00:00 | 000,481,004 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2003.04.02 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2003.04.02 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2003.04.02 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2003.04.02 14:00:00 | 000,095,040 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2003.04.02 14:00:00 | 000,079,268 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2003.04.02 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2003.04.02 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2003.04.02 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2003.04.02 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2003.04.02 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2003.04.02 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2002.02.07 17:54:34 | 000,003,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmigameport.sys [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C31F31E6 @Alternate Data Stream - 118 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0A8E2C33 < End of report > Extras.txt: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.04.2011 00:41:47 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Boris\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 28,11 Gb Total Space | 11,92 Gb Free Space | 42,40% Space Free | Partition Type: NTFS
Drive D: | 88,70 Gb Total Space | 11,65 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
Drive E: | 391,04 Gb Total Space | 93,71 Gb Free Space | 23,96% Space Free | Partition Type: NTFS
Drive F: | 423,67 Gb Total Space | 31,00 Gb Free Space | 7,32% Space Free | Partition Type: NTFS
Computer Name: REVOLTEC | User Name: Boris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Programme\dm fotowelt\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm-Fotowelt] -- "D:\Programme\dm fotowelt\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC Media Player\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp Lite 5.572\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp Lite 5.572\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp Lite 5.572\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Programme\ICQ 7.0\ICQ7.0\ICQ.exe" = D:\Programme\ICQ 7.0\ICQ7.0\ICQ.exe:*:Enabled:ICQ7
"D:\Programme\ICQ 7.0\ICQ7.0\aolload.exe" = D:\Programme\ICQ 7.0\ICQ7.0\aolload.exe:*:Enabled:aolload.exe
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"H:\fsetup.exe" = H:\fsetup.exe:*:Enabled:AVM FSetup Application
"D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Programme\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"D:\Programme\ICQ7.2\ICQ.exe" = D:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"D:\Programme\ICQ7.2\aolload.exe" = D:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Logitech\Vid HD\Vid.exe" = C:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"D:\Programme\Skype 5.0\Phone\Skype.exe" = D:\Programme\Skype 5.0\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@icon sushi_is1" = @icon sushi 1.21
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP2700_series" = Canon iP2700 series Printer Driver
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{17A87ED9-129A-4516-A3BF-5E513D23C3BB}" = Aureon 5.1 Fun ControlPanel
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22A647A1-E442-7302-3905-DA8C5FDFCAFB}" = Catalyst Control Center Graphics Previews Common
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23768150-5EFE-14A4-CECE-914D03FF18B4}" = CCC Help English
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{292899E7-6B8F-8099-0ACD-71D5F448106D}" = ccc-utility
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E52FB79-7F60-4AD7-B946-5ED18B4F274E}" = ShaunWhiteSnowboarding
"{30A68EDA-53FA-43B5-8007-D18ED1F61659}" = PCWheel
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41B8A39C-E97D-FDE5-3A4A-8E6FA961E94E}" = ccc-core-static
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EDD761B-5253-4CD1-A309-9DFEE960E344}" = Logitech Gaming Software 5.09
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57B89E30-0BBA-4F20-9F2C-8E8CDE1CEDB6}" = DiRT
"{5CA1C102-CFB3-9C8E-2DEF-E98A4B57C8CF}" = Catalyst Control Center InstallProxy
"{5DB65884-C963-4454-AABA-4CA3089281FA}" = NVIDIA PhysX
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7FAEAEC0-9E27-492F-AFB9-9D905B2779BE}" = MAGIX Web Designer 6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A5CCD0C8-6D5E-4515-BDD7-2A22D5D91031}" = Nero 8 Essentials
"{A7BF5297-3E74-11D5-B00F-00104B398D77}" = QuarkXPress Passport 5.01
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7793EE8-F666-4E6B-9827-76468679480E}" = Tweakui Powertoy for Windows XP
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E3723A04-A894-4036-A78E-282E18F43C0A}_is1" = Tinypic 3.14
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0C5CF53-FE88-B20E-CE8C-2B5CAA3ECFD0}" = ATI Catalyst Install Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"7-Zip" = 7-Zip 4.65
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Ant Renamer 2_is1" = Ant Renamer
"Audacity_is1" = Audacity 1.2.6
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"AVS DVD Player_is1" = AVS DVD Player version 2.3
"Canon iP2700 series Benutzerregistrierung" = Canon iP2700 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Color Efex Pro 3.0 Complete" = Color Efex Pro 3.0 Complete
"conduitEngine" = Conduit Engine
"Content Manager 2" = Content Manager 2
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"dm-Fotowelt" = dm-Fotowelt
"DVD Identifier_is1" = DVD Identifier
"DVDStyler_is1" = DVDStyler v1.7.4-1
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free AVI to FLV Converter 3000_is1" = Free AVI to FLV Converter 3000 ver.1.0.0
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.2
"Free Video Dub_is1" = Free Video Dub version 1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"FRITZ!DSL" = AVM FRITZ!DSL
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"IrfanView" = IrfanView (remove only)
"Little Shop of Treasures Deluxe" = Little Shop of Treasures Deluxe
"Logitech Vid" = Logitech Vid HD
"MAGIX_MSI_Web_Designer_6" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.27
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Mp3tag" = Mp3tag v2.48
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NAVIGON Sync" = NAVIGON Sync 2.0.0
"Neat Image_is1" = Neat Image v6 Demo (with plug-in)
"nik Sharpener Pro 2.0 Complete" = nik Sharpener Pro 2.0 Complete
"NVIDIA Drivers" = NVIDIA Drivers
"Orga-Nicer_is1" = Orga-Nicer v3.0
"PC Tools Firewall Plus" = PC Tools Firewall Plus 6.0
"POI FINDER (Becker)_is1" = POI FINDER 3.74 (Becker)
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"Spyder2express" = Spyder2express
"TaskMate Pro 1.85" = TaskMate Pro 1.85
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.8
"WheelsOfVolume" = FuzLez WheelsOfVolume
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-8
"Xvid_is1" = Xvid 1.2.2 final uninstall
"ZoomPlayer" = Zoom Player (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1708537768-1645522239-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"Sansa Updater" = Sansa Updater
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 01.04.2011 00:47:53 | Computer Name = REVOLTEC | Source = ESENT | ID = 490
Description = svchost (1440) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 10.04.2011 01:03:17 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x05269290.
Error - 10.04.2011 01:03:57 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Error - 10.04.2011 10:51:23 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul divxdec.ax, Version 7.1.1.14, Fehleradresse 0x00029290.
Error - 11.04.2011 00:01:29 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x06879290.
Error - 13.04.2011 06:09:44 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:12:46 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:13:38 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 18.04.2011 14:21:24 | Computer Name = REVOLTEC | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1
Error - 18.04.2011 18:35:47 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung x8ycl4ww.exe, Version 1.0.15.15570, fehlgeschlagenes
Modul x8ycl4ww.exe, Version 1.0.15.15570, Fehleradresse 0x0000c676.
[ Application Events ]
Error - 01.04.2011 00:47:53 | Computer Name = REVOLTEC | Source = ESENT | ID = 490
Description = svchost (1440) Versuch, Datei "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der
Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet
wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error - 10.04.2011 01:03:17 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x05269290.
Error - 10.04.2011 01:03:57 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung drwtsn32.exe, Version 5.1.2600.0, fehlgeschlagenes
Modul dbghelp.dll, Version 5.1.2600.5512, Fehleradresse 0x0001295d.
Error - 10.04.2011 10:51:23 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul divxdec.ax, Version 7.1.1.14, Fehleradresse 0x00029290.
Error - 11.04.2011 00:01:29 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x06879290.
Error - 13.04.2011 06:09:44 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:12:46 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 13.04.2011 06:13:38 | Computer Name = REVOLTEC | Source = TomTomHOMEService | ID = 10000
Description =
Error - 18.04.2011 14:21:24 | Computer Name = REVOLTEC | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1
Error - 18.04.2011 18:35:47 | Computer Name = REVOLTEC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung x8ycl4ww.exe, Version 1.0.15.15570, fehlgeschlagenes
Modul x8ycl4ww.exe, Version 1.0.15.15570, Fehleradresse 0x0000c676.
[ System Events ]
Error - 19.04.2011 16:10:17 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 16:10:17 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 16:19:54 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 16:19:54 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 17:03:07 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 17:03:07 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 17:31:45 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 17:31:45 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.04.2011 18:13:37 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 19.04.2011 18:13:37 | Computer Name = REVOLTEC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
[ TuneUp Events ]
Error - 01.04.2011 14:43:09 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-01 20:43:09', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','5328',0)
Error - 01.04.2011 14:46:24 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-01 20:46:24', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','3816',0)
Error - 01.04.2011 15:09:05 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-01 21:09:05', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','1200',0)
Error - 02.04.2011 00:47:19 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-02 06:47:19', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','2564',0)
Error - 02.04.2011 07:30:26 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-02 13:30:26', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','3284',0)
Error - 05.04.2011 13:53:50 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-05 19:53:50', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','4268',0)
Error - 17.04.2011 06:19:04 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-17 12:19:04', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','3960',0)
Error - 18.04.2011 12:59:07 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-18 18:59:07', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','744',0)
Error - 18.04.2011 13:02:25 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-18 19:02:25', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','2832',0)
Error - 18.04.2011 17:02:01 | Computer Name = REVOLTEC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-18 23:02:01', '\device\harddiskvolume4\programme\malwarebytes\malwarebytes'
anti-malware\mbam.exe','2376',0)
< End of report >
[code] |
|
20.04.2011, 06:57
| #20 |
| | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 Vielleicht von Bedeutung: Malwarebytes ließ sich gerade problemlos updaten, das funktionierte gestern noch nicht. |
|
20.04.2011, 09:25
| #21 |
| /// Helfer-Team | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 mache bitte einen Scan: ** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
__________________ --> Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 |
|
20.04.2011, 11:11
| #22 |
| | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 so, getan: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6404
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20.04.2011 12:11:29
mbam-log-2011-04-20 (12-11-29).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 402193
Laufzeit: 1 Stunde(n), 33 Minute(n), 8 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Das Programm verlangt einen Neustart, den führ ich nun mal durch und lass Malwarebytes nochmal drüber laufen. Nein, halt, ich warte auf weitere Anweisung, aber den Neustart muss ich ja machen. Geändert von Alan (20.04.2011 um 11:12 Uhr) Grund: Zusatz |
|
20.04.2011, 12:15
| #23 |
| /// Helfer-Team | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 Kontrollscan mit Eset/NOD32: - "Link:-> ESET Online Scanner >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<< Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen. Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum -> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch - folgendes bitte anhaken > "Remove found threads" und "Scan archives" - die Scanergebnis als *.txt Dateien speichern) - meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt" Vor dem Scan Einstellungen im Internet Explorer: - "Extras→ Internetoptionen→ Sicherheit": - alles auf Standardstufe stellen - Active X erlauben - um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen ► Hast du jetzt noch irgendwelche Probleme?
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
20.04.2011, 22:22
| #24 |
| | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 Hmm, schaut wohl gut aus, oder? Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=00987b2229f1ff4fa12d2e1b2032fa25
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-20 09:08:07
# local_time=2011-04-20 11:08:07 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 93 472898 39860825 38393 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 139 139 0 0
# scanned=402159
# found=0
# cleaned=0
# scan_time=9720
|
|
20.04.2011, 23:09
| #25 | ||
| /// Helfer-Team | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 1. Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf: Code:
ATTFilter HijackThis/Trend Micro
filelist.bat
CCleaner
2. Zitat:
Ändere deine Passworte und Zugangsdaten! - von einem sauberen System aus - Alle Passwörter, die auf dem kompromittierten System verwendet wurden (also z.B. Login-, Mail- oder Website-Passwörter, aber auch die PIN für das Online-Banking) sofort ändern (► am besten von einem anderen, nicht-infizierten Rechner aus! ) Tipps: Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern) auch noch hier unter: Sicheres Kennwort (Password) Lesestoff Nr.1:
** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !! Zitat:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:
__________________ Warnung!: Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein! Anhang nicht öffnen, in unserem Forum erst nachfragen! Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten! Bitte diese Warnung weitergeben, wo Du nur kannst! |
|
20.04.2011, 23:42
| #26 |
| | Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 1000 Dank für die Hilfe! :-) |
|
| Themen zu Probleme nach Benutzung von Malwarebytes, Antivir-Fund: TR/Kazy.mekml.1 |
| antivir, booten, desktop, einstellungen, entfernen, festplatte, gen, hilfe!, laptop, malwarebytes, nichts, pferd, platte, probleme, quarantäne, recovery, surfen, trojaner, trojanische, trojanische pferd, verschieben, windows, windows xp, zugriff |
Linear-Darstellung
