Hallo,

mich hat nach Aussage AntiVir der TR/Kazy.mekml.1 erwischt.

Symptome wie hier im Board bereits dargestellt:
- schwarzer Bildschirm
- Dateien/Ordner versteckt
- Warnung, dass Festplatte beschädigt sei etc.

Der Scan mit Anti-Malware führt aktuell 12 befallene Dateien auf (s. Logfile).

Ich komme hier alleine nicht weiter. Bin für jede Hilfe sehr dankbar.

Gruß,
Rüdiger

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Versuche, mit ComboFix witer zu kommen blieben leider (auch im abgesicherten Modus und gem. Leitfaden) erfolglos:

ComboFix wird vorbereitet...
Systemfile is infected !! Attempting to restore "regedit.exe"

danach:

Suche nach infizierten Dateien...

Kurze Aktivität, danach hängt sich Rechner auf.

ok.
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

OTLOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 28.04.2011 20:48:52 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Rüdiger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
989,00 Mb Total Physical Memory | 544,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 91,60 Gb Total Space | 32,45 Gb Free Space | 35,43% Space Free | Partition Type: NTFS
 
Computer Name: MACBOOK | User Name: Rüdiger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Rüdiger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\WINDOWS\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Programme\XSManager\XSManager.exe (WebToGo Mobiles Internet GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\AppleOSSMgr.exe ()
PRC - C:\WINDOWS\system32\AppleTimeSrv.exe (Apple Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Rüdiger\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (winvnc) --  File not found
SRV - (MySql) --  File not found
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (vpnagent) -- C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Cisco Systems, Inc.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FlipShare Service) -- C:\Programme\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (XS Stick Service) -- C:\WINDOWS\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (AppleOSSMgr) -- C:\WINDOWS\system32\AppleOSSMgr.exe ()
SRV - (AppleTimeSrv) -- C:\WINDOWS\system32\AppleTimeSrv.exe (Apple Inc.)
SRV - (Capture Device Service) -- C:\Programme\Gemeinsame Dateien\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (vpnva) -- C:\WINDOWS\system32\drivers\vpnva.sys (Cisco Systems, Inc.)
DRV - (acsmux) -- C:\WINDOWS\system32\drivers\acsmux.sys (Cisco Systems, Inc.)
DRV - (acsint) -- C:\WINDOWS\system32\drivers\acsint.sys (Cisco Systems, Inc.)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (cmnsusbser) -- C:\WINDOWS\system32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (MacHALDriver) -- C:\WINDOWS\system32\drivers\MacHALDriver.sys (Apple Inc.)
DRV - (KeyAgent) -- C:\WINDOWS\system32\drivers\KeyAgent.sys (Apple Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corp.)
DRV - (iSightUpdate) -- C:\WINDOWS\system32\drivers\iSightUP.sys (Apple Inc.)
DRV - (DevUpper) -- C:\WINDOWS\system32\drivers\iSightFT.sys (Apple Inc.)
DRV - (aapltp) -- C:\WINDOWS\system32\drivers\aapltp.sys (Apple Inc.)
DRV - (aapltctp) -- C:\WINDOWS\system32\drivers\aapltctp.sys (Apple Inc.)
DRV - (IRRemoteFlt) -- C:\WINDOWS\system32\drivers\IRFilter.sys (Apple Inc.)
DRV - (KeyMagic) -- C:\WINDOWS\system32\drivers\KeyMagic.sys (Apple Inc.)
DRV - (applebt) -- C:\WINDOWS\system32\drivers\applebt.sys (Apple Inc.)
DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (NWUSBPort) -- C:\WINDOWS\system32\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV - (NWUSBModem) -- C:\WINDOWS\system32\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (BthKicker) -- C:\WINDOWS\system32\drivers\BthKicker.sys (Apple Inc.)
DRV - (FWLANUSB) -- C:\WINDOWS\system32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (vncdrv) -- C:\WINDOWS\system32\drivers\vncdrv.sys (RDV Soft)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SPIEGEL ONLINE - Nachrichten
IE - HKU\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-789336058-1085031214-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2011.04.24 07:56:51 | 000,432,836 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	007guard.com - 007guard and Free Antivirus
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	Avast | Cash Advance | Debt Consolidation | Insurance | Free Credit Report at 0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com - Informationen zum Thema Sex links. Diese Website steht zum Verkauf!
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 14895 more lines...
O2 - BHO: (CmjBrowserHelperObject Object) - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKU\S-1-5-21-789336058-1085031214-725345543-1003\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: An Mindjet MindManager senden - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Programme\Mindjet\MindManager 7\Mm7InternetExplorer.dll (Mindjet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://webvpn.fernuni-hagen.de/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect Secure Mobility Client Web Control)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/RDIGER~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.20 19:13:20 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{348e2bd8-9982-11df-bbca-001f5b7a47bf}\Shell\AutoRun\command - "" = E:\Orga-Nicer\onicer_usb.exe
O33 - MountPoints2\{4d96c071-3fc7-11dd-b725-aa8b3349ed6b}\Shell - "" = AutoRun
O33 - MountPoints2\{4d96c071-3fc7-11dd-b725-aa8b3349ed6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d96c071-3fc7-11dd-b725-aa8b3349ed6b}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Windows Search.lnk - C:\Programme\Windows Desktop Search\WindowsSearch.exe - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Rüdiger^Startmenü^Programme^Autostart^WinMySQLadmin.lnk -  - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Alcmtr - hkey= - key= - C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: AnyConnect SMC - hkey= - key= - C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
MsConfig - StartUpReg: Apple_KbdMgr - hkey= - key= - C:\Programme\Boot Camp\KbdMgr.exe (Apple Inc.)
MsConfig - StartUpReg: AVMWlanClient - hkey= - key= - C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH)
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: CTFMON.EXE - hkey= - key= -  File not found
MsConfig - StartUpReg: FreePDF Assistant - hkey= - key= - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= -  File not found
MsConfig - StartUpReg: IgfxTray - hkey= - key= -  File not found
MsConfig - StartUpReg: IRW - hkey= - key= -  File not found
MsConfig - StartUpReg: ISUSPM - hkey= - key= - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: MMReminderService - hkey= - key= - C:\Programme\Mindjet\MindManager 7\MmReminderService.exe (Mindjet)
MsConfig - StartUpReg: pdfSaver3 - hkey= - key= -  File not found
MsConfig - StartUpReg: Persistence - hkey= - key= -  File not found
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: starter4g - hkey= - key= - C:\WINDOWS\starter4g.exe (4G Systems GmbH & Co. KG)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
 
%SYSTEMROOT%\SYSTEM32\*.DLL /LOCKEDFILES CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.28 20:32:46 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\OTL.exe
[2011.04.28 00:30:51 | 000,000,000 | --SD | C] -- C:\CF
[2011.04.28 00:23:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011.04.26 20:20:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.04.26 20:06:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.04.26 20:06:23 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.04.26 20:06:23 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.04.26 20:06:23 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.04.26 20:06:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.04.26 20:05:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.24 08:11:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rüdiger\Eigene Dateien\Sicherung Registry
[2011.04.24 02:57:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Rüdiger\Recent
[2011.04.24 00:51:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Malwarebytes
[2011.04.24 00:49:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.04.24 00:49:25 | 000,000,000 | -H-D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.24 00:27:57 | 000,000,000 | -H-D | C] -- C:\Programme\Spybot - Search & Destroy
[2011.04.24 00:27:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011.04.23 22:15:26 | 016,409,960 | -H-- | C] (Safer Networking Limited                                    ) -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\spybotsd162.exe
[2011.04.23 22:15:23 | 007,734,208 | -H-- | C] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\mbam-setup-1.50.1.1100.exe
[2011.04.23 22:15:17 | 003,050,664 | -H-- | C] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\ccsetup305_1409.exe
[2011.04.23 13:49:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2011.04.21 22:11:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\DCIM
[2011.04.19 21:53:01 | 000,046,480 | RH-- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\acsmux.sys
[2011.04.19 21:52:46 | 000,036,624 | RH-- | C] (Cisco Systems, Inc.) -- C:\WINDOWS\System32\drivers\acsint.sys
[2011.04.19 21:51:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cisco
[2011.04.19 21:51:27 | 000,000,000 | -H-D | C] -- C:\Programme\Cisco
[2011.04.19 21:51:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Rüdiger\Lokale Einstellungen\Anwendungsdaten\Cisco
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.28 20:44:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2DF2D3BA-99B5-4ACA-92FE-1DD7F2969576}.job
[2011.04.28 20:32:45 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\OTL.exe
[2011.04.28 20:29:03 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.28 20:29:00 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.28 19:51:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.04.28 19:44:10 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.04.28 19:42:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.04.27 20:03:42 | 001,510,173 | ---- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Hartz IV.jpg
[2011.04.26 20:02:50 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.26 19:49:55 | 004,330,188 | R--- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\CF.exe
[2011.04.26 10:47:03 | 000,504,657 | ---- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\unhide.exe
[2011.04.26 10:05:48 | 001,580,928 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.25 07:06:10 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Verknüpfung mit Internet Explorer.lnk
[2011.04.24 10:41:41 | 000,000,726 | ---- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Verknüpfung mit OUTLOOK.lnk
[2011.04.24 07:56:51 | 000,432,836 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.04.24 07:50:42 | 000,000,299 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011.04.24 00:19:18 | 000,000,136 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r
[2011.04.24 00:19:18 | 000,000,120 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292
[2011.04.23 23:55:22 | 000,004,096 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\._ccsetup305_1409.exe
[2011.04.23 14:08:53 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.04.21 23:06:13 | 000,041,984 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.21 13:36:49 | 000,062,800 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\fahrplan-winter fruehjahr[1].pdf
[2011.04.16 18:00:36 | 000,478,288 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.04.16 18:00:36 | 000,436,504 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.04.16 18:00:36 | 000,069,118 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.04.16 18:00:35 | 000,091,750 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.04.15 08:39:29 | 000,005,107 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\kmw-simulator.jpg
[2011.04.13 13:20:02 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011.04.11 06:16:51 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.04.10 22:24:34 | 000,039,731 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\2011-04-05_GS.pdf
[2011.04.10 22:01:18 | 000,055,112 | -H-- | M] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\metternichhaus.pdf
[2011.04.05 10:46:36 | 003,050,664 | -H-- | M] (Piriform Ltd) -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\ccsetup305_1409.exe
[2011.03.31 10:56:28 | 007,734,208 | -H-- | M] (Malwarebytes Corporation                                    ) -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\mbam-setup-1.50.1.1100.exe
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.27 20:03:42 | 001,510,173 | ---- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Hartz IV.jpg
[2011.04.26 20:20:43 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.04.26 20:20:40 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2011.04.26 20:06:23 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.04.26 20:06:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.04.26 20:06:23 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.04.26 20:06:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.04.26 20:06:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.04.26 19:49:55 | 004,330,188 | R--- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\CF.exe
[2011.04.26 10:47:00 | 000,504,657 | ---- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\unhide.exe
[2011.04.25 07:06:10 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Verknüpfung mit Internet Explorer.lnk
[2011.04.24 10:41:41 | 000,000,726 | ---- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Verknüpfung mit OUTLOOK.lnk
[2011.04.24 07:50:41 | 000,000,299 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011.04.24 00:19:18 | 000,000,136 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292r
[2011.04.24 00:19:18 | 000,000,120 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~18538292
[2011.04.23 22:15:01 | 000,004,096 | -H-- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\._ccsetup305_1409.exe
[2011.04.23 14:08:53 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\18538292
[2011.04.21 13:36:49 | 000,062,800 | -H-- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\fahrplan-winter fruehjahr[1].pdf
[2011.04.15 19:20:21 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk
[2011.04.15 08:40:04 | 000,005,107 | -H-- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\kmw-simulator.jpg
[2011.04.11 00:53:39 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.04.10 22:24:34 | 000,039,731 | -H-- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\2011-04-05_GS.pdf
[2011.04.10 22:01:17 | 000,055,112 | -H-- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\metternichhaus.pdf
[2011.03.04 22:54:30 | 000,209,784 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011.03.01 14:55:08 | 000,110,592 | -H-- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2011.03.01 14:55:08 | 000,036,640 | -H-- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2011.01.29 18:00:24 | 000,030,568 | -H-- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011.01.29 18:00:22 | 000,974,848 | -H-- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.01.29 18:00:22 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.01.29 18:00:22 | 000,065,536 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.01.29 18:00:22 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.12.15 13:45:29 | 000,010,240 | -H-- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.08.29 00:44:07 | 000,045,843 | -H-- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.06.20 03:09:46 | 000,210,456 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.06.20 03:09:46 | 000,206,360 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.06.20 03:09:46 | 000,198,168 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.06.20 03:09:46 | 000,198,168 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.06.20 03:09:46 | 000,194,072 | -H-- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.06.20 03:09:46 | 000,026,136 | -H-- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.05.17 14:54:49 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.05.17 14:54:49 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.05.15 15:04:09 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.08.24 21:09:09 | 000,281,760 | -H-- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.08.24 21:09:07 | 000,025,888 | -H-- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.04.26 10:36:16 | 000,000,523 | -H-- | C] () -- C:\WINDOWS\my.ini
[2008.12.10 22:24:27 | 001,843,784 | -H-- | C] () -- C:\WINDOWS\System32\igklg400.dll
[2008.12.10 22:24:27 | 001,399,880 | -H-- | C] () -- C:\WINDOWS\System32\igklg450.dll
[2008.12.10 22:24:27 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4897.dll
[2008.12.10 22:24:27 | 000,104,636 | -H-- | C] () -- C:\WINDOWS\System32\igmedcompkrn.dll
[2008.11.07 18:48:10 | 000,000,025 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.09.17 23:10:18 | 000,026,624 | -H-- | C] () -- C:\WINDOWS\GetIe.dll
[2008.08.14 21:05:25 | 002,463,976 | -H-- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008.08.12 17:23:14 | 000,066,560 | -H-- | C] () -- C:\WINDOWS\MOTA113.exe
[2008.08.12 17:23:14 | 000,027,648 | -H-- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.08.12 17:23:13 | 000,502,784 | -H-- | C] () -- C:\WINDOWS\x2.64.exe
[2008.08.12 17:23:13 | 000,240,128 | -H-- | C] () -- C:\WINDOWS\System32\x.264.exe
[2008.08.12 17:23:13 | 000,217,073 | -H-- | C] () -- C:\WINDOWS\meta4.exe
[2008.07.18 11:34:57 | 000,041,984 | -H-- | C] () -- C:\Dokumente und Einstellungen\Rüdiger\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.07.13 10:04:51 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.07.13 10:02:48 | 000,204,800 | RH-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4833.dll
[2008.07.13 10:02:47 | 000,910,464 | RH-- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.06.21 21:27:34 | 000,097,312 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2008.06.20 19:16:02 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.06.20 19:10:10 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.06.19 21:58:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.06.19 21:56:52 | 001,580,928 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.26 23:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 23:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 23:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.15 17:44:30 | 000,132,400 | -H-- | C] () -- C:\WINDOWS\System32\AppleOSSMgr.exe
[2008.02.19 08:33:34 | 000,446,352 | -H-- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2004.08.04 14:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 14:00:00 | 000,478,288 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 14:00:00 | 000,436,504 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 14:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 14:00:00 | 000,091,750 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 14:00:00 | 000,069,118 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 14:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 14:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 14:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 14:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.03.17 02:00:00 | 000,007,420 | -H-- | C] () -- C:\WINDOWS\UA000079.DLL
 
========== LOP Check ==========
 
[2011.04.19 16:27:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2010.03.07 16:28:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flip Video
[2011.04.12 15:10:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2010.04.25 16:15:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
[2008.06.24 20:44:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Novatel Wireless
[2011.03.01 14:45:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2010.06.19 02:33:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Screaming Bee
[2009.08.24 21:15:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2010.08.25 10:52:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.11.28 22:28:20 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2009.11.28 22:24:12 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\XSManager
[2008.06.24 20:40:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Bytemobile
[2010.06.23 17:05:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Audacity
[2011.02.28 22:02:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Canon
[2010.10.26 21:41:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Cisco
[2010.06.10 14:21:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.06.24 07:37:38 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\FreeFLVConverter
[2011.03.01 14:43:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Samsung
[2010.06.19 02:33:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Screaming Bee
[2008.08.31 15:58:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\SharePod
[2010.05.16 15:29:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2009.08.24 21:18:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Ubisoft
[2010.06.20 03:37:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Ulead Systems
[2008.07.18 11:17:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\VCDEasy
[2008.06.24 20:44:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Vodafone
[2011.03.17 18:11:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\webex
[2009.01.05 23:09:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Windows Desktop Search
[2009.01.05 23:37:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Windows Search
[2009.12.03 19:35:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\XSManager
[2011.04.28 20:44:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2DF2D3BA-99B5-4ACA-92FE-1DD7F2969576}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. >
 
< %APPDATA%\*.exe /s >
[2010.11.08 11:56:57 | 000,053,632 | -H-- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.12.22 01:10:11 | 000,108,341 | -H-- | M] (Adobe Systems, Inc.) -- C:\Dokumente und Einstellungen\Rüdiger\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\digitaleditions\digitaleditions.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.10.05 09:03:00 | 022,286,026 | -H-- | M] () .cab file -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.10.05 09:03:00 | 022,286,026 | -H-- | M] () .cab file -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.04 14:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 07:07:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 07:07:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\drivers\agp440.sys
[2001.08.17 12:58:00 | 000,025,472 | -H-- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2002.08.29 14:00:00 | 010,180,476 | -H-- | M] () .cab file -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.10.05 09:03:00 | 022,286,026 | -H-- | M] () .cab file -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.10.05 09:03:00 | 022,286,026 | -H-- | M] () .cab file -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2004.08.04 14:00:00 | 018,782,319 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 00:27:50 | 000,086,912 | -H-- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002.08.29 14:00:00 | 000,086,912 | -H-- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 06:59:42 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 08:57:18 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.04 08:57:18 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | -H-- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002.08.29 14:00:00 | 000,049,152 | -H-- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2002.08.29 14:00:00 | 001,007,104 | -H-- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.04 08:57:52 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\explorer.exe
[2004.08.04 08:57:52 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 14:00:00 | 001,035,264 | -H-- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:10:08 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\explorer.exe
[2007.06.13 15:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2002.08.29 14:00:00 | 000,399,360 | -H-- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2004.08.04 08:57:30 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.04 08:57:30 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 08:57:32 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.04 08:57:32 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | -H-- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002.08.29 14:00:00 | 000,181,248 | -H-- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\user32.dll
[2005.03.02 20:09:46 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | -H-- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 08:57:36 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtUninstallKB890859$\user32.dll
[2004.08.04 08:57:36 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | -H-- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | -H-- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2003.09.25 17:52:00 | 000,561,664 | -H-- | M] (Microsoft Corporation) MD5=8D928268AFBF31F8A34CE610DA175352 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
[2002.11.22 20:28:16 | 000,530,432 | -H-- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtUninstallKB824141$\user32.dll
[2002.08.29 14:00:00 | 000,561,664 | -H-- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtUninstallKB826939$\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2002.08.29 14:00:00 | 000,022,528 | -H-- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2004.08.04 08:58:16 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.04 08:58:16 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | -H-- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 08:58:18 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.04 08:58:18 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | -H-- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2002.08.29 14:00:00 | 000,521,728 | -H-- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\eb87990d972df1fdd4b51b31dc90f36a\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2002.08.29 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Dokumente und Einstellungen\Rüdiger\Desktop\Transfer\Sonstiges\Externe Platte\Sicherung\WINDOWS\system32\drivers\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >

< End of report >
         

--- --- ---

EXTRASOTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 28.04.2011 20:48:52 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Rüdiger\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
989,00 Mb Total Physical Memory | 544,00 Mb Available Physical Memory | 55,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 1476 2952 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 91,60 Gb Total Space | 32,45 Gb Free Space | 35,43% Space Free | Partition Type: NTFS
 
Computer Name: MACBOOK | User Name: Rüdiger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.js [@ = jsfile] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
jsfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:VNCViewer
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"D:\Java\bin\JAVA.EXE" = D:\Java\bin\JAVA.EXE:*:Enabled:Java(TM) Platform SE binary
"C:\Programme\xampp\apache\bin\apache.exe" = C:\Programme\xampp\apache\bin\apache.exe:*:Enabled:Apache HTTP Server
"C:\Programme\FlashGet\flashget.exe" = C:\Programme\FlashGet\flashget.exe:*:Enabled:Flashget
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{316B3C3F-6B5A-DBC3-1398-FBE614ECCAA7}" = TweetDeck
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43EE9158-D821-4D6B-B1C7-06A8B97E6CCF}" = Mindjet MindManager Pro 7
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{5518E08A-2053-4A3E-85B2-F912D4666C9F}" = Adobe Setup
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77FD4A62-8A2A-15D9-1372-EA9FF6C2D8A3}" = FlipShare
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{96C25F2B-4295-46C0-BD19-EFA5D0B6B51B}" = Netzwerkaufzeichnungs-Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{BB8AE808-F003-4C7F-B56B-8C80EEAFFE23}" = InterVideo AVControlSDK
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E032556E-5E88-4CD3-8FD8-15832713708F}" = Cisco AnyConnect Secure Mobility Client
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E45628-1218-4865-A516-8E8A54272ADC}" = Boot Camp-Dienste
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"02FEC2FAAA7DED51CAF15F06DB8B63E735EE735C" = Windows-Treiberpaket - Apple Inc. (applebt) Bluetooth  (04/06/2008 2.1.0.1)
"059BF941BA77F24DED9444B45BB0DAA5353F86EB" = Windows Driver Package - Apple Inc. System  (06/21/2007 2.0.0.0)
"0936416DB5978E29D553FACF9DD6F3EFBA1929DA" = Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4)
"0EEF0136F93FA6C5AB723AADEA61FF550D8C60FB" = Windows Driver Package - Broadcom (BCM43XX) Net  (01/08/2007 4.80.75.0)
"144A90A8644F24BDCA0607CBAE7F90C2F5427DA4" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10)
"181B29655BDD6EA3FC483A7E4D1C2ED7735873F0" = Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4)
"18BB9B0552BA675902E31409A34F929D9C9AD56C" = Windows Driver Package - Intel (e1express) Net  (04/03/2006 9.3.39.0)
"2CA2C2712E3120F27F44A38A6FA5540D9A93CA01" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"6784A318842714811EC3F8409C3C0F7983B90972" = Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0)
"6AB59209597E0F6B986EC8E976521FDF0A696C9D" = Windows Driver Package - Marvell (yukonwxp) Net  (03/23/2007 10.12.7.3)
"6AEF368351694A266BAB82596EEA968C73E8FC87" = Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4)
"80087CDF19A4CE2FBB535E7DC99A0E50FFA25589" = Windows Driver Package - Intel (E1000) Net  (01/06/2006 8.6.17.0)
"850625E38080EAF5C2644C07A2510A394019973D" = Windows Driver Package - Apple Inc. (applebt) Bluetooth  (06/27/2007 2.0.0.1)
"9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"992615C0D0002C27AA3BB336C66D1E7764047A51" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5)
"9B19F92D5E3730EA8D0788B248741F6CC2633DBE" = Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1)
"ActiveTouchMeetingClient" = WebEx
"AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.4.3.18)
"AD3F97DB12E1CE21FA0120AB7CE80FADD54FC0AB" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_061850775b1c6d22bf2a145678e05e0" = Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C71CD722DD357F78301EAEA028431241C2D91890" = Windows-Treiberpaket - Apple Inc. System  (09/12/2007 2.0.1.1)
"CE031DF97C704035E8B6E570362ABD337ACA4BA5" = Windows Driver Package - Atheros (AR5211) Net  (04/05/2007 5.3.0.35)
"Cisco AnyConnect Secure Mobility Client" = Cisco AnyConnect Secure Mobility Client 
"D1E46C4F35C591B14E31349A9EDA8227C5F0E966" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5)
"D3BCC671821E117ACD653C1AA146540791143F25" = Windows-Treiberpaket - Apple Inc. Apple Display (12/19/2007 2.0.2.0)
"D66D0ACEFE4E32CCDF30362ACBB3EAEFB97E9FDE" = Windows Driver Package - Atheros (AR5416) Net  (06/26/2007 6.0.3.94)
"D922ADD1498E7464ED76231D79D703FC1320C80C" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (09/20/2007 4.170.25.12)
"Digital Editions" = Adobe Digital Editions
"F5A89004299B5282B8B5D7D9F7253FF13C58628F" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10)
"FreePDF_XP" = FreePDF (Remove only)
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PDF-XChange 3_is1" = PDF-XChange 3.0
"Picasa 3" = Picasa 3
"PROHYBRIDR" = 2007 Microsoft Office system
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TMM80" = TELL ME MORE
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"VCDEasy_is1" = VCDEasy
"VLC media player" = VLC media player 1.1.7
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XSManager" = XSManager
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-789336058-1085031214-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.04.2011 00:06:43 | Computer Name = MACBOOK | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\RÜDIGER\RECENT\DESKTOP.INI>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 24.04.2011 00:09:17 | Computer Name = MACBOOK | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\RÜDIGER\RECENT\DESKTOP.INI>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 24.04.2011 00:11:45 | Computer Name = MACBOOK | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\RÜDIGER\RECENT\DESKTOP.INI>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 24.04.2011 00:11:48 | Computer Name = MACBOOK | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\RÜDIGER\RECENT\DESKTOP.INI>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 24.04.2011 00:11:48 | Computer Name = MACBOOK | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\RÜDIGER\RECENT\DESKTOP.INI>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 24.04.2011 00:14:13 | Computer Name = MACBOOK | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\RÜDIGER\RECENT\DESKTOP.INI>
 in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:  Anwendung, SystemIndex
 Katalog  Details:  Ein an das System angeschlossenes Gerät funktioniert nicht.   (0x8007001f)

 
Error - 24.04.2011 15:41:07 | Computer Name = MACBOOK | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
 der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
 d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
 hr=0x800700a1  
 
Error - 25.04.2011 13:57:02 | Computer Name = MACBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xsmanager.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul mfc42u.dll, Version 6.2.8081.0, Fehleradresse 0x0000239d.
 
Error - 25.04.2011 14:00:44 | Computer Name = MACBOOK | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung xsmanager.exe, Version 1.0.0.1, fehlgeschlagenes
 Modul mfc42u.dll, Version 6.2.8081.0, Fehleradresse 0x0000239d.
 
Error - 26.04.2011 03:45:54 | Computer Name = MACBOOK | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung XSManager.exe, Version 1.0.0.1, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 28.04.2011 01:47:54 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: CFilterXP2KImpl::Register File: .\FilterXP2KImpl.cpp Line:
 608 Invoked Function: CServices::GetServiceState Return Code: -31981555 (0xFE18000D)
Description:
 SERVICES_ERROR_SERVICE_DOES_NOT_EXIST 
 
Error - 28.04.2011 02:30:58 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 38 Invoked Function:
 URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter=
 
Error - 28.04.2011 02:31:04 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -28049388
 (0xFE540014) Description: HTTP_SESSION_ASYNC_ERROR_DNS_RESOLUTION 
 
Error - 28.04.2011 03:40:51 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 38 Invoked Function:
 URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter=
 
Error - 28.04.2011 13:42:17 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: Directory::ReadDir File: .\Utility\Directory.cpp Line: 156
Invoked
 Function: ::FindNextFile Return Code: 18 (0x00000012) Description: Es sind keine 
weiteren Dateien vorhanden.   
 
Error - 28.04.2011 13:42:17 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_fcs0.8682811717\DaVinci_fcs\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 28.04.2011 13:42:17 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_fcs0.8682811717\DaVinci_fcs\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 28.04.2011 13:42:17 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: PluginLoader::QuickCreatePlugin File: c:\temp\build\thehoff\DaVinci_fcs0.8682811717\DaVinci_fcs\vpn\Common\Utility/PluginLoader.h
Line:
 145 Invoked Function: PluginLoader::CreateInstance Return Code: -29294580 (0xFE41000C)
Description:
 PLUGINLOADER_ERROR_COULD_NOT_CREATE 
 
Error - 28.04.2011 13:42:19 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: CFilterXP2KImpl::Register File: .\FilterXP2KImpl.cpp Line:
 608 Invoked Function: CServices::GetServiceState Return Code: -31981555 (0xFE18000D)
Description:
 SERVICES_ERROR_SERVICE_DOES_NOT_EXIST 
 
Error - 28.04.2011 13:52:45 | Computer Name = MACBOOK | Source = acvpnagent | ID = 67108866
Description = Function: URL::URL File: .\Utility\URL.cpp Line: 38 Invoked Function:
 URL::setURL Return Code: -28508150 (0xFE4D000A) Description: URL_ERROR_BAD_URL parameter=
 
[ OSession Events ]
Error - 26.08.2010 15:20:44 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1087
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 25.09.2010 03:19:25 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 71
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 25.10.2010 17:55:09 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 80
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 05.12.2010 22:03:46 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 08.12.2010 04:01:36 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2297
 seconds with 1080 seconds of active time.  This session ended with a crash.
 
Error - 09.12.2010 09:47:39 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 28228
 seconds with 1440 seconds of active time.  This session ended with a crash.
 
Error - 02.01.2011 07:12:51 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 10.01.2011 16:54:04 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 318289
 seconds with 10800 seconds of active time.  This session ended with a crash.
 
Error - 28.01.2011 09:45:30 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 9699
 seconds with 240 seconds of active time.  This session ended with a crash.
 
Error - 17.03.2011 01:09:24 | Computer Name = MACBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 27065
 seconds with 540 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.04.2011 18:27:15 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySql" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.04.2011 18:27:15 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VNC Server" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 27.04.2011 18:27:33 | Computer Name = MACBOOK | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Die Hardware des Embedded Controllers (EC) hat nicht
 innerhalb des Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware
 oder -Firmware bzw. auf ein schlecht angelegtes BIOS hin, das auf nicht sichere
 Art und Weise auf den EC zugreift. Der EC-Treiber wird erneut versuchen, die fehlgeschlagene
 Transaktion durchzuführen.
 
Error - 27.04.2011 18:40:01 | Computer Name = MACBOOK | Source = sfsync02 | ID = 262156
Description = 
 
Error - 27.04.2011 18:41:40 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySql" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 27.04.2011 18:41:41 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VNC Server" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 28.04.2011 01:48:09 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySql" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.04.2011 01:48:09 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VNC Server" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 28.04.2011 13:42:32 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySql" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 28.04.2011 13:42:32 | Computer Name = MACBOOK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "VNC Server" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
 
< End of report >
         

--- --- ---

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Gleiches Problem wie zuvor: kurze Aktivität, dann hängt sich Rechner auf

sorry hatte das falsche erwischt.
http://www.trojaner-board.de/74908-a...t-scanner.html
gmer report bitte.

GMER Logfile:

Code: Alles auswählenAufklappen

ATTFilter

GMER 1.0.15.15572 - GMER - Rootkit Detector and Remover
Rootkit scan 2011-04-30 07:50:14
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-10 FUJITSU_MHY2120BH rev.0081000D
Running: mgly6r9f.exe; Driver: C:\DOKUME~1\RDIGER~1\LOKALE~1\Temp\uxldypog.sys


---- System - GMER 1.0.15 ----

SSDT    F7B27976                                                                                           ZwCreateKey
SSDT    F7B2796C                                                                                           ZwCreateThread
SSDT    F7B2797B                                                                                           ZwDeleteKey
SSDT    F7B27985                                                                                           ZwDeleteValueKey
SSDT    F7B2798A                                                                                           ZwLoadKey
SSDT    F7B27958                                                                                           ZwOpenProcess
SSDT    F7B2795D                                                                                           ZwOpenThread
SSDT    F7B27994                                                                                           ZwReplaceKey
SSDT    F7B2798F                                                                                           ZwRestoreKey
SSDT    F7B27980                                                                                           ZwSetValueKey

---- Kernel code sections - GMER 1.0.15 ----

.text   C:\WINDOWS\system32\DRIVERS\atksgt.sys                                                             section is writeable [0xA9624300, 0x3B6D8, 0xE8000020]
.text   C:\WINDOWS\system32\DRIVERS\lirsgt.sys                                                             section is writeable [0xF7902300, 0x1BEE, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text   C:\WINDOWS\system32\SearchIndexer.exe[2332] kernel32.dll!WriteFile                                 7C810E27 7 Bytes  JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text   C:\Programme\Microsoft Office\Office12\WINWORD.EXE[3780] kernel32.dll!SetUnhandledExceptionFilter  7C84495D 5 Bytes  JMP 32605B49 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text   C:\Programme\Microsoft Office\Office12\WINWORD.EXE[3780] ole32.dll!OleLoadFromStream               774F981B 5 Bytes  JMP 32920DB5 C:\Programme\Gemeinsame Dateien\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device  \Driver\BTHUSB \Device\0000009f                                                                    bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device  \Driver\BTHUSB \Device\0000009f                                                                    bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device  \Driver\BTHUSB \Device\000000a1                                                                    bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device  \Driver\BTHUSB \Device\000000a1                                                                    bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3                                                        sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort0                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort1                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort2                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdePort3                                                                 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device  \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-10                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

---- Registry - GMER 1.0.15 ----

Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f5b7a47bf                        
Reg     HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001f5b7a47bf@60a10a96d527           0xC5 0x07 0x7B 0xB1 ...
Reg     HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f5b7a47bf (not active ControlSet)    
Reg     HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001f5b7a47bf@60a10a96d527               0xC5 0x07 0x7B 0xB1 ...
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout                 15
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota                    10000
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler                                  yes
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk                                 
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout                 90
Reg     HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota                   10000

---- EOF - GMER 1.0.15 ----
         

--- --- ---

Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
tdss killer nutzen, log posten.

Keine Bedrohung gefunden...

2011/04/30 20:53:44.0718 3708 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/30 20:53:45.0030 3708 ================================================================================
2011/04/30 20:53:45.0030 3708 SystemInfo:
2011/04/30 20:53:45.0030 3708
2011/04/30 20:53:45.0030 3708 OS Version: 5.1.2600 ServicePack: 3.0
2011/04/30 20:53:45.0030 3708 Product type: Workstation
2011/04/30 20:53:45.0030 3708 ComputerName: MACBOOK
2011/04/30 20:53:45.0030 3708 UserName: Rüdiger
2011/04/30 20:53:45.0030 3708 Windows directory: C:\WINDOWS
2011/04/30 20:53:45.0030 3708 System windows directory: C:\WINDOWS
2011/04/30 20:53:45.0030 3708 Processor architecture: Intel x86
2011/04/30 20:53:45.0030 3708 Number of processors: 2
2011/04/30 20:53:45.0030 3708 Page size: 0x1000
2011/04/30 20:53:45.0030 3708 Boot type: Normal boot
2011/04/30 20:53:45.0030 3708 ================================================================================
2011/04/30 20:53:45.0452 3708 Initialize success
2011/04/30 20:53:49.0093 1940 ================================================================================
2011/04/30 20:53:49.0093 1940 Scan started
2011/04/30 20:53:49.0093 1940 Mode: Manual;
2011/04/30 20:53:49.0093 1940 ================================================================================
2011/04/30 20:53:52.0202 1940 ================================================================================
2011/04/30 20:53:52.0202 1940 Scan finished
2011/04/30 20:53:52.0202 1940 ================================================================================
2011/04/30 20:54:14.0952 2548 ================================================================================
2011/04/30 20:54:14.0952 2548 Scan started
2011/04/30 20:54:14.0952 2548 Mode: Manual;
2011/04/30 20:54:14.0952 2548 ================================================================================
2011/04/30 20:54:19.0296 2548 ================================================================================
2011/04/30 20:54:19.0296 2548 Scan finished
2011/04/30 20:54:19.0296 2548 ================================================================================
2011/04/30 20:54:46.0108 1096 ================================================================================
2011/04/30 20:54:46.0108 1096 Scan started
2011/04/30 20:54:46.0108 1096 Mode: Manual;
2011/04/30 20:54:46.0108 1096 ================================================================================
2011/04/30 20:54:47.0858 1096 ================================================================================
2011/04/30 20:54:47.0858 1096 Scan finished
2011/04/30 20:54:47.0858 1096 ================================================================================
2011/04/30 20:54:55.0218 2404 ================================================================================
2011/04/30 20:54:55.0218 2404 Scan started
2011/04/30 20:54:55.0218 2404 Mode: Manual;
2011/04/30 20:54:55.0218 2404 ================================================================================
2011/04/30 20:54:57.0343 2404 ================================================================================
2011/04/30 20:54:57.0343 2404 Scan finished
2011/04/30 20:54:57.0343 2404 ================================================================================
2011/04/30 20:55:04.0436 2300 ================================================================================
2011/04/30 20:55:04.0436 2300 Scan started
2011/04/30 20:55:04.0436 2300 Mode: Manual;
2011/04/30 20:55:04.0436 2300 ================================================================================
2011/04/30 20:55:06.0952 2300 ================================================================================
2011/04/30 20:55:06.0952 2300 Scan finished
2011/04/30 20:55:06.0952 2300 ================================================================================
2011/04/30 20:55:29.0593 0696 ================================================================================
2011/04/30 20:55:29.0593 0696 Scan started
2011/04/30 20:55:29.0593 0696 Mode: Manual;
2011/04/30 20:55:29.0593 0696 ================================================================================
2011/04/30 20:55:31.0546 0696 ================================================================================
2011/04/30 20:55:31.0546 0696 Scan finished
2011/04/30 20:55:31.0546 0696 ================================================================================

wie läuft das system?

Bisher stabil, keine neuen Fehlermeldungen bzw. AV-Meldungen - warum auch immer?!

das klingt so entteuscht, sind dir meldungen lieber hehe.

lade den CCleaner slim:
Piriform - Builds
falls der CCleaner bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Mich macht lediglich die schnelle "Wunderheilung" ohne (für mich) erkennbaren Grund skeptisch...

2007 Microsoft Office system Microsoft Corporation 12.0.6425.1000 bekannt, benötigt
3ivx MPEG-4 5.0.3 (remove only) 3ivx Technologies, Pty. Ltd. 5.0.3 bekannt, benötigt
Adobe AIR Adobe Systems Inc. 2.5.1.17730 bekannt, benötigt
Adobe Color Common Settings Adobe Systems Incorporated 1.0.1 unbekannt
Adobe Creative Suite 3 Design Premium hinzufügen oder entfernen Adobe Systems Incorporated 1.0 bekannt, nicht benötigt
Adobe Digital Editions bekannt, benötigt
Adobe ExtendScript Toolkit 2 Adobe Systems Incorporated 2.0.2 bekannt, benötigt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 10.2.152.26 bekannt, benötigt
Adobe Reader 9.4.4 - Deutsch Adobe Systems Incorporated 9.4.4 bekannt, benötigt
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 11.5 bekannt, benötigt
Apple Mobile Device Support Apple Inc. 2.1.2.7 bekannt, benötigt
Apple Software Update Apple Inc. 2.1.1.116 bekannt, benötigt
Avira AntiVir Personal - Free Antivirus Avira GmbH 10.0.0.648 bekannt, benötigt
Bonjour Apple Inc. 1.0.105 bekannt, benötigt (?)
Boot Camp-Dienste Apple Inc. 2.1.0 bekannt, benötigt
Canon CanoScan Toolbox 4.5 bekannt, benötigt
CCleaner Piriform 3.06 bekannt, benötigt
Cisco AnyConnect Secure Mobility Client Cisco Systems, Inc. 3.0.0629 bekannt, benötigt
FlipShare Flip Video 5.9.19.0 bekannt, benötigt
FreePDF (Remove only) bekannt, benötigt
Google Toolbar for Internet Explorer Google Inc. 6.6.1409.1944 bekannt, benötigt
GoToMeeting 4.5.0.457
GPL Ghostscript 8.71 bekannt, benötigt
Intel(R) Graphics Media Accelerator Driver unbekannt
InterVideo AVControlSDK InterVideo Inc. unbekannt
InterVideo DeviceService InterVideo 1.0.0 unbekannt
Java 2 Runtime Environment, SE v1.4.2_15 Sun Microsystems, Inc. 1.4.2_15 unbekannt
Java(TM) 6 Update 21 Sun Microsystems, Inc. 6.0.210 unbekannt
Java(TM) 6 Update 7 Sun Microsystems, Inc. 1.6.0.70 unbekannt
Microsoft .NET Framework 2.0 Language Pack - DEU Microsoft Corporation unbekannt
Microsoft .NET Framework 2.0 Service Pack 2 Microsoft Corporation 2.2.30729 unbekannt
Microsoft .NET Framework 3.0 Service Pack 2 Microsoft Corporation 3.2.30729 unbekannt
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation unbekannt
Microsoft Office 2007 Primary Interop Assemblies Microsoft Corporation 12.0.4518.1014 unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 3.1.0000 unbekannt
Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Corporation unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 8.0.50727.4053 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 8.0.56336 unbekannt
Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Corporation 8.0.51011 unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148 unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 9.0.30729.5570 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 9.0.30729 unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 9.0.30729.4148 unbekannt
Mindjet MindManager Pro 7 Mindjet LLC 7.2.374 bekannt, benötigt
MSXML 6.0 Parser Microsoft Corporation 6.00.3883.8 unbekannt
MSXML 6.0 Parser (KB933579) Microsoft Corporation 6.10.1200.0 unbekannt
Netzwerkaufzeichnungs-Player Cisco WebEx LLC 2.20.2200 bekannt, benötigt
OutlookAddInNet3Setup Samsung 1.0.0 bekannt, benötigt
PDF-XChange 3.0 Tracker Software unbekannt
Picasa 3 Google, Inc. 3.8 bekannt, benötigt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 5.10.0.5512 bekannt, benötigt
RedMon - Redirection Port Monitor unbekannt
Samsung Kies Samsung Electronics Co., Ltd. 2.0.0.11014_49 bekannt, benötigt
SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 1.3.2000.0 bekannt, benötigt
Security Update for Windows Search 4 - KB963093 Microsoft Corporation unbekannt
Skype™ 4.2 Skype Technologies S.A. 4.2.166 bekannt, nicht benötigt
TELL ME MORE bekannt, benötigt
TweetDeck TweetDeck Inc 0.37.5 bekannt, benötigt
VCDEasy delphi stuff bekannt, benötigt
VLC media player 1.1.7 VideoLAN 1.1.7 bekannt, benötigt
WebEx Cisco WebEx LLC bekannt, benötigt
Windows Driver Package - Apple Inc. (applebt) Bluetooth (06/27/2007 2.0.0.1) Apple Inc. 06/27/2007 2.0.0.1 bekannt, benötigt
Windows Driver Package - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) Apple Inc. 06/27/2007 2.0.0.1 bekannt, benötigt
Windows Driver Package - Apple Inc. Apple Built-in iSight (04/09/2007 1.3.0.0) Apple Inc. 04/09/2007 1.3.0.0 bekannt, benötigt
Windows Driver Package - Apple Inc. Apple IR Receiver (07/16/2007 2.0.0.1) Apple Inc. 07/16/2007 2.0.0.1 bekannt, benötigt
Windows Driver Package - Apple Inc. Apple Keyboard (08/30/2007 2.0.1.4) Apple Inc. 08/30/2007 2.0.1.4 bekannt, benötigt
Windows Driver Package - Apple Inc. Apple Trackpad (08/28/2007 2.0.1.4) Apple Inc. 08/28/2007 2.0.1.4 bekannt, benötigt
Windows Driver Package - Apple Inc. Apple Trackpad Enabler (08/28/2007 2.0.1.4) Apple Inc. 08/28/2007 2.0.1.4 bekannt, benötigt
Windows Driver Package - Apple Inc. System (06/21/2007 2.0.0.0) Apple Inc. 06/21/2007 2.0.0.0 bekannt, benötigt
Windows Driver Package - Atheros (AR5211) Net (04/05/2007 5.3.0.35) Atheros 04/05/2007 5.3.0.35 unbekannt
Windows Driver Package - Atheros (AR5416) Net (06/26/2007 6.0.3.94) Atheros 06/26/2007 6.0.3.94 unbekannt
Windows Driver Package - Broadcom (BCM43XX) Net (01/08/2007 4.80.75.0) Broadcom 01/08/2007 4.80.75.0 unbekannt
Windows Driver Package - Intel (E1000) Net (01/06/2006 8.6.17.0) Intel 01/06/2006 8.6.17.0 unbekannt
Windows Driver Package - Intel (e1express) Net (04/03/2006 9.3.39.0) Intel 04/03/2006 9.3.39.0 unbekannt
Windows Driver Package - Marvell (yukonwxp) Net (03/23/2007 10.12.7.3) Marvell 03/23/2007 10.12.7.3 unbekannt
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray Microsoft Corporation 1.0 unbekannt
Windows Genuine Advantage Validation Tool (KB892130) Microsoft Corporation bekannt, benötigt
Windows Internet Explorer 8 Microsoft Corporation 20090308.140743 bekannt, benötigt
Windows Media Format 11 runtime unbekannt
Windows Search 4.0 Microsoft Corporation 04.00.6001.503 unbekannt
Windows XP Service Pack 3 Microsoft Corporation 20080414.031514 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. (applebt) Bluetooth (04/06/2008 2.1.0.1) Apple Inc. 04/06/2008 2.1.0.1 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) Apple Inc. 01/11/2008 3.4.3.18 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) Apple Inc. 10/25/2007 2.0.1.0 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple Display (12/19/2007 2.0.2.0) Apple Inc. 12/19/2007 2.0.2.0 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (11/01/2007 2.0.1.1) Apple Inc. 11/01/2007 2.0.1.1 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/10/2008 2.1.0.0) Apple Inc. 03/10/2008 2.1.0.0 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple Multitouch (12/18/2007 2.0.1.10) Apple Inc. 12/18/2007 2.0.1.10 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (12/18/2007 2.0.1.10) Apple Inc. 12/18/2007 2.0.1.10 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple Trackpad (10/09/2007 2.0.1.5) Apple Inc. 10/09/2007 2.0.1.5 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (10/09/2007 2.0.1.5) Apple Inc. 10/09/2007 2.0.1.5 bekannt, benötigt
Windows-Treiberpaket - Apple Inc. System (09/12/2007 2.0.1.1) Apple Inc. 09/12/2007 2.0.1.1 bekannt, benötigt
Windows-Treiberpaket - Broadcom (BCM43XX) Net (09/20/2007 4.170.25.12) Broadcom 09/20/2007 4.170.25.12 unbekannt
WinRAR bekannt, benötigt
XSManager XSManager 3.0 bekannt, benötigt