| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
15.05.2011, 05:44
| #1 | |
 |  Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt Nun hat es auch mich erwischt. Der Trojaner , Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt Icons sind alle verschwunden und der Desktop schwarz Zitat:
|
|
15.05.2011, 11:12
| #2 |
| /// Malware-holic   | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [eGJterJSMsHHPPC] C:\ProgramData\eGJterJSMsHHPPC.exe (QNP) [2011.05.14 22:39:32 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.14 22:39:33 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42000120r [2011.05.14 22:39:33 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42000120 [2011.05.14 22:39:32 | 000,000,601 | -H-- | M] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk [2011.05.14 22:39:29 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42000120 [2011.05.14 22:39:28 | 000,378,880 | -H-- | M] () -- C:\ProgramData\42000120.exe [2011.05.14 04:25:56 | 000,000,089 | -H-- | M] () -- C:\Users\erni\AppData\Local\hxjazld.bat :Files C:\ProgramData\eGJterJSMsHHPPC.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
|
15.05.2011, 16:39
| #3 |
| | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt OTL-Editor
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.05.2011 01:46:18 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\erni\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 298,09 Gb Total Space | 152,05 Gb Free Space | 51,01% Space Free | Partition Type: NTFS Computer Name: SCHLEPPI | User Name: erni | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.15 01:17:34 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\erni\Downloads\OTL.exe PRC - [2011.05.14 22:30:25 | 000,433,664 | -H-- | M] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe PRC - [2011.05.05 22:52:25 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe PRC - [2011.04.14 21:30:46 | 003,588,960 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgui.exe PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe PRC - [2011.03.30 11:40:06 | 000,404,296 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10Play.exe PRC - [2011.03.30 11:40:06 | 000,323,912 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\vc10tray.exe PRC - [2011.03.30 11:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe PRC - [2011.02.09 05:35:14 | 001,265,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgsrmax.exe PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe PRC - [2010.09.22 18:11:26 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.12 20:43:30 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe PRC - [2009.03.12 10:31:56 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe PRC - [2008.10.28 17:42:12 | 000,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe PRC - [2008.05.28 16:06:02 | 006,144,000 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2006.12.07 07:49:02 | 000,118,870 | ---- | M] () -- C:\Program Files\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe PRC - [2006.12.07 07:48:32 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerCinema\PCMService.exe PRC - [2006.11.22 10:11:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxctcoms.exe PRC - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe ========== Modules (SafeList) ========== MOD - [2011.05.15 01:17:34 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\erni\Downloads\OTL.exe MOD - [2010.11.04 20:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2011.03.30 11:40:02 | 000,144,712 | ---- | M] (H+H Software GmbH) [Auto | Running] -- C:\Program Files\Virtual CD v10\System\VC10SecS.exe -- (VC10SecS) SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2009.09.27 13:18:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2009.03.12 10:31:56 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008.10.28 17:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service) SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4) SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.12.07 07:49:02 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS) SRV - [2006.12.07 07:49:00 | 000,274,520 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS) SRV - [2006.11.22 10:11:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxctcoms.exe -- (lxct_device) SRV - [2006.10.05 14:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) ========== Driver Services (SafeList) ========== DRV - [2011.04.14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver) DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86) DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.02.22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH) DRV - [2011.02.10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim) DRV - [2011.02.10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter) DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2010.05.21 09:14:44 | 000,186,392 | ---- | M] (H+H Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\vdrv1000.sys -- (vdrv1000) DRV - [2010.03.10 17:34:34 | 000,013,952 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HH10Help.sys -- (HH10Help.sys) DRV - [2010.02.19 15:18:26 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2010.02.19 15:18:26 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2010.02.19 06:11:38 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2009.04.16 16:50:55 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ACEDRV05.sys -- (ACEDRV05) DRV - [2009.03.05 10:14:50 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.02.17 12:19:44 | 000,057,672 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2009.02.17 12:17:40 | 000,072,520 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K) DRV - [2008.11.11 12:29:22 | 000,296,704 | ---- | M] (AfaTech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2008.11.08 11:55:24 | 000,101,760 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.06.26 06:30:50 | 003,662,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.09.17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.07.13 13:24:45 | 000,038,400 | ---- | M] (O2Micro ) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\o2media.sys -- (O2MDRDR) DRV - [2007.07.13 13:24:45 | 000,035,968 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR) DRV - [2007.05.02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2007.05.02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2007.05.02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2007.05.02 11:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007.05.02 11:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007.05.02 11:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007.04.04 19:41:00 | 007,493,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2006.11.30 17:30:30 | 000,811,440 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonCam.sys -- (Cam5603D) DRV - [2006.10.05 12:39:40 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.08.17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.08.17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1.15 Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.0.19 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928 FF - prefs.js..extensions.foxtrick.prefs.module.YouthSkillHideUnknown.HideMaximalKeyWord.enabled: false FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.05.14 23:44:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.05 22:52:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.05 22:52:28 | 000,000,000 | ---D | M] [2009.02.20 07:04:39 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\erni\AppData\Roaming\mozilla\Extensions [2011.05.05 22:55:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions [2011.03.07 23:39:04 | 000,000,000 | -H-D | M] ("FoxTrick") -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2009.10.10 12:46:05 | 000,000,000 | -H-D | M] (Move Media Player) -- C:\Users\erni\AppData\Roaming\mozilla\Firefox\Profiles\sbb9jaeu.default\extensions\moveplayer@movenetworks.com [2010.12.30 18:16:58 | 000,000,919 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\conduit.xml [2010.02.19 06:12:06 | 000,002,055 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\daemon-search.xml [2009.11.19 12:32:38 | 000,002,118 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\MyStart Search.xml [2010.10.26 18:44:38 | 000,001,583 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\searchplugins\web-search.xml [2011.05.12 17:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011.05.12 17:14:46 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.04.21 01:20:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.27 23:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.01.15 13:25:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2011.05.14 23:44:24 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4 [2011.05.05 22:52:25 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009.09.21 11:59:40 | 001,275,296 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\Mozilla Firefox\plugins\NpFv501.dll [2011.05.05 22:52:27 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.04.16 18:51:19 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml [2011.05.05 22:52:27 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml [2011.05.05 22:52:27 | 000,001,153 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.28 18:14:06 | 000,002,040 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml [2011.05.05 22:52:27 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.05.05 22:52:27 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.05.05 22:52:27 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll () O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll (facemoods.com) O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\CyberLink\PowerCinema\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [VC10Player] C:\Program Files\Virtual CD v10\System\VC10Play.exe (H+H Software GmbH) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [eGJterJSMsHHPPC] C:\ProgramData\eGJterJSMsHHPPC.exe (QNP) O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2081150714-656436237-3114053707-1000..\Run: [RegistryBooster] File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0ad5015a-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = F:\menu.exe O33 - MountPoints2\{0ad5015c-16b4-11df-9f36-001d9219a15a}\Shell - "" = AutoRun O33 - MountPoints2\{0ad5015c-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{0ad5015d-16b4-11df-9f36-001d9219a15a}\Shell - "" = AutoRun O33 - MountPoints2\{0ad5015d-16b4-11df-9f36-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{1a121d5e-f40d-11de-85d5-001d9219a15a}\Shell - "" = AutoRun O33 - MountPoints2\{1a121d5e-f40d-11de-85d5-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{1a121d80-f40d-11de-85d5-001d9219a15a}\Shell - "" = AutoRun O33 - MountPoints2\{1a121d80-f40d-11de-85d5-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{722ce5e0-2aa0-11de-9533-001d9250fd26}\Shell\AutoRun\command - "" = E:\Menu.exe O33 - MountPoints2\{b2b5c6e8-00b2-11df-89ce-001d9219a15a}\Shell - "" = AutoRun O33 - MountPoints2\{b2b5c6e8-00b2-11df-89ce-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{b2b5c6e9-00b2-11df-89ce-001d9219a15a}\Shell - "" = AutoRun O33 - MountPoints2\{b2b5c6e9-00b2-11df-89ce-001d9219a15a}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{f625ca84-1d0d-11df-aab9-001d9219a15a}\Shell - "" = AutoRun O33 - MountPoints2\{f625ca84-1d0d-11df-aab9-001d9219a15a}\Shell\AutoRun\command - "" = E:\Autorun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B326E1B8-707A-2952-9703-B849C271E808} - ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB1922BE-6FE8-011B-BF41-A24DCCB7A649} - Java (Sun) ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - File not found Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.ZMBV - C:\Windows\System32\zmbv.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.05.15 00:22:38 | 000,000,000 | -H-D | C] -- C:\$AVG [2011.05.14 23:45:48 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\AVG10 [2011.05.14 23:44:48 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2011.05.14 23:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011 [2011.05.14 23:43:11 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVG10 [2011.05.14 23:43:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG [2011.05.14 23:41:26 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2011.05.14 23:38:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\MFAData [2011.05.14 22:39:32 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery [2011.05.14 22:30:25 | 000,433,664 | -H-- | C] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe [2011.05.14 04:26:20 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.12 17:17:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Skype Extras [2011.05.12 17:14:57 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\Skype [2011.05.12 17:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.05.12 17:13:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2011.05.12 17:13:56 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2011.05.10 16:59:15 | 000,186,392 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\vdrv1000.sys [2011.05.10 16:59:15 | 000,013,952 | ---- | C] (H+H Software GmbH) -- C:\Windows\System32\drivers\HH10Help.sys [2011.05.10 16:59:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual CD v10 [2011.05.10 16:59:13 | 000,000,000 | --SD | C] -- C:\Users\erni\AppData\Roaming\Virtual CD v10 [2011.05.10 16:58:52 | 000,000,000 | ---D | C] -- C:\Program Files\Virtual CD v10 [2011.05.10 16:57:43 | 000,000,000 | -H-D | C] -- C:\Users\erni\AppData\Roaming\InstallShield [2011.04.27 12:57:54 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll [2011.04.27 12:57:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll [2011.04.27 12:57:08 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2011.04.18 23:25:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.04.18 23:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.04.18 23:24:38 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011.04.18 23:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.04.16 18:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar [2011.04.15 16:02:43 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2011.04.15 16:02:43 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2011.04.15 15:56:51 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll [2011.04.15 15:56:50 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll [2011.04.15 15:56:44 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe [2011.04.15 15:56:30 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2011.04.15 15:56:30 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2011.04.15 15:56:30 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2011.04.15 15:56:30 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2011.04.15 15:56:29 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2011.04.15 15:56:29 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll [2011.04.15 15:56:21 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2011.04.15 15:56:18 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011.04.15 15:56:18 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll [2009.04.16 16:53:32 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCThcp.dll [2006.11.22 10:11:38 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxctih.exe [2006.11.22 10:11:36 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxctcoms.exe [2006.11.22 10:11:34 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxctcfg.exe [2006.11.06 17:37:46 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxctpmui.dll [2006.11.06 17:35:50 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxctserv.dll [2006.11.06 17:28:08 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxctcomm.dll [2006.11.06 17:24:44 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxctiesc.dll [2006.11.06 17:21:48 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxctpplc.dll [2006.11.06 17:20:48 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxctcomc.dll [2006.11.06 17:20:14 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxctprox.dll [2006.11.06 17:12:44 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxctinpa.dll [2006.11.06 17:11:58 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxctusb1.dll [2006.11.06 17:07:04 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxcthbn3.dll [2006.07.13 19:16:42 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxctlmpm.dll ========== Files - Modified Within 30 Days ========== [2011.05.15 01:48:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.05.15 01:04:24 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.05.15 01:04:24 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.05.15 01:04:24 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.05.15 01:04:24 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.05.15 00:58:27 | 002,375,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.05.15 00:57:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.05.15 00:57:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.05.15 00:57:45 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.05.15 00:57:40 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2011.05.15 00:57:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.05.15 00:57:07 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys [2011.05.15 00:55:33 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.05.14 23:46:56 | 115,024,133 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.05.14 22:39:33 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~42000120r [2011.05.14 22:39:33 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~42000120 [2011.05.14 22:39:32 | 000,000,601 | -H-- | M] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk [2011.05.14 22:39:29 | 000,000,336 | -H-- | M] () -- C:\ProgramData\42000120 [2011.05.14 22:39:28 | 000,378,880 | -H-- | M] () -- C:\ProgramData\42000120.exe [2011.05.14 22:34:08 | 000,005,843 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl_navps.dat [2011.05.14 22:33:33 | 000,003,505 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl.dat [2011.05.14 22:30:25 | 000,433,664 | -H-- | M] (QNP) -- C:\ProgramData\eGJterJSMsHHPPC.exe [2011.05.14 11:18:27 | 000,173,296 | -H-- | M] () -- C:\Users\erni\Documents\europapokal.gif [2011.05.14 04:26:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.05.14 04:25:56 | 000,000,089 | -H-- | M] () -- C:\Users\erni\AppData\Local\hxjazld.bat [2011.05.14 04:25:36 | 000,012,978 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\nvModes.001 [2011.05.11 02:43:21 | 000,237,753 | -H-- | M] () -- C:\Users\erni\AppData\Local\vffmndl_nav.dat [2011.05.09 11:53:49 | 000,012,978 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\nvModes.dat [2011.05.09 11:53:41 | 000,007,592 | -H-- | M] () -- C:\Users\erni\AppData\Local\d3d9caps.dat [2011.05.04 01:25:20 | 000,017,408 | -H-- | M] () -- C:\Users\erni\AppData\Local\WebpageIcons.db [2011.04.19 14:01:11 | 000,166,063 | -H-- | M] () -- C:\Users\erni\Documents\Grafik1.JPG [2011.04.17 23:00:30 | 001,158,253 | -H-- | M] () -- C:\Users\erni\Documents\Refine_Anleitung_EH_Serie_2009.pdf [2011.04.17 16:24:59 | 000,100,864 | -H-- | M] () -- C:\Users\erni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.17 15:47:54 | 000,033,754 | -H-- | M] () -- C:\Users\erni\Documents\Eheringe.jpg ========== Files Created - No Company Name ========== [2011.05.14 23:46:56 | 115,024,133 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2011.05.14 22:39:33 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~42000120r [2011.05.14 22:39:33 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~42000120 [2011.05.14 22:39:32 | 000,000,601 | -H-- | C] () -- C:\Users\erni\Desktop\Windows Vista Recovery.lnk [2011.05.14 22:39:29 | 000,000,336 | -H-- | C] () -- C:\ProgramData\42000120 [2011.05.14 22:39:28 | 000,378,880 | -H-- | C] () -- C:\ProgramData\42000120.exe [2011.05.14 11:18:27 | 000,173,296 | -H-- | C] () -- C:\Users\erni\Documents\europapokal.gif [2011.05.05 22:52:30 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.04.17 23:00:29 | 001,158,253 | -H-- | C] () -- C:\Users\erni\Documents\Refine_Anleitung_EH_Serie_2009.pdf [2011.04.17 21:11:02 | 000,166,063 | -H-- | C] () -- C:\Users\erni\Documents\Grafik1.JPG [2011.04.17 15:47:53 | 000,033,754 | -H-- | C] () -- C:\Users\erni\Documents\Eheringe.jpg [2011.04.04 13:33:40 | 000,237,753 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl_nav.dat [2011.04.04 13:33:40 | 000,005,843 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl_navps.dat [2011.04.04 13:33:40 | 000,003,505 | -H-- | C] () -- C:\Users\erni\AppData\Local\vffmndl.dat [2011.01.09 20:22:00 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2011.01.09 20:22:00 | 000,000,850 | ---- | C] () -- C:\Windows\unins000.dat [2010.12.24 01:20:45 | 000,001,302 | -H-- | C] () -- C:\ProgramData\ss.ini [2010.12.16 00:23:41 | 000,000,089 | -H-- | C] () -- C:\Users\erni\AppData\Local\hxjazld.bat [2010.12.15 12:30:37 | 000,006,654 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj_navps.dat [2010.12.15 12:30:36 | 000,231,868 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj_nav.dat [2010.12.15 12:30:36 | 000,003,450 | -H-- | C] () -- C:\Users\erni\AppData\Local\vmemdsj.dat [2010.07.02 22:17:42 | 000,017,408 | -H-- | C] () -- C:\Users\erni\AppData\Local\WebpageIcons.db [2010.04.09 22:08:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\zmbv.dll [2010.02.19 15:18:26 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.02.19 15:18:26 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.02.03 16:26:23 | 000,000,772 | ---- | C] () -- C:\Windows\ODBCINST.INI [2010.01.05 06:57:41 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.29 01:46:27 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2009.12.29 01:46:27 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2009.12.16 04:16:57 | 000,000,089 | -H-- | C] () -- C:\Users\erni\AppData\Local\dpetav.bat [2009.10.13 19:13:55 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt [2009.10.13 19:02:21 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2009.09.30 13:39:29 | 000,004,096 | -H-- | C] () -- C:\Users\erni\AppData\Local\keyfile3.drm [2009.08.04 22:37:22 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.08.04 22:37:22 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.02 14:55:35 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.04.16 16:53:32 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCTinst.dll [2009.03.12 14:07:27 | 000,000,088 | -H-- | C] () -- C:\Users\erni\AppData\Local\aaqoceo.bat [2009.03.01 23:19:41 | 000,007,592 | -H-- | C] () -- C:\Users\erni\AppData\Local\d3d9caps.dat [2009.02.19 17:40:10 | 000,100,864 | -H-- | C] () -- C:\Users\erni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.02.19 15:56:43 | 000,000,714 | ---- | C] () -- C:\Windows\ODBC.INI [2009.02.19 15:47:05 | 000,039,095 | ---- | C] () -- C:\Windows\iccsigs.dat [2009.02.19 15:47:04 | 000,112,688 | ---- | C] () -- C:\Windows\System32\shw32.dll [2009.02.19 13:44:07 | 000,000,479 | ---- | C] () -- C:\Windows\eReg.dat [2009.02.19 12:00:38 | 000,012,978 | -H-- | C] () -- C:\Users\erni\AppData\Roaming\nvModes.001 [2009.02.19 11:49:36 | 000,012,978 | -H-- | C] () -- C:\Users\erni\AppData\Roaming\nvModes.dat [2008.11.11 12:29:00 | 000,015,190 | ---- | C] () -- C:\Windows\M2000Twn.ini [2008.11.11 12:21:12 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat [2008.11.07 12:28:15 | 000,551,048 | ---- | C] () -- C:\Windows\System32\fsvk.exe.exe [2008.07.23 12:22:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.16 03:56:58 | 000,204,800 | ---- | C] () -- C:\Windows\System32\lxctgrd.dll [2006.11.07 12:30:48 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxctcoin.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 002,375,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.08.14 17:17:14 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxctcaps.dll [2006.08.08 15:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxctdrs.dll [2006.05.03 14:31:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\lxctcnv4.dll [2006.04.25 03:11:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxctvs.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [1999.04.30 00:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL ========== LOP Check ========== [2010.04.21 17:13:25 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AppLauncher [2011.05.14 23:45:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AVG10 [2010.02.19 15:10:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DAEMON Tools Lite [2010.12.23 21:32:41 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.09 20:22:00 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Flatcast [2009.05.07 18:26:59 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\gtk-2.0 [2009.05.07 18:10:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Inkscape [2010.12.16 00:19:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\IrfanView [2010.12.23 23:37:29 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mp3tag [2010.12.24 01:08:42 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\MusicBrainz [2009.12.29 01:50:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\PC Suite [2009.12.29 01:45:58 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Samsung [2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Simple Star [2010.02.19 15:56:35 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Ubisoft [2011.05.10 17:01:15 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Virtual CD v10 [2011.05.15 00:57:40 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job [2011.05.15 00:55:36 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.03.15 15:13:04 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Adobe [2010.04.21 17:13:25 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AppLauncher [2010.12.23 21:21:18 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Apple Computer [2011.05.14 23:45:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\AVG10 [2009.06.11 16:38:52 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Corel [2009.02.19 11:44:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\CyberLink [2010.02.19 15:10:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DAEMON Tools Lite [2010.12.23 21:32:41 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\DVDVideoSoftIEHelpers [2011.01.09 20:22:00 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Flatcast [2009.05.07 18:26:59 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\gtk-2.0 [2009.02.19 11:30:30 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Identities [2009.05.07 18:10:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Inkscape [2011.05.10 16:57:43 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\InstallShield [2010.12.16 00:19:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\IrfanView [2009.02.19 12:58:19 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Macromedia [2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Media Center Programs [2010.11.26 06:17:41 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Microsoft [2009.02.19 15:53:31 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Microsoft Web Folders [2009.02.20 07:04:39 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mozilla [2010.10.24 11:48:54 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mozilla-Cache [2010.12.23 23:37:29 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Mp3tag [2010.12.24 01:08:42 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\MusicBrainz [2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Nero [2009.12.29 01:50:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\PC Suite [2009.12.29 01:45:58 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Samsung [2009.02.19 16:51:48 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Simple Star [2011.05.14 11:23:45 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Skype [2011.05.14 11:23:16 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\skypePM [2010.02.19 15:56:35 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Ubisoft [2011.05.10 17:01:15 | 000,000,000 | --SD | M] -- C:\Users\erni\AppData\Roaming\Virtual CD v10 [2009.02.21 19:12:15 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\WinRAR [2009.04.10 21:21:28 | 000,000,000 | -H-D | M] -- C:\Users\erni\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2009.08.10 19:36:16 | 007,344,128 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\AppLauncher.exe [2010.04.21 17:13:25 | 000,667,648 | -H-- | M] (TODO: <Company name>) -- C:\Users\erni\AppData\Roaming\AppLauncher\Data Recovery.exe [2010.04.21 17:13:25 | 002,695,168 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\DataSync.exe [2010.04.21 17:13:25 | 001,294,336 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\LOCK.exe [2010.04.21 17:13:25 | 000,770,048 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\MakeBootable.exe [2010.04.21 17:13:25 | 000,561,152 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\PCLock.exe [2010.04.21 17:13:25 | 000,208,896 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\Reset.exe [2010.04.21 17:13:25 | 000,462,848 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\AppLauncher\SecretZip.exe [2008.05.29 08:03:08 | 000,037,176 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2009.12.29 01:57:20 | 000,069,632 | -H-- | M] () -- C:\Users\erni\AppData\Roaming\Samsung\New PC Studio\DriverChecker.exe [2010.06.17 20:57:28 | 032,501,760 | -H-- | M] (Samsung Electronics Co., Ltd. ) -- C:\Users\erni\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe < %SYSTEMDRIVE%\*.exe > [2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: IASTOR.SYS > [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\OemDrv\IaStor.sys [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\drivers\IaStor.sys [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7b6e77f6\iaStor.sys [2008.07.20 17:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_649e6da2\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2010.02.19 06:11:38 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll < End of report > |
|
15.05.2011, 16:40
| #4 |
| | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt Extras-Editor OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.05.2011 01:46:18 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\erni\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,09 Gb Total Space | 152,05 Gb Free Space | 51,01% Space Free | Partition Type: NTFS
Computer Name: SCHLEPPI | User Name: erni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-2081150714-656436237-3114053707-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0177C1AC-DE86-4750-9C66-84FF88C052CB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{0BCD706E-E9EA-422C-A122-4C6AC1D90972}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 |
"{0CD73EF3-0CD5-4959-A6A7-F1286C09A80E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{15AC1955-2034-4D33-B35F-DB0A09BF938B}" = lport=137 | protocol=17 | dir=in | app=system |
"{1853AD10-1BFA-4D73-AD78-69F94FA32DA5}" = lport=445 | protocol=6 | dir=in | app=system |
"{1D4B7227-FD92-4340-A098-901481CA1095}" = rport=138 | protocol=17 | dir=out | app=system |
"{309F15D8-C42A-4B60-ABE9-5CD0A2DCD8A5}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{350C3792-34BC-42DC-AA96-8C42DDD1EA80}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4B8D8E79-D2DD-4ED8-B5AF-DA359B40D504}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{54C392D4-96DF-4DAF-829D-B883D5D912CE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{63EF55EE-8474-4F46-947F-118D4A00873C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{692CED5B-AF91-41DC-A1ED-EC7F4CA67A57}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6CCAEC64-465A-4509-90B3-38250307884D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8021F0E1-04C9-49B8-8EA4-8E789924A02D}" = rport=139 | protocol=6 | dir=out | app=system |
"{85E0A575-41C6-4309-8DA6-C2F04E0E00D6}" = lport=139 | protocol=6 | dir=in | app=system |
"{87512D3D-13AB-4E7C-A51D-FFA4BB8BEB4C}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{9F2D68A8-8731-410F-AFCC-996E8E572B9B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A4D45FF2-DCAC-4F74-925F-7E2E86530089}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8548794-1D4E-47DE-AA01-6229F3BE9E46}" = rport=445 | protocol=6 | dir=out | app=system |
"{B46DCFC7-E3DF-406F-813B-E37BBFE54D0A}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{C8526658-4546-40F1-92AC-50020783F5CE}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server |
"{D1FF94F0-80BF-4B1F-A4F0-B1B86B0DE81C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{D35EC39A-F877-4104-A3A8-559A47CED857}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D4D9DF3D-F013-4A0E-B59D-1C5B9DE57977}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FCFDA820-8829-47AC-8224-52EEBD6B928B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C3F822-87DA-4D3D-A76E-B090DD31D257}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{0B705868-7537-4995-B398-39D1049E5F39}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{189851B4-4763-4FF5-8B55-60364FC5BA6F}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{1B7EE455-19D0-449A-9CD3-07946287FD7E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1C11CE04-435D-44F6-83C2-01FAEB8CB049}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{1FEE08F8-7380-4AC5-82EB-DF859F549636}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{21114246-62BB-4E25-AEEB-6F3DD723CA1B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{221F2CEB-8BEA-4AF3-8FD2-C7F31ED3B0C5}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{22EECA2C-F79D-4049-A217-2DB9D5F6982A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{2C81E393-7B8F-4DE0-9EC9-BAA89429AEC6}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{35810AF5-800C-4D57-A86E-94FFFF25ECB6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{3FD2F5FB-1F93-4283-9B25-411CE95B31DC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe |
"{43D66D72-07CB-4563-9E39-25E9BEB9D94A}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{458FCE42-CA0B-4CC1-ADD7-16DD82BFE7C6}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powercinema\pcmservice.exe |
"{5446769C-3754-479D-9330-33E5C58253EA}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{5B83F622-A4E8-45F6-8C15-2FA4BE14464B}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{628B5A36-26A9-4452-8966-58F7589D13D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6CA31C83-3ABD-4CC5-873F-DBA0B9F003A3}" = protocol=17 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{7516FBF9-D591-41E9-BAD3-AD1D58866B67}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{765B43A1-5DF8-40E4-9088-96CD51A100A1}" = protocol=6 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{7F924210-D952-4410-8FD0-2BDBB13F8E55}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe |
"{83EBF16A-1800-4681-843F-14B39F926C69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8B856059-4613-4810-99DB-A65B72033768}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{9FAF50FC-0E80-4D90-937B-F69B7A0DE293}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A49798A4-A800-4668-90AF-9BDAF78B3610}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A9E9D524-9017-4668-90A6-2E276F34AD09}" = protocol=6 | dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{AA418BB7-B913-41D9-A47B-67EB30518875}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\tools\anno4web.exe |
"{B32DC07D-63D4-4DF3-A73E-CAD728236FBB}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{B8FFFC7E-C6CC-41DD-BA8B-FA2940C4CDC2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BCA164BB-D3B8-4D20-A3B4-90DFFA74D7CA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C13F784F-D21A-4CD6-917D-EDC2406A9DDE}" = protocol=17 | dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{C18ECEDF-17D0-473E-900F-C1D9EDCC0B63}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{C5622C49-856C-48EF-A21F-BD2681E4025D}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CCEDCB3B-65F5-49DC-B8AB-A03F6FE401F9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CE5D0009-035F-43EF-95B3-1DEE39138F47}" = protocol=6 | dir=in | app=c:\windows\system32\lxctcoms.exe |
"{D8BC2E67-BA10-4668-9132-3B6656023BEF}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{EBC12A6B-B5F9-442C-B06E-2C2C67B56679}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F718385C-1CB5-47E2-A708-41D6136F62D5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\related designs\anno 1404\anno4.exe |
"{F7F90383-CDA7-451B-83FA-948F5DCD677C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{04C3F55F-D22B-4C6F-AEA9-45BE9E563376}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{083DF3BF-1771-45D7-8402-6DA6C6A1FC62}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=6 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe |
"TCP Query User{2A1ED1D6-8C4A-4090-B74E-DA0971F691AA}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{3ED85D47-1B5A-4DA4-83CC-FDCF7185A6FA}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{51BF6FDF-2153-43D0-A070-B6F13A996345}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{55D3BB80-FE61-4E6D-9230-94D79A7CE221}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{605DF183-EF3B-46DA-9F93-04E96B5F06FC}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{7FF70EEA-96DC-4F35-A9AF-362BE1DFB09B}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{84FC5F44-44E3-4B72-901E-FC44C3290F3E}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{98F52D44-A096-4669-92C0-57FBD42DD7BE}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=6 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe |
"TCP Query User{AC7EDF86-7A1E-4820-95D4-B92A0D705F76}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B1BB2F0D-412E-423F-89A0-63E507223743}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe |
"TCP Query User{BC95642B-0ABA-4C6F-8BA3-3FEA4E7494AC}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C263C0B5-39C5-45AA-83F0-CFEF6FEE7175}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{C2F3BF2A-58DD-4FC3-86A4-68E7A962D7B3}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C56EA605-98AE-4788-9E33-3523862603E8}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{D0C2C1D8-A9B9-489A-B28E-F62F0BD66E9D}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{DA5F2175-F398-45D4-9E18-E5933A6B6090}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E8A463A8-CC15-4DD9-8410-941772A78F15}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{FF271EA0-F962-4323-9C0D-C8340BFE7E64}C:\program files\musicbrainz picard\picard.exe" = protocol=6 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{2B082DFD-3998-4D50-B354-1ACC681F5E16}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{409C36A7-ACCC-4D2D-8A3A-0B73EB91C42E}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=17 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe |
"UDP Query User{4C1830F8-8C78-4E2E-9B87-1B0A02B32BA0}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{5E75FB84-A415-4AB5-B0A5-FCF6B46427D8}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{75218251-E907-48DE-ADFD-8C2E5E3775EE}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{77ACA30B-E974-4934-9475-C89D06BAC0F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{991EAD3F-4C49-40B9-9CCE-267063918840}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{9AF8BC67-B396-48DB-9EB9-A59A9856FDF3}C:\program files\anno 1701 demo\anno1701_demo.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701 demo\anno1701_demo.exe |
"UDP Query User{A5DFFC81-B5CF-4826-B168-BED1EEBAFEF9}C:\program files\musicbrainz picard\picard.exe" = protocol=17 | dir=in | app=c:\program files\musicbrainz picard\picard.exe |
"UDP Query User{AAF95A22-4652-457C-B556-01F4C7CE822B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{ACD79B5F-B407-4AB1-8960-8E37A8CBA270}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{B39B62AA-B333-4396-A277-DFBB6EE4E060}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{C022EF49-9F2C-4320-B1CF-F86A64BAB350}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{C520845D-16E4-4E58-A54B-8D8290F8FC35}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CCD7A5A0-6334-441A-BD18-8E85554E94C9}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
"UDP Query User{D2FAA6F3-D4BB-40B0-B90C-A79A87A6FA2A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D4781180-A740-46A3-A0B8-E7D59C55612C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D6483A78-F7EF-465C-81AA-5A9F18A7E592}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{DAFD7EF6-B437-42D0-B175-D07E334FBD9B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{E23B21C2-A7C4-4C35-87DA-9A5862B69AA0}C:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe" = protocol=17 | dir=in | app=c:\users\erni\documents\weisseradler-script_1.071\weisseradler-script 1.071\weisseradler-script.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10812DE7-2E57-4740-B226-6B3BE34AF9D7}" = Lexmark Tools for Office
"{10C51313-A308-4B40-90E3-B368D5882660}" = Virtual CD v10
"{14F70205-1940-4000-88C7-BE799A6B2CAD}" = Adobe Soundbooth CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{230E8DDC-FB78-4F9F-8461-22ED20DBC3BA}" = AVG 2011
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{297190A1-4B0D-4CD6-8B9F-3907F15C3FD8}" = Adobe CS4 American English Speech Analysis Models
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = BisonCam
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5EAD5443-7194-46CC-A055-428E6ABB1BAF}" = Adobe Encore CS4
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7406DF60-016D-476B-A2C7-55D997592047}" = Adobe OnLocation CS4
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91B7CEB3-4331-427B-AA7A-2898BE8F9DC6}" = Samsung PC Studio 3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_943" = Adobe Acrobat 9.4.3 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B095B0A4-50A5-46D7-9988-D038FEB040C0}" = Adobe Encore CS4 Library
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DC1674-B5E8-4364-009E-B350048DD006}" = NHL 2005
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D4E53304-1F6C-4111-9872-1BCD2CF5B642}" = AVG 2011
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E64404F1-98DC-4CC8-A1A7-EF36E4E21031}" = Nero 8 Essentials
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FDF3A1E0-186A-11D5-0089-C400C04FAE70}" = NHL 2002
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"923A70C1-3B99-4B0E-A077-CA53405C70C9" = Wepoca.tv
"AC3Filter" = AC3Filter (remove only)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Ankh" = Ankh
"Artcut2009" = Artcut2009
"AVG" = AVG 2011
"BabylonToolbar" = Babylon toolbar
"ǧÄêͼ¿â" = ǧÄêͼ¿â
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Corel Applications" = Corel Applications
"facemoods" = facemoods
"Flatcast_is1" = Flatcast Viewer Plugin 5.0.356
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.31
"Google Chrome" = Google Chrome
"Hattrick Organizer" = Hattrick Organizer (remove only)
"Inkscape" = Inkscape 0.46
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Lexmark 5400 Series" = Lexmark 5400 Series
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mp3tag" = Mp3tag v2.47b
"MusicBrainz Picard" = MusicBrainz Picard
"NVIDIA Drivers" = NVIDIA Drivers
"PartyPoker" = PartyPoker
"PokerStars.net" = PokerStars.net
"PROHYBRIDR" = 2007 Microsoft Office system
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SopCast" = SopCast 3.3.2
"Surf & E-Mail-Stick" = Surf & E-Mail-Stick
"TVUPlayer" = TVUPlayer 2.5.3.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions
"VLC media player" = VLC media player 1.0.3
"WebMediaPlayer" = WebMediaPlayer
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Messenger" = Yahoo! Messenger
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
"ZMBV" = Zip Motion Block Video codec (Remove Only)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:12 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
Error - 14.05.2011 19:56:13 | Computer Name = schleppi | Source = Windows Search Service | ID = 3013
Description =
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
15.05.2011, 17:38
| #5 |
| /// Malware-holic | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt das ist nen neuer otl log, du solltest doch das script ausführen und auf fix klicken, nicht auf scan :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2011, 18:24
| #6 |
| | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt Ja, habe ich auch getan, hat er irgendwann abgebrochen, weil OTL einen Fehler hatte. Die Ordner sind ja wieder sichtbar, die Fehlermeldung erscheint auch nciht mehr, ist das ein gutes Zeichen oder hält sich da noch was versteckt? |
|
15.05.2011, 19:10
| #7 |
| /// Malware-holic | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt dann lad mal das moved files archiv wie beschrieben hoch. und das nächste mal sag mir wenn fehler auftreten, oder denkst du ich hab hier ne glaskugel womit ich hellsehen kann?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.05.2011, 19:34
| #8 | |
| | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt so, nu abba! Zitat:
|
|
15.05.2011, 19:43
| #9 |
| /// Malware-holic | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt und wo ist der upload! lies doch mal bitte weiter was unter dem script steht. :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2011, 10:55
| #10 |
| /// Malware-holic | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt danke für den upload. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2011, 12:37
| #11 |
| | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt ************************ combofix Combofix Logfile: Code:
ATTFilter ComboFix 11-05-15.04 - erni 16.05.2011 12:58:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3070.2158 [GMT 2:00]
ausgeführt von:: c:\users\erni\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe
c:\program files\webmediaplayer
c:\program files\webmediaplayer\resources\wmp_translation_file.xml
c:\program files\webmediaplayer\skins\classic.skn
c:\program files\webmediaplayer\sqlite3.dll
c:\program files\webmediaplayer\uninst.exe
c:\program files\webmediaplayer\WebMediaPlayer.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Datenschutzrichtlinien.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Deinstallieren.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Geschäftsbedingungen.url
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\users\erni\AppData\Local\vffmndl.dat
c:\users\erni\AppData\Local\vffmndl_nav.dat
c:\users\erni\AppData\Local\vffmndl_navps.dat
c:\users\erni\AppData\Local\vmemdsj.dat
c:\users\erni\AppData\Local\vmemdsj_nav.dat
c:\users\erni\AppData\Local\vmemdsj_navps.dat
c:\users\erni\AppData\Roaming\Adobe\plugs
c:\users\erni\AppData\Roaming\Adobe\shed
c:\users\erni\AppData\Roaming\Adobe\shed\thr1.chm
c:\windows\system32\fsvk.exe.exe
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
((((((((((((((((((((((( Dateien erstellt von 2011-04-16 bis 2011-05-16 ))))))))))))))))))))))))))))))
.
.
2011-05-16 08:14 . 2011-05-16 08:14 -------- d-----w- c:\program files\Common Files\Skype
2011-05-16 08:14 . 2011-05-16 08:14 -------- d-----r- c:\program files\Skype
2011-05-15 15:41 . 2011-05-16 07:26 -------- d-----w- C:\_OTL
2011-05-14 21:45 . 2011-05-14 21:45 -------- d-----w- c:\users\erni\AppData\Roaming\AVG10
2011-05-14 21:44 . 2011-05-14 21:44 -------- d-----w- c:\programdata\Common Files
2011-05-14 21:43 . 2011-05-16 10:36 -------- d-----w- c:\programdata\AVG10
2011-05-14 21:41 . 2011-05-14 21:41 -------- d-----w- c:\program files\AVG
2011-05-14 21:38 . 2011-05-16 10:34 -------- d-----w- c:\programdata\MFAData
2011-05-14 20:36 . 2011-05-14 20:36 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\6558EA.tmp
2011-05-14 02:26 . 2011-05-14 02:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-14 00:45 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9D8053B7-C8EB-43F6-B993-ECD86EFC47A1}\mpengine.dll
2011-05-12 15:17 . 2011-05-12 15:17 -------- d-----w- c:\programdata\Skype Extras
2011-05-12 15:14 . 2011-05-16 07:59 -------- d-----w- c:\users\erni\AppData\Roaming\Skype
2011-05-11 08:25 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-10 14:59 . 2010-05-21 07:14 186392 ----a-w- c:\windows\system32\drivers\vdrv1000.sys
2011-05-10 14:59 . 2010-03-10 15:34 13952 ----a-w- c:\windows\system32\drivers\HH10Help.sys
2011-05-10 14:59 . 2011-05-10 15:02 -------- d-s---w- c:\users\Public\Virtual CDs
2011-05-10 14:59 . 2011-05-10 15:01 -------- d-s---w- c:\users\Public\Virtual CD v10
2011-05-10 14:59 . 2011-05-10 15:01 -------- d-s---w- c:\users\erni\AppData\Roaming\Virtual CD v10
2011-05-10 14:58 . 2011-05-10 14:59 -------- d-----w- c:\program files\Virtual CD v10
2011-05-10 14:57 . 2011-05-10 14:57 -------- d-----w- c:\users\erni\AppData\Roaming\InstallShield
2011-05-05 20:52 . 2011-05-05 20:52 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-05 20:52 . 2011-05-05 20:52 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-05 20:52 . 2011-05-05 20:52 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-05 20:52 . 2011-05-05 20:52 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-05 20:52 . 2011-05-05 20:52 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-05 20:52 . 2011-05-05 20:52 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-05 20:52 . 2011-05-05 20:52 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-05 20:52 . 2011-05-05 20:52 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-04-27 10:57 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 10:57 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 10:57 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-18 21:24 . 2011-04-18 21:24 -------- d-----w- c:\program files\iPod
2011-04-18 21:24 . 2011-04-18 21:25 -------- d-----w- c:\program files\iTunes
2011-04-18 21:20 . 2011-04-18 21:20 -------- d-----w- c:\program files\Bonjour
2011-04-16 16:51 . 2011-04-16 16:51 -------- d-----w- c:\program files\BabylonToolbar
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-01 12:40 . 2009-02-19 09:51 1186056 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-04-06 14:20 . 2011-04-06 14:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 14:20 . 2011-04-06 14:20 197920 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 14:20 . 2011-04-06 14:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2011-03-10 17:03 . 2011-04-15 13:56 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 13:56 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 13:56 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 10:57 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 10:57 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 10:57 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 10:57 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 13:56 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 13:56 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-26 12:42 . 2009-08-01 09:10 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-02-22 14:13 . 2011-03-23 06:55 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 06:55 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 06:55 797696 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:24 . 2011-04-15 13:57 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-02-22 13:24 . 2011-04-15 13:57 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-02-22 13:23 . 2011-04-15 13:57 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-22 13:23 . 2011-04-15 13:57 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-02-18 16:38 . 2011-04-15 13:56 834048 ----a-w- c:\windows\system32\wininet.dll
2011-02-18 15:45 . 2011-04-15 13:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-18 14:49 . 2011-04-15 13:56 389632 ----a-w- c:\windows\system32\html.iec
2011-02-18 14:03 . 2011-04-15 13:56 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-18 14:03 . 2011-04-15 13:56 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-02-18 14:03 . 2011-04-15 13:56 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-02-16 16:21 . 2011-04-15 13:56 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-02-16 16:16 . 2011-04-15 14:02 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-02-16 14:02 . 2011-04-15 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-05-05 20:52 . 2011-05-05 20:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
2009-11-09 16:38 2331672 ----a-w- c:\program files\Softonic_Deutsch\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-10-11 15:12 1244040 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8DBB6D8E-E4A6-4E3B-9753-AF78B226441C}"= "c:\program files\Softonic_Deutsch\tbSoft.dll" [2009-11-09 2331672]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-10-11 1244040]
.
[HKEY_CLASSES_ROOT\clsid\{8dbb6d8e-e4a6-4e3b-9753-af78b226441c}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-23 135680]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-03-12 102400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-28 6144000]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-04-04 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-04 8429568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-04 81920]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2006-12-07 151552]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2011-01-30 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"BabylonToolbar"="c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe" [2010-11-07 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-14 421160]
"VC10Player"="c:\program files\Virtual CD v10\System\VC10Play.exe" [2011-03-30 404296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
VR-NetWorld Auftragsprfung.lnk - c:\program files\VR-NetWorld\VRToolCheckOrder.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
R3 HH10Help.sys;HH10Help.sys;c:\windows\system32\drivers\HH10Help.sys [2010-03-10 13952]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2007-07-13 38400]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-02-19 691696]
S1 vdrv1000;vdrv1000;c:\windows\system32\DRIVERS\vdrv1000.sys [2010-05-21 186392]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [2008-10-28 156968]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-12 233472]
S2 VC10SecS;Virtual CD v10 Management Service;c:\program files\Virtual CD v10\System\VC10SecS.exe [2011-03-30 144712]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-05 36608]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-06-26 3662848]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-07-13 35968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:00]
.
2011-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 12:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.babylon.com/home
uInternet Settings,ProxyOverride = *.local
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Free YouTube to MP3 Converter - c:\users\erni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
FF - ProfilePath - c:\users\erni\AppData\Roaming\Mozilla\Firefox\Profiles\sbb9jaeu.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&q=
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{64182481-4F71-486b-A045-B233BD0DA8FC} - c:\program files\facemoods.com\facemoods\1.4.17.1\bh\facemoods.dll
Toolbar-{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodsTlbr.dll
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-NPSStartup - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-05-16 13:08
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-05-16 13:11:00
ComboFix-quarantined-files.txt 2011-05-16 11:10
.
Vor Suchlauf: 16 Verzeichnis(se), 186.092.240.896 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 185.513.889.792 Bytes frei
.
- - End Of File - - 68FFE3CE96480536932AF5CCC9BFB52C
|
|
16.05.2011, 14:20
| #12 |
| /// Malware-holic | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt ^öffne bitte computer c: qoobox. rechtsklick quarantain, packen und wieder im upload channel hochladen. http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.05.2011, 16:45
| #13 |
| /// Malware-holic | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt ok, welche probleme gibt es noch?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.05.2011, 10:15
| #14 |
| | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt Nun ja, die Meldungen sind weg, die Ordner sind alle wieder da. Das Startmenü ist leer und ich habe einige Ordner wo er mir den Zugriff verweigert. |
|
17.05.2011, 11:18
| #15 |
| /// Malware-holic | Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt was heißt einige.... welche
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Festplatte beschädigt Das System hat mit einem oder mehreren installierten... Festplatte beschädigt |
| 4d36e972-e325-11ce-bfc1-08002be10318, acedrv05.sys, autorun, babylon toolbar, babylontoolbar, bho, bonjour, c:\windows\system32\rundll32.exe, conduit, converter, cs4/contributeieplugin.dll, desktop, device driver, error, festplatte, firefox, helper, home, hängen, location, logfile, mozilla, mp3, mystart, nvlddmkm.sys, nvstor.sys, object, oldtimer, plug-in, realtek, registry, rundll, scan, search the web, searchplugins, security, security scan, server, softonic, softonic deutsch toolbar, software, sptd.sys, start menu, studio, system, trojaner, vista, wrapper |
Linear-Darstellung
