| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-meWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2011, 07:49
| #1 |
| |  Das System hat ein Problem mit einem oder mehreren installierten IDE / SATA-Festplatten erkannt Also ich habe das gleiche Problem wie in dem oben genannten Link. http://www.trojaner-board.de/99057-d...n-erkannt.html Bin momentan OTL am durchlaufen lassen. Gibt es schon Sachen die ich weiterführen kann? Achso, dazu sollte man vllt. erwähnen, das eine Neuinstallation nicht ganz so einfach ist. Da es sich hierbei um einen EEEPc handelt. MfG H4wk Soo, OTL ist durchgelaufen!!! OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.05.2011 08:35:14 - Run 1 OTL by OldTimer - Version 3.2.23.0 Folder = F:\ Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,17 Mb Total Physical Memory | 378,98 Mb Available Physical Memory | 37,33% Memory free 2,38 Gb Paging File | 1,85 Gb Available in Paging File | 77,81% Paging File free Paging file location(s): C:\pagefile.sys 1522 1522 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 80,01 Gb Total Space | 48,08 Gb Free Space | 60,09% Space Free | Partition Type: NTFS Drive D: | 69,00 Gb Total Space | 64,23 Gb Free Space | 93,09% Space Free | Partition Type: NTFS Drive F: | 3,70 Gb Total Space | 3,70 Gb Free Space | 99,97% Space Free | Partition Type: FAT32 Computer Name: NAME-D9E682JU3S | User Name: Media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.05.26 08:23:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2011.05.24 21:27:16 | 000,335,872 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17293092.exe PRC - [2011.05.24 21:18:08 | 000,406,016 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KWIlAQhICeLnJub.exe PRC - [2011.04.28 22:20:21 | 000,136,360 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,269,480 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.02.18 16:37:16 | 000,037,664 | -H-- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.11.19 19:34:39 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.29 15:49:28 | 000,249,064 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | -H-- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.11.02 19:17:29 | 000,198,160 | -H-- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2008.07.23 11:32:00 | 000,335,872 | -H-- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDCTRL.EXE PRC - [2008.07.04 13:52:18 | 000,014,336 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2008.07.04 13:52:14 | 002,072,576 | -H-- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2008.06.03 13:43:56 | 000,098,304 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe PRC - [2008.06.03 12:34:38 | 000,479,232 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe PRC - [2008.05.21 01:56:24 | 000,094,208 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe PRC - [2008.04.14 14:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.14 14:00:00 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe PRC - [2007.11.05 14:28:10 | 000,204,915 | -H-- | M] (Option) -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe PRC - [2006.09.11 05:40:34 | 000,086,960 | -H-- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe PRC - [2005.12.10 16:57:19 | 000,133,016 | -H-- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe ========== Modules (SafeList) ========== MOD - [2011.05.26 08:23:54 | 000,580,096 | ---- | M] (OldTimer Tools) -- F:\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008.07.23 03:56:42 | 000,245,760 | -H-- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDAPIX.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.04.28 22:20:21 | 000,136,360 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.28 16:14:56 | 000,269,480 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.02.18 16:37:16 | 000,037,664 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.09.06 19:56:38 | 000,247,096 | -H-- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2008.11.04 01:06:28 | 000,441,712 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2008.07.04 13:52:18 | 000,014,336 | -H-- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2007.11.05 14:28:10 | 000,204,915 | -H-- | M] (Option) [Auto | Running] -- C:\Programme\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2011.03.19 07:48:08 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.27 15:19:54 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 11:12:49 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.13 18:36:21 | 000,223,128 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi) DRV - [2008.11.13 18:34:28 | 000,642,560 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.07.16 12:52:00 | 004,747,776 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.03.28 17:38:16 | 000,625,024 | -H-- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86) DRV - [2008.03.17 12:03:46 | 000,101,376 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2008.03.11 19:37:00 | 000,036,864 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e) DRV - [2007.07.26 20:00:38 | 000,011,264 | -H-- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI) DRV - [2007.07.09 14:17:36 | 000,095,744 | -H-- | M] (Option NV) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP) DRV - [2007.06.26 13:38:46 | 000,051,968 | -H-- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS) DRV - [2007.03.30 13:38:14 | 000,008,064 | -H-- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: MapShare-status@tomtom.com:1.7 FF - prefs.js..extensions.enabledItems: baseTheme@tomtom.com:1.0.2 FF - HKLM\software\mozilla\Firefox\extensions\\{ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA}: C:\WINDOWS\system32\5005 [2010.07.02 18:05:56 | 000,000,000 | -H-D | M] [2009.12.28 12:02:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Mozilla\Extensions [2009.12.28 12:02:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com File not found (No name found) -- C:\PROGRAMME\TOMTOM HOME 2\XUL\EXTENSIONS\MAPSHARE-STATUS@TOMTOM.COM O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {ED0CF0C8-62F1-4865-A3FD-2E2A2B50FAFA} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {F22C37FD-2BCB-40b6-A12E-77DDA1FBDD88} - File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\..\Toolbar\WebBrowser: (no name) - {B7D3E479-CC68-42B5-A338-938ECE35F419} - No CLSID value found. O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCTRL.EXE (ELANTECH Devices Corp.) O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation) O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006..\Run: [4E3E0230AEBB4E96] File not found O4 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] File not found O4 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006..\Run: [KWIlAQhICeLnJub] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KWIlAQhICeLnJub.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006..\Run: [TomTomHOME.exe] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1 O7 - HKU\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8 - Extra context menu item: &Winamp Search - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Programme/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Programme/Monopoly/Images/armhelper.ocx (ArmHelper Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\appconf32.exe) - File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.10 19:52:57 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{4e53a704-4cad-11df-a9c5-00f1d000f1d0}\Shell - "" = AutoRun O33 - MountPoints2\{4e53a704-4cad-11df-a9c5-00f1d000f1d0}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4e53a704-4cad-11df-a9c5-00f1d000f1d0}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{6295f42a-e75c-11df-ab30-0022434386be}\Shell - "" = AutoRun O33 - MountPoints2\{6295f42a-e75c-11df-ab30-0022434386be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6295f42a-e75c-11df-ab30-0022434386be}\Shell\AutoRun\command - "" = I:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{91319950-fb82-11dd-a72b-0023544ba1a3}\Shell\AutoRun\command - "" = F:\wd_windows_tools\WDSetup.exe O33 - MountPoints2\{97db0eaa-80e1-11de-a835-00f1d000f1d0}\Shell\verb1\command - "" = desktop.exe O33 - MountPoints2\{9a5c92c8-eb6d-11df-ab3f-0022434386be}\Shell - "" = AutoRun O33 - MountPoints2\{9a5c92c8-eb6d-11df-ab3f-0022434386be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{9a5c92c8-eb6d-11df-ab3f-0022434386be}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{af6f8bd2-9a2a-11df-aa58-0022434386be}\Shell - "" = AutoRun O33 - MountPoints2\{af6f8bd2-9a2a-11df-aa58-0022434386be}\Shell\1\Command - "" = .\recycled\info.exe O33 - MountPoints2\{af6f8bd2-9a2a-11df-aa58-0022434386be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{af6f8bd2-9a2a-11df-aa58-0022434386be}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\recycled\info.exe O33 - MountPoints2\{bd3c6716-4955-11de-a7b9-0022434386be}\Shell - "" = AutoRun O33 - MountPoints2\{bd3c6716-4955-11de-a7b9-0022434386be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{bd3c6716-4955-11de-a7b9-0022434386be}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{d23ebe3e-ec33-11df-ab43-0022434386be}\Shell - "" = AutoRun O33 - MountPoints2\{d23ebe3e-ec33-11df-ab43-0022434386be}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d23ebe3e-ec33-11df-ab43-0022434386be}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{d5ba7172-acdc-11dd-a675-0023544ba1a3}\Shell - "" = AutoRun O33 - MountPoints2\{d5ba7172-acdc-11dd-a675-0023544ba1a3}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d5ba7172-acdc-11dd-a675-0023544ba1a3}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe O33 - MountPoints2\{df00f80c-f397-11de-a93a-0022434386be}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{f7ff1ce3-af63-11df-aa9f-00f1d000f1d0}\Shell\AutoRun\command - "" = Menu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: MsnMsgr - hkey= - key= - File not found SafeBootMin: AppMgmt - File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: AppMgmt - File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} - ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (16902109354000384) ========== Files/Folders - Created Within 30 Days ========== [2011.05.26 08:40:06 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Media\Recent [2011.05.24 21:27:42 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Media\Startmenü\Programme\Windows XP Recovery [2011.05.24 21:27:16 | 000,335,872 | -H-- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17293092.exe [2011.05.24 21:18:09 | 000,406,016 | -H-- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KWIlAQhICeLnJub.exe [2011.05.23 18:12:10 | 000,404,640 | -H-- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.05.16 19:13:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2011.04.26 21:40:12 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [2011.04.26 21:38:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2011.04.26 21:38:23 | 000,107,368 | -H-- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll [2011.04.26 21:37:16 | 000,000,000 | -H-D | C] -- C:\Programme\iPod [2011.04.26 21:37:11 | 000,000,000 | -H-D | C] -- C:\Programme\iTunes [2011.04.26 21:36:21 | 000,000,000 | -H-D | C] -- C:\Programme\Apple Software Update [2011.04.26 21:34:33 | 000,000,000 | -H-D | C] -- C:\Programme\Bonjour [2010.07.10 20:31:14 | 015,523,560 | -H-- | C] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.26 08:27:16 | 000,001,084 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.05.26 08:27:04 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\tasks\BearShareNAG.job [2011.05.26 08:26:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.26 08:15:35 | 000,096,384 | -H-- | M] () -- C:\WINDOWS\System32\drivers\sptd8573.sys [2011.05.26 07:57:11 | 000,001,088 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.05.25 21:01:08 | 000,216,576 | -H-- | M] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.25 20:34:51 | 000,000,325 | -H-- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\ICQ.com Suchergebnisse.url [2011.05.24 21:27:48 | 000,000,829 | -H-- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\Windows XP Recovery.lnk [2011.05.24 21:27:48 | 000,000,112 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17293092 [2011.05.24 21:27:47 | 000,000,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17293092r [2011.05.24 21:27:24 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17293092 [2011.05.24 21:27:16 | 000,335,872 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17293092.exe [2011.05.24 21:18:08 | 000,406,016 | -H-- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KWIlAQhICeLnJub.exe [2011.05.24 20:49:55 | 000,001,158 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.23 18:12:10 | 000,404,640 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.05.17 21:27:29 | 000,001,695 | -H-- | M] () -- C:\Dokumente und Einstellungen\Media\Desktop\Avira AntiVir Personal Profil Vollständige Systemprüfung.LNK [2011.05.02 16:36:04 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.04.26 21:38:28 | 000,001,522 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.26 08:12:41 | 000,002,533 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone Mobile Connect.lnk [2011.05.26 08:12:41 | 000,001,978 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vodafone SMS.lnk [2011.05.26 08:12:41 | 000,000,885 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\web'n'walk Manager.lnk [2011.05.26 08:12:41 | 000,000,626 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Winamp.lnk [2011.05.26 08:12:40 | 000,001,709 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 8.lnk [2011.05.26 08:12:40 | 000,001,671 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2011.05.26 08:12:40 | 000,001,522 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2011.05.26 08:12:40 | 000,001,451 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.2.lnk [2011.05.26 08:12:40 | 000,000,875 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Virtual CloneDrive.lnk [2011.05.25 20:34:51 | 000,000,325 | -H-- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\ICQ.com Suchergebnisse.url [2011.05.24 21:27:48 | 000,000,829 | -H-- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\Windows XP Recovery.lnk [2011.05.24 21:27:47 | 000,000,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17293092r [2011.05.24 21:27:47 | 000,000,112 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~17293092 [2011.05.24 21:27:24 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\17293092 [2011.05.17 21:27:29 | 000,001,695 | -H-- | C] () -- C:\Dokumente und Einstellungen\Media\Desktop\Avira AntiVir Personal Profil Vollständige Systemprüfung.LNK [2011.02.18 15:10:30 | 000,148,078 | -H-- | C] () -- C:\WINDOWS\hpoins38.dat.temp [2011.02.18 15:10:29 | 000,000,548 | -H-- | C] () -- C:\WINDOWS\hpomdl38.dat.temp [2010.10.30 18:13:46 | 000,147,640 | -H-- | C] () -- C:\WINDOWS\hpoins38.dat [2010.10.30 18:13:46 | 000,000,548 | -H-- | C] () -- C:\WINDOWS\hpomdl38.dat [2010.07.10 21:00:24 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini [2010.07.10 20:45:52 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.07.10 20:44:56 | 000,294,072 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.07.10 20:17:27 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\INSTALLEEE.EXE [2010.07.10 20:12:32 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2010.07.10 20:10:51 | 000,000,520 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat [2010.07.10 19:55:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.07.10 19:50:54 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.07.04 22:57:01 | 000,000,155 | -H-- | C] () -- C:\WINDOWS\System32\urhtps.dat [2010.01.28 13:56:15 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\CD-Start.INI [2009.09.08 13:39:31 | 000,000,032 | -H-- | C] () -- C:\WINDOWS\Menu.INI [2009.07.17 09:15:27 | 000,033,088 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.05.03 10:47:56 | 000,102,945 | -H-- | C] () -- C:\WINDOWS\hpoins05.dat [2009.05.03 10:47:56 | 000,017,505 | -H-- | C] () -- C:\WINDOWS\hpomdl07.dat [2009.04.17 18:43:12 | 000,000,032 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.11.13 20:25:55 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2008.11.13 18:36:21 | 000,223,128 | -H-- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys [2008.11.13 18:34:28 | 000,096,384 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sptd8573.sys [2008.11.04 18:31:02 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.11.03 01:17:24 | 000,216,576 | -H-- | C] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.24 23:19:06 | 000,017,866 | -H-- | C] () -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\wklnhst.dat [2008.10.24 20:48:20 | 000,000,138 | -H-- | C] () -- C:\Dokumente und Einstellungen\Media\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.07.24 21:13:19 | 000,049,152 | -H-- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.07.08 15:59:10 | 000,005,312 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.07.08 15:59:07 | 000,488,668 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.07.08 15:59:07 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.07.08 15:59:07 | 000,096,014 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.07.08 15:59:07 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.07.08 15:59:01 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.07.08 15:59:00 | 000,445,370 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.07.08 15:59:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.07.08 15:59:00 | 000,072,576 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.07.08 15:59:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.07.08 15:58:59 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.07.08 15:58:59 | 000,004,562 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.07.08 15:58:58 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2008.07.08 15:58:57 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.07.08 15:58:57 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2008.07.08 15:58:54 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.07.08 15:58:51 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.06.23 14:02:02 | 000,097,410 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceManager.xml.rc4 [2008.05.26 23:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 23:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 23:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 22:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 22:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.05.23 18:48:50 | 000,020,270 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DeviceInstaller.xml [2008.03.20 09:58:30 | 000,000,173 | -H-- | C] () -- C:\WINDOWS\explorer.exe.config [2008.03.17 15:54:36 | 000,012,208 | -H-- | C] () -- C:\WINDOWS\AsTrayLang.ini ========== LOP Check ========== [2009.06.03 18:52:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\211B5 [2009.06.03 17:49:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2251 [2010.10.01 15:11:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Driver Whiz [2008.10.24 21:55:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ECAP [2010.11.09 13:28:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.09.24 16:18:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2009.12.28 12:03:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2010.10.01 15:12:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2010.11.03 17:11:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2010.09.12 10:55:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.07.16 09:00:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2010.11.03 17:12:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Vodafone [2011.02.13 23:03:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\63615 [2010.07.24 10:26:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\AnvSoft [2010.12.16 19:18:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\ICQ [2008.10.24 23:12:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\InterVideo [2011.05.10 20:24:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Linkreal [2010.01.28 14:06:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Mobipocket [2010.09.24 16:14:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\SpinTop [2010.07.07 19:25:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\StarOffice8 [2008.10.25 00:16:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Template [2009.12.28 12:02:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\TomTom [2010.11.06 12:55:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\udig [2010.11.03 17:12:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Vodafone [2010.11.02 17:51:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Windows Desktop Search [2011.02.12 19:58:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Windows Search [2011.05.26 08:27:04 | 000,000,296 | -H-- | M] () -- C:\WINDOWS\Tasks\BearShareNAG.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.02.13 23:03:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\63615 [2011.03.20 17:44:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Adobe [2008.11.09 15:12:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Ahead [2010.07.24 10:26:54 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\AnvSoft [2009.07.17 09:14:19 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Apple Computer [2010.11.05 12:27:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Avira [2010.10.25 20:52:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\dvdcss [2011.03.15 18:46:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Google [2010.12.16 19:18:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\ICQ [2008.11.13 20:16:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Identities [2010.07.10 20:12:53 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\InstallShield [2008.10.24 23:12:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\InterVideo [2011.05.10 20:24:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Linkreal [2008.10.25 00:41:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Macromedia [2011.02.18 15:49:45 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Microsoft [2010.01.28 14:06:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Mobipocket [2009.12.10 15:33:57 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Move Networks [2010.11.09 13:28:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Mozilla [2009.11.05 18:15:02 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Mozilla-Cache [2009.11.12 21:59:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Real [2009.10.30 11:47:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Skype [2009.10.30 11:45:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\skypePM [2010.09.24 16:14:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\SpinTop [2010.07.07 19:25:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\StarOffice8 [2010.07.10 20:23:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Sun [2008.10.25 00:16:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Template [2009.12.28 12:02:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\TomTom [2010.08.09 20:00:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\U3 [2010.11.06 12:55:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\udig [2008.11.03 01:48:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\vlc [2010.11.03 17:12:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Vodafone [2010.10.01 15:49:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Winamp [2010.11.02 17:51:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Windows Desktop Search [2011.02.12 19:58:41 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Windows Search [2010.10.08 17:27:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\WinRAR < %APPDATA%\*.exe /s > [2010.01.28 14:03:07 | 000,050,008 | RH-- | M] () -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe [2009.02.12 20:37:34 | 000,097,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.11.11 16:54:17 | 000,034,062 | -H-- | M] () -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Move Networks\ie_bin\Uninst.exe [2010.05.25 21:02:07 | 000,443,912 | -H-- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Real\Update\setup3.10\setup.exe [2011.01.20 13:01:55 | 000,510,120 | -H-- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\Real\Update\setup3.13\setup.exe [2007.10.23 09:27:20 | 000,110,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\U3\temp\cleanup.exe [2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Media\Anwendungsdaten\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.04.14 14:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008.04.14 14:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys < MD5 for: ATAPI.SYS > [2008.04.14 14:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008.04.14 14:00:00 | 020,108,202 | -H-- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys [2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2008.04.14 14:00:00 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008.04.14 14:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll [2008.04.14 14:00:00 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll < MD5 for: EXPLORER.EXE > [2008.04.14 14:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 14:00:00 | 001,036,800 | -H-- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: NETLOGON.DLL > [2008.04.14 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll [2008.04.14 14:00:00 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2008.04.14 14:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll [2008.04.14 14:00:00 | 000,187,904 | -H-- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll < MD5 for: USER32.DLL > [2008.04.14 14:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll [2008.04.14 14:00:00 | 000,580,096 | -H-- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008.04.14 14:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe [2008.04.14 14:00:00 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2008.04.14 14:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe [2008.04.14 14:00:00 | 000,513,024 | -H-- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.04.14 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2008.04.14 14:00:00 | 000,012,032 | -H-- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.11.13 18:36:21 | 000,223,128 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\dtscsi.sys [2008.11.13 18:34:28 | 000,642,560 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys [2011.05.26 08:15:35 | 000,096,384 | -H-- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd8573.sys < %systemroot%\System32\config\*.sav > [2010.07.10 21:44:41 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav [2010.07.10 21:44:41 | 001,069,056 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav [2010.07.10 21:44:41 | 000,442,368 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] ========== Alternate Data Streams ========== @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:52B72A7C @Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:AFFC859A < End of report > Extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.05.2011 08:35:14 - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = F:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 378,98 Mb Available Physical Memory | 37,33% Memory free
2,38 Gb Paging File | 1,85 Gb Available in Paging File | 77,81% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 80,01 Gb Total Space | 48,08 Gb Free Space | 60,09% Space Free | Partition Type: NTFS
Drive D: | 69,00 Gb Total Space | 64,23 Gb Free Space | 93,09% Space Free | Partition Type: NTFS
Drive F: | 3,70 Gb Total Space | 3,70 Gb Free Space | 99,97% Space Free | Partition Type: FAT32
Computer Name: NAME-D9E682JU3S | User Name: Media | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"D:\Programme\ICQ6.5\ICQ.exe" = D:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Programme\iMesh Applications\iMesh\iMesh.exe" = C:\Programme\iMesh Applications\iMesh\iMesh.exe:*:Enabled:iMesh
"C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Programme\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05BA6FCD-1701-4AB9-8A1B-59008261695E}" = PS_AIO_06_B109a-m_SW_Min
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0990B5DF-92C3-4AD6-A18D-BF3ADF311240}" = Super Hybrid Engine
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{25DEC9F7-08C7-4511-9B4A-40A61E40658E}" = web'n'walk Manager
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 24
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A253A57F-4319-49B5-B405-64587FFBCFE2}" = HP Photosmart B109a-m All-in-One Driver 14.0 Rel. 6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.5 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A81300000003}_814" = KB408682
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C656142F-EFE1-44CD-BFAD-6CBC6DCB9860}" = Vodafone Mobile Connect Lite
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DEB6ACEB-C418-4880-9133-1C5EB9AFBC79}" = Eee Storage
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Elantech" = ETDWare PS/2-x86 7.0.3.7 WHQL
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PartyPoker" = PartyPoker
"RealPlayer 12.0" = RealPlayer
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 0.9.4
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World_Series_Of_Poker_1.0" = World Series Of Poker
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-228949137-3530933763-1262980340-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26.05.2011 01:26:55 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 7040
Description = Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der
Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben.
Kontext:
Windows Anwendung, SystemIndex Katalog Details: 0xc0041801 (0xc0041801)
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 3029
Description = Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext:
Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen
werden. (0xc0041800)
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 3028
Description = Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows
Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen werden.
(0xc0041800)
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 3058
Description = Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung
Details:
Der
Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Error - 26.05.2011 01:49:10 | Computer Name = NAME-D9E682JU3S | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1
Error - 26.05.2011 01:54:03 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 26.05.2011 02:17:11 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 26.05.2011 02:18:23 | Computer Name = NAME-D9E682JU3S | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 26.05.2011 02:27:57 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ Application Events ]
Error - 26.05.2011 01:26:55 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 7040
Description = Der Suchdienst hat beschädigte Datendateien im Index erkannt. Der
Dienst versucht, dieses Problem durch Neuerstellung des Index automatisch zu beheben.
Kontext:
Windows Anwendung, SystemIndex Katalog Details: 0xc0041801 (0xc0041801)
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 3029
Description = Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext:
Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen
werden. (0xc0041800)
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 3028
Description = Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows
Anwendung, SystemIndex Katalog Details: Der Inhaltsindex kann nicht gelesen werden.
(0xc0041800)
Error - 26.05.2011 01:26:57 | Computer Name = NAME-D9E682JU3S | Source = Windows Search Service | ID = 3058
Description = Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung
Details:
Der
Inhaltsindex kann nicht gelesen werden. (0xc0041800)
Error - 26.05.2011 01:49:10 | Computer Name = NAME-D9E682JU3S | Source = MSDTC | ID = 4404
Description = Infrastruktur der MS DTC-Ablaufverfolgung: Fehler beim Initialisieren
der Infrastruktur der Ablaufverfolgung. Interne Informationen: msdtc_trace : File:
d:\comxp_sp3\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed,
hr=0x800700a1
Error - 26.05.2011 01:54:03 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 26.05.2011 02:17:11 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
Error - 26.05.2011 02:18:23 | Computer Name = NAME-D9E682JU3S | Source = WmiAdapter | ID = 4099
Description = Dienst konnte nicht geöffnet werden.
Error - 26.05.2011 02:27:57 | Computer Name = NAME-D9E682JU3S | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
[ System Events ]
Error - 25.05.2011 14:24:17 | Computer Name = NAME-D9E682JU3S | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "iPod
Service" mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
Error - 25.05.2011 14:24:30 | Computer Name = NAME-D9E682JU3S | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst iPod-Dienst.
Error - 25.05.2011 14:24:30 | Computer Name = NAME-D9E682JU3S | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 25.05.2011 14:25:20 | Computer Name = NAME-D9E682JU3S | Source = DCOM | ID = 10010
Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 25.05.2011 15:22:16 | Computer Name = NAME-D9E682JU3S | Source = DCOM | ID = 10010
Description = Der Server "{0002DF01-0000-0000-C000-000000000046}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 26.05.2011 01:20:08 | Computer Name = NAME-D9E682JU3S | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 26.05.2011 01:20:08 | Computer Name = NAME-D9E682JU3S | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.05.2011 01:27:08 | Computer Name = NAME-D9E682JU3S | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147749155 (0x80040D23).
Error - 26.05.2011 02:18:35 | Computer Name = NAME-D9E682JU3S | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst WMI-Leistungsadapter.
Error - 26.05.2011 02:18:35 | Computer Name = NAME-D9E682JU3S | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WMI-Leistungsadapter" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
Danke schonmal  Hallo ich hab die 2 Beiträge zu einem zusammengelegt, weil sonst dieser Thread als in Arbeit angesehen wird. Außerdem bist Du hier im falschen Unterforum. Ich verschieb den Thread Gruß cad Geändert von cad (26.05.2011 um 12:08 Uhr) |
|
26.05.2011, 15:18
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-me Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
| Themen zu gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-me |
| 0x00000001, 32 bit, 4d36e972-e325-11ce-bfc1-08002be10318, alternate, any video converter, c:\windows\system32\rundll32.exe, disabletaskmgr, google earth, index, microsoft office word, momentan, officejet, oldtimer, plug-in, problem, sache, sachen, security update, shell32.dll, shortcut, sptd.sys, super, t-mobile, tan, video converter, vodafone, windows internet, wrapper |
Linear-Darstellung
