| _JackBauer_ | 17.05.2012 20:59 |
Guten Abend,
also ich war heute Mittag am Problem-PC und wollte die verschlüsselten Daten wiederherstellen. Der PC startet sobald er hochgefahren wurde sofort neu! Ich habe keine Chance, msconfig oder ein sonstiges Programm aufzurufen. Auch der abgesicherte Modus funktioniert nicht!!
Daraufhin habe ich von der OTLPE CD gebootet und den Fix aus Post #2 nochmal gemacht. Wieder dasselbe Problem...neustart sofort nach hochfahren!
Dann habe ich OTLPE nochmals gestartet und einen erneuten komplett-Scan gemacht. Diesesmal habe ich zu der OTL.txt auch eine EXTRAS.txt erhalten.
Könnt Ihr mir weiterhelfen? Was mache ich falsch?
Viele Grüße
_JackBauer_
OTL.txt Code:
OTL logfile created on: 5/17/2012 2:35:14 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 61.00% Memory free
459.00 Mb Paging File | 330.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78.14 Gb Total Space | 38.90 Gb Free Space | 49.78% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 64.37 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive J: | 3.74 Gb Total Space | 3.07 Gb Free Space | 82.01% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/28 06:55:36 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe --
(MozillaMaintenance)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel
32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/30 10:35:52 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\WINDOWS\system32\ip6fwhlp.dll -- (Ip6FwHlp)
SRV - [2003/04/02 08:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)
SRV - [2002/08/21 16:44:40 | 000,313,016 | ---- | M] (Symantec Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccEvtMgr.exe --
(ccEvtMgr)
SRV - [2002/08/21 14:45:52 | 000,116,320 | ---- | M] (Symantec Corporation) [Auto] -- C:\Programme\Norton AntiVirus\Navapsvc.exe -- (navapsvc)
SRV - [2002/08/21 09:35:44 | 000,063,160 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\ccPwdSvc.exe --
(ccPwdSvc)
SRV - [2002/04/20 22:18:00 | 000,045,056 | ---- | M] ( ) [Auto] -- C:\WINDOWS\System32\slserv.exe -- (SLService)
SRV - [2001/08/13 17:18:36 | 000,054,408 | ---- | M] (Symantec Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\Script Blocking
\SBServ.exe -- (SBService)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe --
(MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2009/05/06 20:01:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2009/05/06 20:01:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2003/06/06 05:24:26 | 000,155,648 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TIACXLN.sys -- (TIACXLN)
DRV - [2003/05/07 10:36:24 | 000,026,679 | ---- | M] (Pinnacle Systems) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\vobid.sys -- (VOBID)
DRV - [2003/04/10 06:12:44 | 000,187,392 | ---- | M] (VOB Computersysteme GmbH) [File_System | System] -- C:\WINDOWS\System32\drivers\vobIW.sys -- (vobiw)
DRV - [2003/04/09 08:10:56 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/02/05 11:39:02 | 000,011,544 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RecAgent.sys -- (RecAgent)
DRV - [2002/12/13 12:33:52 | 000,064,000 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Cdrdrv.sys -- (cdrdrv)
DRV - [2002/12/05 05:01:00 | 000,241,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service
for NVIDIA(R) nForce(TM)
DRV - [2002/12/05 05:01:00 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for
NVIDIA(R) nForce(TM)
DRV - [2002/11/27 12:52:00 | 000,080,896 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/06 05:24:00 | 000,013,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2002/08/28 20:32:44 | 000,009,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002/08/19 05:00:00 | 000,590,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Symantec Shared
\VirusDefs\20020819.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2002/08/19 05:00:00 | 000,066,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme\Gemeinsame Dateien\Symantec Shared
\VirusDefs\20020819.002\NAVENG.SYS -- (NAVENG)
DRV - [2002/08/15 13:59:58 | 000,073,224 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\Programme\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2002/08/15 11:45:42 | 000,181,400 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2002/08/15 11:45:36 | 000,015,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2002/07/25 16:28:54 | 000,034,992 | ---- | M] (Symantec Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Savrtpel.sys -- (SAVRTPEL)
DRV - [2002/07/25 16:28:48 | 000,235,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\savrt.sys -- (SAVRT)
DRV - [2002/04/20 22:18:00 | 000,521,872 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slntamr.sys -- (Slntamr)
DRV - [2002/04/20 22:18:00 | 000,162,136 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ntmtlfax.sys -- (NtMtlFax)
DRV - [2002/04/20 22:18:00 | 000,085,520 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slnthal.sys -- (SlNtHal)
DRV - [2002/04/20 22:18:00 | 000,039,348 | ---- | M] (Vireo Software) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\slwdmsup.sys -- (SlWdmSup)
DRV - [2002/04/20 22:17:00 | 001,295,336 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlstrm.sys -- (Mtlstrm)
DRV - [2002/04/20 22:17:00 | 000,210,128 | ---- | M] ( ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mtlmnt5.sys -- (Mtlmnt5)
DRV - [2002/04/17 14:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys --
(ASAPIW2K)
DRV - [2001/10/04 05:53:16 | 000,009,728 | ---- | M] (VOB Computersysteme GmbH) [Kernel | System] -- C:\WINDOWS\System32\drivers\vobcom.sys -- (vobcom)
DRV - [2001/08/17 07:12:42 | 000,023,070 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand]
-- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2001/08/17 06:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.bild.t-online.de
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\XXXXXXX_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\XXXXXXX_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Gast_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de/
IE - HKU\Gast_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bild.t-online.de
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/04/28 06:55:37 |
000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/04/18 10:17:17 | 000,000,000 |
---D | M]
[2009/08/29 14:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\mozilla\Extensions
[2012/05/02 08:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\mozilla\Firefox\Profiles
\pdn5glpw.default\extensions
[2012/05/02 08:12:18 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\pdn5glpw.default
\searchplugins\locked-11-suche.xml.jeal
[2012/05/02 08:12:18 | 000,002,419 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\pdn5glpw.default
\searchplugins\locked-englische-ergebnisse.xml.fzlr
[2012/05/02 08:12:18 | 000,010,525 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\pdn5glpw.default
\searchplugins\locked-gmx-suche.xml.exft
[2012/05/02 08:12:18 | 000,002,457 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\pdn5glpw.default
\searchplugins\locked-lastminute.xml.yhbn
[2012/05/02 08:12:18 | 000,005,508 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Mozilla\Firefox\Profiles\pdn5glpw.default
\searchplugins\locked-webde-suche.xml.vjnq
[2012/01/07 13:46:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) --
[2012/04/28 06:55:37 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/11/10 00:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012/04/28 06:55:33 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/04/28 06:55:33 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/04/28 06:55:33 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/04/28 06:55:33 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/04/28 06:55:33 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/04/28 06:55:33 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2003/04/02 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems
Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Programme\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVShExt.dll
(Symantec Corporation)
O3 - HKU\XXXXXXX_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVShExt.dll
(Symantec Corporation)
O3 - HKU\XXXXXXX_ON_C\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVShExt.dll
(Symantec Corporation)
O3 - HKU\Gast_ON_C\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Programme\Norton AntiVirus\NAVShExt.dll
(Symantec Corporation)
O4 - HKLM..\Run: [ccApp] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Programme\Gemeinsame Dateien\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [IW ControlCenter] C:\Programme\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe (Pinnacle Systems, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [ledpointer] C:\WINDOWS\CNYHKey.exe (Chicony)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Programme\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [nForce Tray Options] C:\WINDOWS\System32\sstray.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VOBID] C:\Programme\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe (VOB Computersysteme GmbH)
O4 - HKU\.DEFAULT..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Administrator_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\XXXXXXX_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\Gast_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\LocalService_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [NvMediaCenter] C:\WINDOWS\System32\NVMCTRAY.DLL (NVIDIA Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader
\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Digital Image Monitor.lnk = C:\Programme\Digital Image\Monitor.exe ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\XXXXXXX_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKU\Gast_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\Web\related.htm ()
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error:
Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37851.0392013889 (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft
Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft
Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft
Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft
Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft
Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft
Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll
(Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL
(Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\msmsgs.inf,BLC.Install.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player 8
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} -
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: {f5de1b93-9d38-416b-b09e-aa85a8e84309} - Q818529
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - C:\WINDOWS\system32\mspmspsv.dll (Microsoft Corporation)
NetSvcs: Ip6FwHlp - C:\WINDOWS\system32\ip6fwhlp.dll (Microsoft Corporation)
========== Files/Folders - Created Within 30 Days ==========
[2012/05/15 21:10:56 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/05/03 09:21:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012/05/02 08:10:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Qihnnojnqo
[2012/04/28 06:55:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012/04/28 06:55:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2012/04/18 10:17:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
[2012/04/18 10:16:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2003/09/02 11:32:32 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\TIACXLN.sys
[2003/08/17 12:45:04 | 000,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2003/08/17 12:45:04 | 000,011,544 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\RecAgent.sys
[2003/08/17 11:40:40 | 000,521,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2003/08/17 11:40:40 | 000,162,136 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2003/08/17 11:40:40 | 000,085,520 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2003/08/17 11:40:40 | 000,045,056 | ---- | C] ( ) -- C:\WINDOWS\System32\slserv.exe
[2003/08/17 11:40:39 | 001,295,336 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2003/08/17 11:40:39 | 000,210,128 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
========== Files - Modified Within 30 Days ==========
[2012/05/17 07:25:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/17 07:25:04 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 07:17:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/02 08:19:43 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Gast\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\locked-
Desktop anzeigen.scf.lqnj
[2012/05/02 08:19:38 | 000,182,682 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\locked-~.dpwm
[2012/05/02 08:12:24 | 002,690,840 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-vcredist_x86.exe.smwp
[2012/05/02 08:12:23 | 039,401,336 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-QuickTimeInstaller.exe.hyyf
[2012/05/02 08:12:23 | 023,510,720 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-dotnetfx.exe.ougv
[2012/05/02 08:12:23 | 001,762,824 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-2008vcredist_x86.exe.tlpe
[2012/05/02 08:12:23 | 000,002,613 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Desktop\locked-flagge_deutschland.gif.nugv
[2012/05/02 08:12:13 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\locked-
Desktop anzeigen.scf.vdxf
[2012/05/02 08:10:59 | 000,000,079 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch
\locked-Desktop anzeigen.scf.poqn
[2012/05/02 08:10:57 | 000,475,858 | ---- | M] () -- C:\locked-AnalysisLog.sr0.xrvg
[2012/04/30 11:29:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/04/30 11:29:30 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/04/30 11:28:00 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/04/30 11:26:42 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/04/28 08:04:53 | 000,000,612 | ---- | M] () -- C:\WINDOWS\lexstat.ini
[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[2012/04/18 10:17:17 | 000,001,810 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 7.0.lnk
[2012/04/18 10:17:17 | 000,001,741 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
[2012/04/18 10:17:17 | 000,001,724 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 7.0.lnk
[2012/04/18 10:17:17 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
========== Files Created - No Company Name ==========
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/02 08:10:50 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/04/18 10:17:17 | 000,001,810 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 7.0.lnk
[2012/04/18 10:17:17 | 000,001,741 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader - Schnellstart.lnk
[2012/04/18 10:17:17 | 000,001,724 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 7.0.lnk
[2009/11/21 04:57:14 | 000,003,006 | ---- | C] () -- C:\WINDOWS\Wickie.ini
[2009/08/29 14:18:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/06 20:01:00 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2006/03/08 11:47:55 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/01/15 13:05:53 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2005/12/24 09:08:21 | 000,129,024 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/10/20 16:16:58 | 000,182,682 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXXXXX\locked-~.dpwm
[2003/11/30 12:25:10 | 000,123,904 | ---- | C] () -- C:\Dokumente und Einstellungen\XXXXXXX\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-
E0D61DEA3FDF.ini
[2003/10/03 10:54:59 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2003/10/03 10:40:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2003/10/03 10:12:42 | 000,000,612 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2003/09/02 11:32:32 | 000,033,708 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLANGEN.bin
[2003/09/02 11:32:31 | 000,000,964 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO11.bin
[2003/09/02 11:32:31 | 000,000,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\RADIO0D.bin
[2003/08/20 05:46:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2003/08/20 05:46:47 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2003/08/20 05:46:47 | 000,005,120 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2003/08/20 05:46:47 | 000,000,452 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2003/08/20 05:46:47 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2003/08/19 09:07:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/08/18 07:54:48 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\{CD869570-C91D-400D-AD3D-AFFB3B4F0F11}.dat
[2003/08/18 07:54:48 | 000,000,032 | -HS- | C] () -- C:\WINDOWS\System32\{20C4489A-967D-4860-BA9E-AF606B6DCD1B}.dat
[2003/08/18 07:54:47 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\SR2.dat
[2003/08/18 07:24:38 | 000,000,898 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/08/18 06:46:30 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/08/18 06:30:32 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2003/08/18 06:29:26 | 000,000,200 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/08/17 12:45:04 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2003/08/17 12:45:04 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\slmh.exe
[2003/08/17 12:45:04 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\minirec.exe
[2003/08/17 12:45:04 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2003/08/17 12:45:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\SmCfg.exe
[2003/08/17 12:44:17 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/08/17 12:43:44 | 000,235,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/08/17 11:49:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/08/17 11:46:48 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/08/17 11:40:40 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2003/08/17 11:40:40 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2003/08/17 11:40:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\slrundll.exe
[2003/08/17 11:40:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\coinst.dll
[2003/08/17 11:40:38 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2003/08/17 11:40:38 | 000,000,122 | ---- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2003/08/17 11:40:25 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2003/08/17 11:40:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\OemLink.exe
[2003/08/17 11:40:24 | 000,001,288 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/08/17 11:40:16 | 000,405,118 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/08/17 11:40:16 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/08/17 11:40:16 | 000,070,580 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/08/17 11:40:16 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/08/17 11:40:04 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/08/17 11:40:04 | 000,004,573 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/08/17 11:40:02 | 000,392,296 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/08/17 11:40:02 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/08/17 11:40:02 | 000,058,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/08/17 11:40:02 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/08/17 11:40:01 | 000,004,549 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/08/17 11:40:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/08/17 11:39:58 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/17 11:39:56 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/08/17 11:39:56 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/08/17 11:39:52 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/08/17 11:39:43 | 000,001,740 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2003/05/05 03:55:36 | 000,393,728 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2003/03/28 09:26:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/03/28 09:17:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 07:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/02/27 11:28:16 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2002/02/27 11:28:16 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2002/02/27 11:28:14 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2002/02/27 11:28:14 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2002/02/27 11:28:14 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
========== LOP Check ==========
[2011/06/07 13:31:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Amazon
[2009/08/23 08:24:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Leadertech
[2012/05/02 08:10:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\XXXXXXX\Anwendungsdaten\Qihnnojnqo
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2005/12/24 09:08:21 | 000,000,000 | ---D | M] -- C:\audio
[2012/04/19 01:06:24 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2008/03/25 03:53:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2003/08/20 05:46:34 | 000,000,000 | ---D | M] -- C:\OEMDRV
[2003/08/18 06:28:59 | 000,000,000 | ---D | M] -- C:\pdwork
[2003/08/18 07:34:27 | 000,000,000 | ---D | M] -- C:\Phenomedia AG
[2012/04/28 06:55:40 | 000,000,000 | R--D | M] -- C:\Programme
[2008/03/23 09:15:24 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/05/14 18:59:24 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012/05/02 08:20:53 | 000,000,000 | ---D | M] -- C:\T-online
[2009/03/17 09:52:28 | 000,000,000 | ---D | M] -- C:\Terzio
[2009/11/21 05:36:37 | 000,000,000 | ---D | M] -- C:\Tivola
[2012/05/17 07:25:05 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/08/04 02:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/04/02 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2003/04/02 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2003/04/02 08:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 01:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2004/08/04 03:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\eventlog.dll
[2003/04/02 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2003/04/02 08:00:00 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2003/05/29 05:48:20 | 000,999,424 | ---- | M] (Microsoft Corporation) MD5=0589140C62D1A5D1ADC13C79266122DA -- C:\WINDOWS\Driver Cache\i386\explorer.exe
[2003/05/29 05:48:20 | 000,999,424 | ---- | M] (Microsoft Corporation) MD5=0589140C62D1A5D1ADC13C79266122DA -- C:\WINDOWS\explorer.exe
[2003/05/29 05:48:20 | 000,999,424 | ---- | M] (Microsoft Corporation) MD5=0589140C62D1A5D1ADC13C79266122DA -- C:\WINDOWS\system32\dllcache\explorer.exe
[2003/04/02 08:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe
[2004/08/04 03:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\explorer.exe
< MD5 for: NETLOGON.DLL >
[2003/04/02 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2003/04/02 08:00:00 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 03:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 03:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\scecli.dll
[2003/04/02 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2003/04/02 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\SoftwareDistribution\Download
\06d1a7cd3761c3322e423f74548dcfe2\sp2gdr\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\SoftwareDistribution\Download
\06d1a7cd3761c3322e423f74548dcfe2\sp2qfe\user32.dll
[2004/08/04 03:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\user32.dll
[2002/11/22 06:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\system32\dllcache\user32.dll
[2002/11/22 06:28:16 | 000,530,432 | ---- | M] (Microsoft Corporation) MD5=DB15B2FE24ECCE331EA3A954F6F90448 -- C:\WINDOWS\system32\user32.dll
[2005/03/02 14:21:03 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=DEF116925E1EA04691EC6362F197451E -- C:\WINDOWS\SoftwareDistribution\Download
\06d1a7cd3761c3322e423f74548dcfe2\sp1qfe\user32.dll
[2005/03/02 14:21:03 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=DEF116925E1EA04691EC6362F197451E -- C:\WINDOWS\SoftwareDistribution\Download
\bf0d1dc87f812d268fa6140147738eb9\sp1qfe\user32.dll
[2003/04/02 08:00:00 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtUninstallQ328310$\user32.dll
< MD5 for: USERINIT.EXE >
[2003/04/02 08:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2003/04/02 08:00:00 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 03:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 03:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\SoftwareDistribution\Download
\84e71ea11258afcace4e790f6b073745\winlogon.exe
[2003/04/02 08:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2003/04/02 08:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2003/04/02 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2003/08/17 13:43:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2003/08/17 13:43:07 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2003/08/17 13:43:06 | 000,421,888 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2003/04/02 08:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cdfview.dll
[2003/04/02 08:00:00 | 000,255,488 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2003/04/02 08:00:00 | 000,088,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mydocs.dll
[2003/05/23 07:19:30 | 001,338,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SHDOCVW.DLL
[2003/06/11 07:44:48 | 008,281,600 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
EXTRAS.txt Code:
OTL Extras logfile created on: 5/17/2012 2:35:14 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 61.00% Memory free
459.00 Mb Paging File | 330.00 Mb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78.14 Gb Total Space | 38.90 Gb Free Space | 49.78% Space Free | Partition Type: NTFS
Drive D: | 64.44 Gb Total Space | 64.37 Gb Free Space | 99.90% Space Free | Partition Type: NTFS
Drive J: | 3.74 Gb Total Space | 3.07 Gb Free Space | 82.01% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03440014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Enzyklopädie 2003
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{14bc968c-09dc-46db-a7f2-1ccb96ee77b9}.sdb" = thomas
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 30
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7CDBE27D-87EC-434E-AFE4-D0116AE876BB}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{7D302AF7-5E7A-4580-A73E-52E5BED67F20}" = Digital Image
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8A7ACEF-A7AF-4129-9BC1-4F33A4C31EEC}" = Pinnacle InstantCD/DVD Suite
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector Pro
"{D0D3C193-7052-4DE4-8BF4-3954D2021FF2}" = Moorhuhn X - XXL
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{EDCD4CE3-DE92-49A9-87F9-FE09B2FBA16C}" = Norton AntiVirus 2003
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0
"{F7F2DC0A-C22E-49AD-AD37-797309A54E7B}" = Microsoft AutoRoute 2002
"{F8BBD99F-B51F-4B6C-80A8-B1B2993B59C4}" = ArcSoft PhotoImpression
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = USB Wireless Keyboard Driver Ver1.1
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Heidi - Deine Welt sind die Berge" = Heidi - Deine Welt sind die Berge
"ieupdate" = Internet Explorer Q818529
"Lexmark X1100 Series" = Lexmark X1100 Series
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"MediaShow" = Medi@Show
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3 Codec" = Mpeg Layer3 Codec FHG-Radium v1.263
"Nero" = Nero
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIAnForce" = NVIDIA nForce Treiber für Windows 2000/XP
"oeupdate" = Outlook Express Update Q330994
"Q322011" = Windows XP-Hotfix (SP2) Q322011
"Q327979" = Windows XP-Hotfix (SP2) Q327979
"Q328310" = Windows XP-Hotfix (SP2) Q328310
"Q329048" = Windows XP-Hotfixpaket [Weitere Informationen unter Q329048]
"Q329115" = Windows XP-Hotfixpaket [Weitere Informationen unter Q329115]
"Q329170" = Windows XP-Hotfix (SP2) Q329170
"Q329390" = Windows XP-Hotfixpaket [Weitere Informationen unter Q329390]
"Q329441" = Windows XP-Hotfix (SP2) Q329441
"Q329834" = Windows XP-Hotfixpaket [Weitere Informationen unter Q329834]
"Q331953" = Windows XP-Hotfix (SP2) Q331953
"Q810565" = Windows XP-Hotfix (SP2) Q810565
"Q810577" = Windows XP-Hotfix (SP2) Q810577
"Q810833" = Windows XP-Hotfix (SP2) Q810833
"Q811493" = Windows XP-Hotfix (SP2) Q811493
"Q814033" = Windows XP-Hotfix (SP2) Q814033
"Q814995" = Windows XP-Hotfix (SP2) Q814995
"Q815021" = Windows XP-Hotfix (SP2) Q815021
"Q817606" = Windows XP-Hotfix (SP2) Q817606
"Q819696" = Windows XP-Hotfix (SP2) Q819696
"QuicktimeAlt_is1" = QuickTime Alternative 1.67
"Shockwave" = Shockwave
"SLAMRNTV" = Software PCI modem card
"SSUtils" = NVIDIA nForce Utilities
"Super RTL - Clubs" = Super RTL - Clubs 2.1
"The Great Festival Adventure" = Thomas und seine Freunde erleben spannende Abenteuer
"Thomas & Friends - Trouble on the Tracks" = Thomas & Seine Freunde 2 (tm)- Im Noteinsatz
"VLC media player" = VLC media player 1.1.11
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"WinRAR archiver" = WinRAR Archivierer
"Works2003Setup" = Microsoft Works 2003-Setup-Start
< End of report >
UPDATE:
Heute habe ich die Festplatte des Problem-PCs per externes USB Gehäuse an nen anderen PC gehängt, um mit Malwarebytes nach Malware zu suchen.
Die Festplatte wird an dem anderen PC als "fast leer" angezeigt. Es sind nur ein paar "locked-" Files zu sehen, aber keine Ordner (Windows, Programme, etc.)!
Es sind ca. 10 MB belegt !? :wtf:
Kann sich jemand vorstellen, warum das so ist? Bitte helft mir! :eek:
Viele Grüße |
