| FritzPhantom | 06.06.2012 12:40 |
Windows XP (32-bit) extrem langsam
Guten Tag allerseits!
Ich sitze an einem ca. 5 Jahre altem Rechner .. oder nicht älter? Ich weiss es nicht genau.
Norton war über die Jahre stets mit dem aktuellen Virenscanner installiert.
Die Kiste läuft aber seit geraumer Zeit sehr langsam (und damit meine ich wirklich sehr langsam. Um nach dem Hochfahren z.B. Firefox starten zu können benötigte ich 5 Minuten). Auch wenn ich z.B. eine Datei in einem Email öffnen will, kann das einige Minuten dauern, bis ich damit was anfangen kann. Ich schicke nacher noch einige Logs nach.
defogger wurde installiert und disable-Button gedrückt.
OTL:
OTL Logfile: Code:
OTL logfile created on: 06.06.2012 13:44:33 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Dokumente und Einstellungen\HansMustermann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
479.48 Mb Total Physical Memory | 66.64 Mb Available Physical Memory | 13.90% Memory free
1.09 Gb Paging File | 0.58 Gb Available in Paging File | 52.97% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.52 Gb Total Space | 29.88 Gb Free Space | 40.10% Space Free | Partition Type: NTFS
Computer Name: HANSMUSTERMANN-4F3F7B73 | User Name: HansMustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.06 13:43:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\OTL.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ccsvchst.exe
PRC - [2012.02.21 16:50:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.04.08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.08.23 14:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2004.07.16 15:48:42 | 001,163,378 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe
PRC - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.02.21 16:50:34 | 001,911,768 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ccSvcHst.exe -- (NAV)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 04:23:03 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm)
SRV - [2008.04.14 04:22:55 | 000,114,176 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE)
SRV - [2008.04.14 04:22:38 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv)
SRV - [2008.04.14 04:22:16 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger)
SRV - [2008.04.14 04:22:07 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter)
SRV - [2008.02.01 14:09:37 | 001,251,720 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2007.08.23 14:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.08.23 14:35:32 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007.08.23 14:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2006.03.12 01:10:41 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2004.07.16 15:48:42 | 001,163,378 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\easdrv.sys -- (easdrv)
DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\eamon.sys -- (eamon)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.31 16:43:41 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012.05.31 16:43:41 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.16 16:23:45 | 001,589,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120605.040\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.05.16 16:23:45 | 000,087,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20120605.040\NAVENG.SYS -- (NAVENG)
DRV - [2012.04.28 02:18:22 | 000,356,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20120605.001\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012.04.03 01:38:08 | 000,821,880 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20120531.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012.03.29 08:28:38 | 000,388,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symtdi.sys -- (SYMTDI)
DRV - [2012.03.29 08:28:30 | 000,905,336 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symefa.sys -- (SymEFA)
DRV - [2012.03.29 08:06:25 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ironx86.sys -- (SymIRON)
DRV - [2012.03.29 08:03:27 | 000,574,072 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtsp.sys -- (SRTSP)
DRV - [2012.03.29 08:03:27 | 000,032,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\srtspx.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2012.03.27 13:06:23 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011.11.30 00:44:14 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\ccsetx86.sys -- (ccSet_NAV)
DRV - [2011.07.25 20:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\NAV\1307010.005\symds.sys -- (SymDS)
DRV - [2008.04.14 04:02:16 | 000,120,576 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia)
DRV - [2008.04.14 03:58:13 | 000,800,384 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2008.04.13 21:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat)
DRV - [2008.04.13 20:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs)
DRV - [2005.11.04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2004.08.04 14:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k)
DRV - [2004.08.04 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC)
DRV - [2004.07.16 15:57:12 | 000,007,680 | ---- | M] (Ahead Software AG) [Recognizer | System | Unknown] -- C:\WINDOWS\System32\drivers\InCDrec.sys -- (InCDrec)
DRV - [2004.07.16 15:53:54 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004.07.16 15:53:14 | 000,092,672 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004.06.21 10:53:20 | 000,626,204 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 05:08:52 | 000,400,384 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2001.08.17 13:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {53065D09-6285-4A0C-BB55-6711C27D4049}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{53065D09-6285-4A0C-BB55-6711C27D4049}: "URL" = hxxp://www.google.ch/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLL_de
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7
FF - prefs.js..extensions.enabledItems: {5c8bfb7c-9a54-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: {526fd696-27a0-11dc-8314-0800200c9a66}:3.6.7
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.6.3
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2012.03.03 18:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.21 16:50:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.10.23 17:47:44 | 000,000,000 | ---D | M]
[2009.08.02 23:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Extensions
[2008.06.27 23:45:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2009.08.02 23:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2012.05.31 16:56:42 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions
[2011.12.08 18:01:31 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2008.01.20 22:03:02 | 000,000,000 | ---D | M] (BlackAqua) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{0648699b-b886-4011-99d4-04f1de459696}
[2011.03.26 12:28:01 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.26 12:28:01 | 000,000,000 | ---D | M] ("Split Browser") -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2008.01.20 22:01:43 | 000,000,000 | ---D | M] (OSU_Black) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{4520cd5e-a360-11dc-8314-0800200c9a66}
[2008.06.17 17:49:47 | 000,000,000 | ---D | M] (Aquatint Redone) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{47e5a66c-0e35-11dc-8314-0800200c9a66}
[2008.01.20 22:01:25 | 000,000,000 | ---D | M] (BloodFire) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{4AB21F99-91C5-4a9d-813E-425841874FB1}
[2011.03.26 12:27:50 | 000,000,000 | ---D | M] (Aquatint Slate) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}
[2011.03.26 12:27:48 | 000,000,000 | ---D | M] (Aero Fox XL) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}
[2008.01.03 22:17:07 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2010.08.07 13:26:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.20 16:26:29 | 000,000,000 | ---D | M] (PitchDark) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2007.10.23 21:13:53 | 000,000,000 | ---D | M] ("FireHawke 3D") -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{d8646e86-22ba-4f3d-8751-23c723ebd7b9}
[2011.03.26 12:28:00 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\extension@virtusdesigns.com
[2011.03.26 12:27:53 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\redshift_V2@shift-themes.com
[2011.03.26 12:28:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\extension@virtusdesigns.com\chrome
[2011.03.26 12:27:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{526fd696-27a0-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2011.03.26 12:27:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2008.10.02 21:47:43 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Mozilla\Firefox\Profiles\7z31ozbp.default\searchplugins\winamp-search.xml
[2012.03.03 17:53:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.23 17:47:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2011.10.23 17:47:52 | 000,000,000 | ---D | M] (GMX Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@gmx.net
[2012.05.01 20:59:27 | 000,563,466 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HANSMUSTERMANN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\7Z31OZBP.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.02.21 16:50:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.21 16:50:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.21 16:50:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.02.21 16:50:24 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.21 16:50:24 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.21 16:50:24 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.21 16:50:24 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton AntiVirus\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QUICKfind BHO Object) - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - Reg Error: Value error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; OfficeLiveConnector.1.3; OfficeLivePatch.0.0)" -"hxxp://services.bluewin.ch/jass/applikation_de.php" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run: rare = C:\Programme\Video ActiveX Access\imsmain.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1135927280267 (WUWebControl Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2EFE857A-B7DA-4FE1-AC0F-923C95C5C010}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {25b7d2fd-4f71-46d1-801a-7de323e4ec82} - equiparant - No CLSID value found.
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HansMustermann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HansMustermann\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.30 08:28:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{285e303c-98d9-11da-8619-0040ca88bc6f}\Shell\AutoRun\command - "" = E:\ctfmon.exe
O33 - MountPoints2\{285e303c-98d9-11da-8619-0040ca88bc6f}\Shell\open\command - "" = E:\ctfmon.exe
O33 - MountPoints2\{c133f270-7cdc-11de-8fbe-0040ca88bc6f}\Shell - "" = AutoRun
O33 - MountPoints2\{c133f270-7cdc-11de-8fbe-0040ca88bc6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c133f270-7cdc-11de-8fbe-0040ca88bc6f}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.06.06 13:43:10 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\OTL.exe
[2012.05.17 15:52:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.06 13:43:17 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\OTL.exe
[2012.06.06 13:41:40 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\HansMustermann\defogger_reenable
[2012.06.06 13:36:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.06 13:34:59 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\Defogger.exe
[2012.06.06 13:33:58 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.06 11:47:45 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.06 11:47:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2012.06.06 11:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.04 22:38:43 | 000,685,857 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307010.005\Cat.DB
[2012.06.03 18:00:01 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for HansMustermann.job
[2012.06.01 13:01:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.05.24 12:50:07 | 000,001,840 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Norton AntiVirus.LNK
[2012.05.24 12:48:51 | 000,008,942 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307010.005\VT20120410.034
[2012.05.22 19:48:52 | 000,452,436 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.05.22 19:48:52 | 000,435,726 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.05.22 19:48:52 | 000,081,394 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.05.22 19:48:52 | 000,068,622 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.05.13 09:47:36 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1307010.005\isolate.ini
[2012.05.09 12:03:40 | 000,274,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.08 22:50:13 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.06 13:41:40 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\HansMustermann\defogger_reenable
[2012.06.06 13:34:52 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\HansMustermann\Desktop\Defogger.exe
[2012.02.15 13:11:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
========== LOP Check ==========
[2008.12.27 21:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2009.01.07 21:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings
[2008.02.08 21:04:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2008.07.07 14:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.02.13 15:36:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2006.01.28 01:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\DownloadManager
[2010.08.07 13:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\DVDVideoSoftIEHelpers
[2010.06.20 17:59:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Facebook
[2011.01.03 16:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\FileZilla
[2010.04.23 16:27:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Information Factory
[2010.04.07 20:54:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\MSNInstaller
[2009.01.15 19:35:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\OpenOffice.org
[2008.06.27 23:45:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\Participatory Culture Foundation
[2008.06.27 23:52:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\PCF-VLC
[2006.09.08 17:58:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\PDFCreator
[2007.05.05 15:48:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\SealedMedia
[2007.09.17 20:25:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\HansMustermann\Anwendungsdaten\uTorrent
[2012.06.06 11:47:44 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 06.06.2012 13:44:34 - Run 1
OTL by OldTimer - Version 3.2.46.1 Folder = C:\Dokumente und Einstellungen\HansMustermann\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
479.48 Mb Total Physical Memory | 66.64 Mb Available Physical Memory | 13.90% Memory free
1.09 Gb Paging File | 0.58 Gb Available in Paging File | 52.97% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.52 Gb Total Space | 29.88 Gb Free Space | 40.10% Space Free | Partition Type: NTFS
Computer Name: HANSMUSTERMANN-4F3F7B73 | User Name: HansMustermann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\p2pnetworks\p2pnetworks.exe" = C:\Programme\p2pnetworks\p2pnetworks.exe:*:Enabled:P2PNetworks
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- (LimeWire)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\UnrealTournament\System\UnrealTournament.exe" = C:\UnrealTournament\System\UnrealTournament.exe:*:Disabled:UnrealTournament
"C:\Programme\Real\RealPlayer\realplay.exe" = C:\Programme\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)
"C:\Dokumente und Einstellungen\HansMustermann\Eigene Dateien\Manuel\utorrent.exe" = C:\Dokumente und Einstellungen\HansMustermann\Eigene Dateien\Manuel\utorrent.exe:*:Enabled:µTorrent
"C:\Programme\SPSSInc\SPSS16DE\spss.com" = C:\Programme\SPSSInc\SPSS16DE\spss.com:*:Disabled:SPSS 16.0 für Windows (1031:com)
"C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe" = C:\Programme\SPSSInc\SPSS16DE\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1031)
"C:\Programme\SPSSInc\SPSS16DE\spss.exe" = C:\Programme\SPSSInc\SPSS16DE\spss.exe:*:Disabled:SPSS 16.0 für Windows (1031:exe)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood
"C:\Programme\Zattoo\Zattoo1.exe" = C:\Programme\Zattoo\Zattoo1.exe:*:Enabled:
"C:\Programme\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe" = C:\Programme\Participatory Culture Foundation\Miro\xulrunner\python\Miro_Downloader.exe:*:Enabled:Miro_Downloader
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Programme\Winamp Remote\bin\Orb.exe" = C:\Programme\Winamp Remote\bin\Orb.exe:*:Enabled:Orb
"C:\Programme\Winamp Remote\bin\OrbTray.exe" = C:\Programme\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray
"C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Programme\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client
"C:\WINDOWS\system32\drivers\svchost.exe" = C:\WINDOWS\system32\drivers\svchost.exe:*:Disabled:svchost
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{168CD9DA-9C2C-458C-8539-C4C9DA005902}" = Default
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48EE6C79-1CE2-4CE8-B511-F2140B6781D6}" = Google Earth Pro
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5624C000-B109-11D4-9DB4-00E0290FCAC5}" = VPN Client
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70000000000}" = Adobe Reader 7.0 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Foto Premium 9
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8863EFF-DD77-44BA-8843-D2A7ECDD2CE3}" = SealedMedia Unsealer 5.2.24
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner (remove only)
"Data Access Objects (DAO) 3.0" = Data Access Objects (DAO) 3.0
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Fonts CH-Line" = Fonts CH-Line
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 4.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"LehrerOffice_is1" = LehrerOffice
"Macmillan English Dictionary" = Macmillan English Dictionary
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"NAV" = Norton AntiVirus
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NSSSetup.{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan (Symantec Corporation)
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"Security Task Manager" = Security Task Manager 1.7f
"Shockwave" = Shockwave
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VideoLAN VLC media player 0.8.6
"VTDisplay" = S3 S3Display
"VTHansMustermann2" = S3 S3HansMustermann2
"VTInfo2" = S3 S3Info2
"VTOverlay" = S3 S3Overlay
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Works2004Setup" = Setup-Start von Microsoft Works 2004
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.06.2012 05:48:02 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:03 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:04 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:05 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:06 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:07 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:08 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:09 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:10 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = TrueVector Service | ID = 5003
Description = TrueVector driver: Driver install or load failure: LoadNTDeviceDriver.
Win32 error: Das System kann die angegebene Datei nicht finden.
[ System Events ]
Error - 05.06.2012 05:59:33 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Automatisches
LiveUpdate - Scheduler.
Error - 05.06.2012 05:59:33 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 05.06.2012 05:59:33 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eamon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 05.06.2012 05:59:35 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
easdrv epfwtdir
Error - 05.06.2012 05:59:42 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{6476E16F-17E5-4BFD-86E0-EAB51011A534}" kann nicht
zu dem Router-Manager für das Protokoll IP hinzugefügt werden. Fehler: Die Funktion
kann nicht abgeschlossen werden.
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Automatisches
LiveUpdate - Scheduler.
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Automatisches LiveUpdate - Scheduler" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 06.06.2012 05:48:11 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "eamon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 06.06.2012 05:48:12 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
easdrv epfwtdir
Error - 06.06.2012 05:48:19 | Computer Name = HANSMUSTERMANN-4F3F7B73 | Source = RemoteAccess | ID = 20106
Description = Die Schnittstelle "{6476E16F-17E5-4BFD-86E0-EAB51011A534}" kann nicht
zu dem Router-Manager für das Protokoll IP hinzugefügt werden. Fehler: Die Funktion
kann nicht abgeschlossen werden.
< End of report >
--- --- ---
hier noch das Gmer-Logfile.
Sorry für die Verspätung, aber der Scan dauerte mehr als eine Stunde.
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-06 15:45:39
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJC0 rev.05.01C05
Running: ro0psjms.exe; Driver: C:\DOKUME~1\***~1\LOKALE~1\Temp\ffdiykow.sys
---- System - GMER 1.0.15 ----
SSDT 84AD5D10 ZwAlertResumeThread
SSDT 84AD5DA8 ZwAlertThread
SSDT 84AFC730 ZwAllocateVirtualMemory
SSDT 84D52FD0 ZwAssignProcessToJobObject
SSDT 853785A0 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xF526FD40]
SSDT 84D17FC0 ZwCreateMutant
SSDT 84D52E10 ZwCreateSymbolicLinkObject
SSDT 84AD48A8 ZwCreateThread
SSDT 84D47EB0 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xF526FFC0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF5270680]
SSDT 84D3AE00 ZwDuplicateObject
SSDT 84D4AE28 ZwFreeVirtualMemory
SSDT 84D25DE0 ZwImpersonateAnonymousToken
SSDT 84D2BF48 ZwImpersonateThread
SSDT 85302C78 ZwLoadDriver
SSDT 84D48F28 ZwMapViewOfSection
SSDT 84D17EE0 ZwOpenEvent
SSDT 84AD4820 ZwOpenProcess
SSDT 84AFC820 ZwOpenProcessToken
SSDT 84D09B60 ZwOpenSection
SSDT 84D3AEF0 ZwOpenThread
SSDT 84D52F00 ZwProtectVirtualMemory
SSDT 84D37ED8 ZwResumeThread
SSDT 84D4BEE0 ZwSetContextThread
SSDT 84D4BF80 ZwSetInformationProcess
SSDT 84D47F90 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF5270910]
SSDT 850BF9F8 ZwSuspendProcess
SSDT 84D4FD20 ZwSuspendThread
SSDT 84D3EDF0 ZwTerminateProcess
SSDT 84D4DD00 ZwTerminateThread
SSDT 84D48E68 ZwUnmapViewOfSection
SSDT 84D4AF18 ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.15 ----
? SYMDS.SYS Das System kann die angegebene Datei nicht finden. !
? SYMEFA.SYS Das System kann die angegebene Datei nicht finden. !
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xF64EF900]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
---- EOF - GMER 1.0.15 ----
--- --- --- |
