Deo0_sar.exe manuell entfernt RUNDLL Start Fehler
Hallo zusammen,
als aller Erstes möchte ich euch zu eurem wirklich tollen Service gratulieren. Bei meinen Recherchen bei der Entfernung des ein oder anderen Schädlings hat Google natürlich auch eure Seite immer wieder ausgespuckt. Bisher habe ich es aber noch immer selber geschafft der Sache Herr zu werden, aber jetzt brauche ich eure Unterstützung.
Der Bundestrojaner scheint im Moment ja wieder Hochkonjunktur zu haben und an dem scheitere ich jetzt.
Ich konnte zwar die EXE identifizien und löschen (mein Virenscanner hat den irgendwie ignoriert :( ), aber jetzt habe ich die lästige Warung beim Starten des PC, wegen RUNDLL Datei nicht gefunden...
Außerdem habe ich das Gefühl, dass der Rechner langsamer ist als vorher und er der Lüfter pustet mehr als vorher (altes Notebook) auch der Taskmanager nicht wirklich etwas anzeigt. Code:
OTL logfile created on: 07.08.2012 21:00:08 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\steffi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 390,73 Mb Available Physical Memory | 38,18% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,25 Gb Total Space | 21,06 Gb Free Space | 56,52% Space Free | Partition Type: NTFS
Drive Z: | 455,52 Gb Total Space | 35,03 Gb Free Space | 7,69% Space Free | Partition Type: NTFS
Computer Name: NC6000XP | User Name: steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.07 20:54:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\steffi\Desktop\OTL.exe
PRC - [2012.04.25 11:35:12 | 000,067,408 | R--- | M] (iS3, Inc.) -- C:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZServer.exe
PRC - [2012.03.07 01:36:42 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.03.07 01:36:32 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.01.31 21:03:26 | 000,276,480 | ---- | M] () -- C:\Programme\Serviio\bin\ServiioService.exe
PRC - [2011.06.01 14:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.09.30 12:27:24 | 002,397,512 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodag.exe
PRC - [2010.09.30 12:27:10 | 002,773,320 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Defrag\oodtray.exe
PRC - [2010.07.05 15:08:06 | 000,311,296 | ---- | M] (O&O Software GmbH) -- C:\Programme\OO Software\Shared\GatewayAgent\ooemcgats.exe
PRC - [2009.11.03 16:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe
PRC - [2009.11.03 16:45:48 | 001,372,160 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2009.11.03 16:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe
PRC - [2009.11.03 16:35:14 | 001,202,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2009.11.03 16:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.12.03 13:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Programme\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004.11.04 18:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003.11.10 14:14:10 | 000,507,965 | ---- | M] (WIDCOMM, Inc.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2003.11.10 14:13:10 | 001,146,964 | ---- | M] (WIDCOMM, Inc.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.27 15:16:53 | 000,182,152 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!\VIPRE\libMachoUniv.dll
MOD - [2012.07.27 15:16:51 | 000,210,824 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!\VIPRE\libBase64.dll
MOD - [2012.06.13 21:19:46 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012.06.13 21:15:33 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012.06.13 21:15:05 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012.06.13 21:13:00 | 014,329,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e4ecfaaf5417aceecb7fa8abddf06113\PresentationFramework.ni.dll
MOD - [2012.06.13 21:11:48 | 012,218,368 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\f33e2a4d9b385234406fa2d662f78875\PresentationCore.ni.dll
MOD - [2012.06.13 21:07:33 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012.05.10 14:12:53 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012.05.10 14:10:14 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.10 14:07:39 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.10 14:06:30 | 002,295,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\38d07a5ac34b99d94fd14f42e779f625\System.Core.ni.dll
MOD - [2012.05.10 14:05:53 | 000,539,648 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8b873631a0855fb6aa0ad25f1d9de7fe\PresentationFramework.Luna.ni.dll
MOD - [2012.05.10 14:03:24 | 003,325,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\6d8bef0d008389874e55c0308f0c18e5\WindowsBase.ni.dll
MOD - [2012.05.10 14:02:30 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.10 14:01:41 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.04.25 11:28:28 | 000,139,264 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZEngine.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.03.10 18:14:17 | 000,115,137 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Temp\08f56ff6-864d-4a92-944a-57b870198cb2\CliSecureRT.dll
MOD - [2012.03.07 01:36:42 | 000,021,392 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.02.03 01:44:00 | 000,639,912 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012.02.03 01:44:00 | 000,503,208 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012.02.03 01:44:00 | 000,007,168 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012.02.03 01:43:58 | 000,003,584 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012.01.31 21:03:26 | 000,276,480 | ---- | M] () -- C:\Programme\Serviio\bin\ServiioService.exe
MOD - [2011.10.27 20:31:44 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
MOD - [2009.11.03 16:35:46 | 000,200,704 | ---- | M] () -- C:\Programme\Intel\WiFi\bin\iWMSProv.dll
MOD - [2003.11.10 14:15:16 | 000,053,248 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.08.04 01:04:16 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.25 11:35:12 | 000,067,408 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2012.01.31 21:03:26 | 000,276,480 | ---- | M] () [Auto | Running] -- C:\Programme\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.01 14:09:02 | 000,609,904 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.09.30 12:27:24 | 002,397,512 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010.07.05 15:08:06 | 000,311,296 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Programme\OO Software\Shared\GatewayAgent\ooemcgats.exe -- (GatewayAgentService)
SRV - [2009.11.03 16:48:54 | 000,874,768 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.11.03 16:42:00 | 000,909,312 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009.11.03 16:33:48 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Programme\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.25 11:21:26 | 000,073,136 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2012.02.24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SZKG.sys -- (szkg5)
DRV - [2012.02.24 15:28:26 | 000,099,728 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2012.01.12 09:26:20 | 000,101,112 | R--- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011.12.08 06:22:26 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.12.08 06:22:26 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.12.08 06:22:26 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.06.01 14:08:56 | 000,032,880 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.03.29 18:30:12 | 000,122,752 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tinspusb.sys -- (USBTINSP)
DRV - [2009.11.11 05:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2008.08.13 17:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.06.07 22:19:52 | 001,201,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.04.19 10:03:26 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.12.06 17:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.04.14 07:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003.11.10 13:44:08 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2003.11.10 13:42:00 | 000,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2003.11.10 13:38:36 | 000,042,803 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2003.11.10 13:38:34 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2003.11.10 13:37:36 | 000,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2003.07.29 00:49:00 | 000,182,101 | ---- | M] (O2 Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2mmb.sys -- (CONAN)
DRV - [2003.07.24 14:50:00 | 000,005,689 | ---- | M] (O2 Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MbxStby.sys -- (MbxStby)
DRV - [2003.06.06 11:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2001.08.18 05:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/?a=1eyooot5q0d
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2724407
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2724407&SearchSource=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@vmware.com/vmrc,version=2.5.0.00000: C:\Programme\Gemeinsame Dateien\VMware\VMware VMRC Plug-in\Firefox\np-vmware-vmrc.dll (VMware, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINDOWS\system32\10001.066 [2012.07.13 22:59:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.07 22:00:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.02.15 21:33:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINDOWS\system32\10001.066 [2012.07.13 22:59:30 | 000,000,000 | ---D | M]
[2011.10.27 16:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Mozilla\Extensions
[2012.02.29 08:59:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\ykeceeu4.default\extensions
[2011.12.24 22:11:13 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\ykeceeu4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011.10.28 18:38:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\ykeceeu4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.27 17:00:29 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\ykeceeu4.default\extensions\DeviceDetection@logitech.com
[2012.02.27 20:31:11 | 000,002,187 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Mozilla\Firefox\Profiles\ykeceeu4.default\searchplugins\MyStart Search.xml
[2012.03.07 22:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.07.13 22:59:30 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\WINDOWS\SYSTEM32\10001.066
[2012.03.07 22:00:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.03.07 22:00:36 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.07 22:00:36 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.03.07 22:00:36 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.07 22:00:36 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.07 22:00:36 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.07 22:00:36 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: avast! WebRep = C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1426_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2001.08.18 16:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Programme\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IncrediMail MediaBar Deutsch 2 Toolbar) - {990AF1C2-5A27-4460-8149-ECC6BC122AF3} - C:\Programme\IncrediMail_MediaBar_Deutsch_2\prxtbIncr.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Programme\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [OODefragTray] C:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Programme\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.6.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12A08CFF-5222-406B-A637-AFBE34CA3572}: DhcpNameServer = 192.168.6.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71B3C7AD-2D33-45EC-91B7-C1AC42936E5E}: NameServer = 192.168.6.151,192.168.6.2
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\TPSvc: DllName - (TPSvc.dll) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.10.27 13:37:54 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.07 20:54:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\steffi\Desktop\OTL.exe
[2012.08.02 18:25:22 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2012.08.02 18:13:06 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2012.07.17 11:55:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\UAs
[2012.07.13 22:59:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10001.066
[2012.07.13 22:59:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xmldm
[2012.07.13 22:59:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\kock
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.07 21:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.07 20:58:29 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\defogger_reenable
[2012.08.07 20:57:48 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\Desktop\Defogger.exe
[2012.08.07 20:56:44 | 000,000,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2012.08.07 20:55:20 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\Desktop\nt9dykjh.exe
[2012.08.07 20:55:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.07 20:54:44 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.07 20:54:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\steffi\Desktop\OTL.exe
[2012.08.07 19:52:49 | 000,001,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012.08.07 19:46:55 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 19:46:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.07 19:46:26 | 000,137,808 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2012.08.02 18:34:12 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ras_0oed.pad
[2012.08.02 18:05:08 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.08.02 17:48:40 | 000,001,612 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.07.28 22:42:29 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\Desktop\Microsoft Office Outlook 2007.lnk
[2012.07.27 13:36:58 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2012.07.18 21:31:44 | 001,993,403 | ---- | M] () -- C:\Dokumente und Einstellungen\steffi\Desktop\MyPDF.PDF
[2012.07.17 22:10:32 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.17 22:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.13 23:19:23 | 000,000,051 | ---- | M] () -- C:\WINDOWS\System32\blckdom.res
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.07 20:58:29 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\steffi\defogger_reenable
[2012.08.07 20:57:47 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\steffi\Desktop\Defogger.exe
[2012.08.07 20:56:44 | 000,000,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpfr2.cfg
[2012.08.07 20:55:19 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\steffi\Desktop\nt9dykjh.exe
[2012.08.07 19:51:39 | 000,001,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012.08.02 17:48:40 | 000,001,612 | ---- | C] () -- C:\Dokumente und Einstellungen\steffi\Startmenü\Programme\Autostart\ctfmon.lnk
[2012.08.02 17:48:32 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ras_0oed.pad
[2012.07.18 21:31:28 | 001,993,403 | ---- | C] () -- C:\Dokumente und Einstellungen\steffi\Desktop\MyPDF.PDF
[2012.07.13 22:59:18 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\blckdom.res
[2012.05.10 17:30:04 | 000,159,720 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.03.29 10:01:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.04 15:24:51 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\winscp.rnd
[2012.02.15 20:25:54 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.14 21:16:15 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2012.01.31 02:15:44 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012.01.31 02:15:42 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012.01.31 02:15:42 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012.01.31 02:15:42 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012.01.31 02:15:42 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.11.20 20:16:58 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\steffi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.08 18:24:56 | 000,000,170 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.10.27 17:10:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011.10.27 15:29:16 | 000,002,208 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2011.10.27 13:40:39 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.10.27 13:34:22 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.10.27 13:32:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.10.27 13:31:31 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2012.05.30 20:34:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2011.11.01 11:33:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.02.27 20:36:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2012.02.27 20:33:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2011.10.27 18:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OO Software
[2012.02.27 20:36:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Photo Notifier and Animation Creator
[2012.03.10 18:08:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2012.08.07 20:57:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla!
[2012.03.07 18:37:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TI-Nspire
[2011.12.24 22:11:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Garmin
[2011.10.27 17:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\pdfforge
[2012.08.03 23:58:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\PriceGong
[2012.03.10 18:12:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Samsung
[2012.02.15 21:33:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\steffi\Anwendungsdaten\Thunderbird
========== Purity Check ==========
< End of report >
Code:
OTL Extras logfile created on: 07.08.2012 21:00:08 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Dokumente und Einstellungen\steffi\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 390,73 Mb Available Physical Memory | 38,18% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,84% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,25 Gb Total Space | 21,06 Gb Free Space | 56,52% Space Free | Partition Type: NTFS
Drive Z: | 455,52 Gb Total Space | 35,03 Gb Free Space | 7,69% Space Free | Partition Type: NTFS
Computer Name: NC6000XP | User Name: steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\IncrediMail\Bin\IncMail.exe" = C:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\Bin\ImApp.exe" = C:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\Bin\ImpCnt.exe" = C:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Programme\Serviio\bin\ServiioService.exe" = C:\Programme\Serviio\bin\ServiioService.exe:*:Enabled:Serviio -- ()
"C:\Programme\Serviio\bin\ServiioConsole.exe" = C:\Programme\Serviio\bin\ServiioConsole.exe:*:Enabled:Serviio -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04805AB6-F757-496A-8D56-37A0FC5FF6F3}" = VMware vSphere Client 5.0
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0FCEE1FB-C48F-421C-B4C1-B952F1B67617}" = Actio multimedial
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{3215EBED-1D06-42fb-A05C-A752A46FB24C}" = Canon MP530
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"{4E1D975D-9BF3-43CF-AA30-7186CEE3D9DE}" = STOPzilla
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel(R) PROSet/Wireless WiFi-Software
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B7F54262-AB66-44B3-88BF-9FC69941B643}" = Broadcom NetXtreme Ethernet Controller
"{BDFA04C9-94A4-45AA-9EEF-8BE9952D6186}" = O&O Defrag Workstation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B5
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DFAA3D2B-7087-464E-823B-738A23C29C27}" = Microsoft Visual J# 2.0 Redistributable Package - SE
"{E837279E-4C3F-411A-8E3D-0EFD97F818E3}" = Bluetooth by hp
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"IncrediMail_MediaBar_Deutsch_2 Toolbar" = IncrediMail MediaBar Deutsch 2 Toolbar
"InstallShield_{4CBD31CE-51DF-43C4-B3EC-7CCBAB0CD083}" = O2Micro MemoryCardBus Windows Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A9495514-098A-4869-A464-C455857BC464}" = Multimedia Mouse Driver
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual J# 2.0 Redistributable Package - SE" = Microsoft Visual J# 2.0 Redistributable Package - SE
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Mozilla Thunderbird 10.0.1 (x86 de)" = Mozilla Thunderbird 10.0.1 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"ProInst" = Intel PROSet Wireless
"Serviio" = Serviio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"Unlocker" = Unlocker 1.9.1
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.04.2012 14:36:48 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6607.1000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.04.2012 14:41:26 | Computer Name = NC6000XP | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 04.04.2012 03:32:31 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.2.4428, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.04.2012 03:32:34 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.2.4428, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.04.2012 03:32:35 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.2.4428, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 29.04.2012 08:03:12 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.2.4428, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 04.05.2012 07:02:50 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung AcroRd32.exe, Version 10.1.3.23, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 30.05.2012 05:51:45 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 10.0.2.4428, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 24.06.2012 14:20:25 | Computer Name = NC6000XP | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
Error - 02.07.2012 09:55:28 | Computer Name = NC6000XP | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung OUTLOOK.EXE, Version 12.0.6607.1000, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 02.08.2012 12:33:58 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 02.08.2012 12:37:02 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 02.08.2012 12:37:02 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 02.08.2012 12:37:02 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 02.08.2012 14:21:10 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 02.08.2012 14:21:10 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 02.08.2012 14:21:10 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 07.08.2012 13:47:42 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 07.08.2012 13:47:42 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 07.08.2012 13:47:42 | Computer Name = NC6000XP | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
< End of report >
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-07 22:48:49
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4026GAX rev.PA103G
Running: nt9dykjh.exe; Driver: C:\DOKUME~1\steffi\LOKALE~1\Temp\fxryqpog.sys
---- System - GMER 1.0.15 ----
SSDT szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwTerminateProcess [0xF77019C6]
Code szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) ZwSetSecurityObject [0xF7700E24]
Code szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.) NtSetSecurityObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntoskrnl.exe!NtSetSecurityObject 8059818E 5 Bytes JMP F7700E28 szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
init C:\WINDOWS\system32\drivers\o2mmb.sys entry point in "init" section [0xF69C4320]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\OO Software\Defrag\oodag.exe[204] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes JMP 00402FB0 C:\Programme\OO Software\Defrag\oodag.exe (O&O Defrag Agent (Win32)/O&O Software GmbH)
.text C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2992] ntdll.dll!DbgUiRemoteBreakin 7C9620EC 1 Byte [C3]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs szkgfs.sys (STOPzilla Kernel Guard File System, x86-32 /iS3, Inc.)
Device \Driver\usbhub \Device\0000009b hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\0000009d hcmon.sys (VMware USB monitor/VMware, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
Device \Driver\usbhub \Device\0000009f hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000a1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG14.00.00.01PROFESSIONAL C9860D06FA345961692A6F88B7E8CAD5B4A73080763F7B7A3F5824498B09F70F0FBB7BC40581EF7B8DC6D70E97F697A4750076F621589E18DE6A6E5BB186AC8054447740AD767A70F510C746FAA8EA7D37757AE73FED49A31EEA8D09AFF982001D32EAD96F487B5B7926040AFAD0F17E415778BFAB8E72DF53F3D7734250D516F18DE3FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A6A0AC4980AC7933C038D530D6EB3452C038D530D6EB34529753CBC33DDF819F1BC4DF471751AD1459AC667D7CC3470B85780919DEC8CECCD5D9B83EE52AB234D6508388E380847C88CD39A01CD88997D2DF6355616A941AC4720457795DB4B72298ADF75924324CC772677B2A5DD6F45A16E07B224F113D4810755C32E759571671844977DBF26884EF13CD09437A62FE90BE750B5ABB6CD76A877D1F3FE3E2E0F3DE9692CCFA5A435E8EBAF2013342B7896E0D5A730285017D674FA1D98E50C17AC65C529F6ED1971C64C7730FB39B0FFE17732184418764867AC9713385388FA7FCFD3281E89FAD49CFDEEDEBA219A5B39039C5FA51163409D3491ACA6BD7B45D76BE81A277B9C24CC24F14191B8AAE2D6AD7814BF679BA4EC00F79A5538F2CC55749E4B71CB9A9CDE0CB719A2DE1F0B5E3A9E26B709DD3DEBD3EC14A486407CAFD2BD
---- EOF - GMER 1.0.15 ----
Ich hoffe ich habe alle Informationen zusammen die ihr braucht, sonst bitte Nachsicht ist mein erster Post hier ;).
Vielen Dank schon einmal |
