XP: Windows Update und Firewall sind deaktiviert nach Trojanerbeseitigung
Hi. Habe gestern ein Notebook (Toshiba mit WinXP SP3) bekommen, dass mit einem Virus/Trojaner (Name+Typ unbekannt) befallen war. Die Eigentümerin hat versucht das Problem mit einer Kaspersky RescueDisk zu lösen, aber zuerst keinen Erfolg gehabt. Später wurde dann von einem "Bekannten" die Festplatte ausgebaut und an einem anderen PC angeschlossen, gescannt und "bereinigt".
Seit dem lässt sich Windows wieder normal starten, die Programme laufen und der PC scheint sich normal zu verhalten, allerdings bekam ich dann das Gerät noch einmal zur "Überprüfung".
Ich wollte zuerst die Windows Updates machen: Code:
[Fehlernummer: 0x80070424]
Die gewünschte Seite kann nicht angezeigt werden, da auf der Website ein Problem aufgetreten ist. Mit den folgenden Optionen kann das Problem möglicherweise behoben werden.
und auch die Windows-Firewall lässt sich nicht aufrufen: Code:
Aufgrund eines unbekannten Problems können die Einstellungen des Windows-Firewalls nicht angezeigt werden.
Ich begann also wie im Forum empfohlen mit Malwarebytes' Anti-Malware; ESET OnlineScan und OTL - hier die Logs:
MBAM: Code:
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org
Datenbank Version: v2012.10.03.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Steffi :: STEFFIXP [Administrator]
03.10.2012 08:14:41
mbam-log-2012-10-03 (08-14-41).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 409501
Laufzeit: 1 Stunde(n), 26 Minute(n), 24 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 1
HKCR\CLSID\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32| (Trojan.Zaccess) -> Bösartig: (\\.\globalroot\systemroot\Installer\{877475ef-2c54-b7c3-8710-d69271777200}\n.) Gut: (wbemess.dll) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 7
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\n (Rootkit.0Access) -> Löschen bei Neustart.
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\U\80000000.@ (Trojan.Small) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Temp\2A.tmp (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\S6MT72BC\23[1].exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\UYJJ5B89\test[1].exe (Trojan.Ransom) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\MediaMonkey\Plugins\hdata.bin (Trojan.Pirminay) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
ESET: Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1487d6ba81f70e4a9b6da07420a12a74
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-03 09:56:33
# local_time=2012-10-03 11:56:33 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777195 100 0 179793236 179793236 0 0
# compatibility_mode=8192 67108863 100 0 313 313 0 0
# scanned=184504
# found=16
# cleaned=0
# scan_time=7077
C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\56\5680dcf8-4bc2e555 Java/Exploit.CVE-2012-4681.J trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\LE3P7Y1Q\e189cea4449a06a03531009b4ee02b17[1].htm HTML/Iframe.B.Gen virus (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\17\299e4e91-3fb2ed77 Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\12182554-4c3373c7 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\20\88aca54-7ce8b453 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\43\330fa4eb-25492c8b Java/TrojanDownloader.OpenStream.NAB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\49\55bc2f31-290dfb9d probably a variant of Java/Exploit.CVE-2012-0507.CD trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\file\animan.class-142469c0-2504c058.class Java/TrojanDownloader.OpenStream.NAC trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-35260e86-39fa62f1.zip Java/TrojanDownloader.OpenStream.NAB trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Temp\wGTC2s6.exe Win32/Agent.UAW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Temporary Internet Files\Content.IE5\Q06WJSMQ\test[1].exe Win32/PSW.Agent.NTM trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{F5F8D2E0-EAD8-4916-9645-B4C4852924C3}\RP484\A0093882.exe Win32/Agent.UAW trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{F5F8D2E0-EAD8-4916-9645-B4C4852924C3}\RP484\A0094882.exe Win32/Agent.UAW trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{F5F8D2E0-EAD8-4916-9645-B4C4852924C3}\RP484\A0095882.exe Win32/Agent.UAW trojan (unable to clean) 00000000000000000000000000000000 I
C:\System Volume Information\_restore{F5F8D2E0-EAD8-4916-9645-B4C4852924C3}\RP484\A0095894.exe Win32/Agent.UAW trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\Temp\jar_cache2723708868022477973.tmp a variant of Java/TrojanDownloader.OpenStream.NCK trojan (unable to clean) 00000000000000000000000000000000 I
OTL: Code:
OTL logfile created on: 03.10.2012 13:26:01 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Dokumente und Einstellungen\Steffi\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,21% Memory free
4,33 Gb Paging File | 3,98 Gb Available in Paging File | 91,95% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 12,19 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Computer Name: STEFFIXP | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.03 13:21:36 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Steffi\Desktop\OTL.exe
PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.15 19:28:57 | 000,108,160 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\ashDisp.exe
PRC - [2007.01.15 19:28:51 | 000,132,736 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\ashServ.exe
PRC - [2006.09.25 18:32:08 | 000,059,008 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2006.06.29 10:30:34 | 000,184,320 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Controls\TFncKy.exe
PRC - [2006.05.22 05:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2006.04.27 16:45:14 | 000,094,208 | ---- | M] (Pinnacle Systems) -- C:\Programme\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
PRC - [2006.03.03 00:50:52 | 000,151,552 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\Toshiba.exe
PRC - [2006.02.02 13:11:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\Tvs\TvsTray.exe
PRC - [2006.01.05 14:02:24 | 000,352,256 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe
PRC - [2005.12.20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe
PRC - [2005.12.05 12:37:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2005.11.28 11:37:52 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2005.08.11 17:30:30 | 000,081,920 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2005.08.03 16:15:50 | 000,040,960 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2005.05.13 11:01:30 | 000,118,784 | ---- | M] (TOSHIBA Corporation) -- C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe
PRC - [2005.04.12 10:05:26 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Programme\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
PRC - [2001.10.19 12:14:22 | 000,049,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\Fast.exe
PRC - [2001.10.19 12:14:22 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
========== Modules (No Company Name) ==========
MOD - [2011.11.02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.09.20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.01.15 19:28:57 | 000,108,160 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\ashDisp.exe
MOD - [2007.01.15 19:28:51 | 000,132,736 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\ashServ.exe
MOD - [2006.09.25 18:32:08 | 000,059,008 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe
MOD - [2006.05.01 22:04:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006.01.04 18:14:36 | 000,049,152 | ---- | M] () -- C:\Programme\Toshiba\TOSHIBA Applet\TouchPad_ONOFF.dll
MOD - [2005.11.28 11:59:16 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2005.11.28 11:59:16 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2005.11.28 11:59:16 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005.11.23 14:55:38 | 000,118,784 | ---- | M] () -- C:\WINDOWS\system32\TCtrlIO.dll
MOD - [2005.11.03 11:37:58 | 000,970,862 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\acAuth.dll
MOD - [2005.07.01 16:29:48 | 000,075,776 | ---- | M] () -- C:\Programme\Alwil Software\Avast4\unacev2.dll
MOD - [2004.07.20 17:04:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2001.10.19 12:14:22 | 000,045,632 | ---- | M] () -- C:\WINDOWS\system32\TaskSwitch.exe
========== Services (SafeList) ==========
SRV - [2012.10.03 07:49:14 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.12.03 12:10:29 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007.01.15 19:28:51 | 000,132,736 | ---- | M] () [Auto | Running] -- C:\Programme\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2007.01.15 19:28:32 | 000,255,616 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2007.01.15 19:27:51 | 000,370,304 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Programme\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2006.09.25 18:32:08 | 000,059,008 | ---- | M] () [Auto | Running] -- C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2005.12.20 11:22:14 | 000,035,328 | ---- | M] (TOSHIBA Corp.) [Auto | Running] -- C:\Programme\Toshiba\TOSHIBA Applet\TAPPSRV.exe -- (TAPPSRV)
SRV - [2005.01.18 01:38:38 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Programme\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2001.10.19 12:14:22 | 000,049,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\Fast.exe -- (InteractiveLogon)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.13 20:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007.01.15 19:26:08 | 000,023,352 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007.01.15 19:25:24 | 000,043,176 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2006.12.21 01:56:00 | 000,094,424 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2006.12.21 01:51:58 | 000,031,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2006.05.30 16:42:52 | 000,045,696 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tvs.sys -- (Tvs)
DRV - [2006.05.22 05:20:00 | 000,094,460 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006.05.22 05:20:00 | 000,088,444 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006.05.22 05:20:00 | 000,086,844 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006.05.22 05:20:00 | 000,025,724 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006.05.22 05:20:00 | 000,014,716 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006.05.22 05:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006.05.22 05:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2006.03.22 08:56:24 | 001,522,688 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.12.10 01:48:40 | 004,123,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService)
DRV - [2005.12.05 10:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51)
DRV - [2005.11.30 19:12:00 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005.11.28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005.11.28 10:45:16 | 000,007,040 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\x10hid.sys -- (X10Hid)
DRV - [2005.11.22 19:04:46 | 000,209,408 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emBDA.sys -- (USB28xxBGA)
DRV - [2005.11.22 19:04:34 | 000,017,792 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emOEM.sys -- (USB28xxOEM)
DRV - [2005.11.15 18:00:22 | 001,122,656 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.10.20 14:03:42 | 000,006,144 | ---- | M] (Toshiba Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NBSMI.sys -- (TVALD)
DRV - [2005.09.09 14:47:10 | 000,009,344 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2005.08.30 01:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005.08.30 01:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005.08.30 01:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus)
DRV - [2005.08.25 12:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 12:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.05.26 19:48:50 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2004.08.10 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004.08.10 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003.09.19 01:47:00 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (Pfc)
DRV - [2003.01.29 23:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://g.msn.de/0SEDEDE/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE351
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
========== Chrome ==========
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = hxxp://www.bing.com/search?setmkt=de-DE&q={searchTerms}
CHR - default_search_provider: suggest_url = hxxp://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2004.08.10 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Programme\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll File not found
O2 - BHO: (MSN Suche Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\..\Toolbar\ShellBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\..\Toolbar\WebBrowser: (MSN Suche Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast!] C:\Programme\Alwil Software\Avast4\ashDisp.exe ()
O4 - HKLM..\Run: [BackgroundSwitcher] C:\WINDOWS\system32\bgswitch.exe ()
O4 - HKLM..\Run: [CoolSwitch] C:\WINDOWS\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [FastUser] C:\WINDOWS\system32\Fast.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PMCRemote] C:\Programme\Pinnacle\Shared Files\Programs\Remote\remoterm.exe (Pinnacle Systems)
O4 - HKLM..\Run: [SmoothView] C:\Programme\Toshiba\TOSHIBA Zoom-Dienstprogramm\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TFncKy] TFncKy.exe File not found
O4 - HKLM..\Run: [THotkey] C:\Programme\Toshiba\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Tvs] C:\Programme\Toshiba\Tvs\TvsTray.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005..\Run: [ebcecaafsacfsfdsf] "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ebcecaafsacfsfdsf.exe" File not found
O4 - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005..\Run: [toscdspd] TOSCDSPD.EXE File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2161460215-1838618490-1716237765-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MSN Suche - C:\Programme\MSN Toolbar Suite\msntb.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1349213108796 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1349213232640 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Unable to open value key)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FB3A578-73B9-4B25-B1D5-A4F8671CAF0E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.06.28 16:14:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\mobileV.acm ()
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivXNetworks)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.10.03 13:21:30 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Steffi\Desktop\OTL.exe
[2012.10.03 09:53:23 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.10.03 08:12:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Malwarebytes
[2012.10.03 08:12:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.03 08:12:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.03 08:12:34 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.03 08:12:34 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.03 00:09:51 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spiele
[2012.10.02 23:50:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012.10.02 23:48:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.10.02 23:47:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft CAPICOM 2.1.0.2
[2012.10.02 23:32:20 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Steffi\Recent
[2012.10.02 23:24:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Office Genuine Advantage
[2012.10.02 23:16:31 | 000,000,000 | ---D | C] -- C:\AULOGS
[2012.10.02 21:19:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.02 21:19:23 | 000,000,000 | -H-D | C] -- C:\$AVG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.03 13:21:36 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Steffi\Desktop\OTL.exe
[2012.10.03 13:14:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.03 12:52:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.03 09:45:30 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.03 09:45:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.03 00:09:58 | 000,004,566 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.03 00:09:56 | 000,398,868 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.10.03 00:09:56 | 000,386,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.10.03 00:09:56 | 000,067,044 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.10.03 00:09:56 | 000,055,662 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.10.03 00:04:40 | 000,213,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.02 23:56:16 | 000,001,783 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2012.10.02 23:35:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.02 23:16:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2012.10.02 23:16:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2012.10.02 23:11:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{063C750E-35CE-4924-8F40-F252B49C2471}.job
[2012.10.02 22:53:57 | 000,000,349 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\PCLECHAL.INI
[2012.09.19 20:44:11 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012.09.18 20:45:08 | 000,063,328 | ---- | M] () -- C:\Dokumente und Einstellungen\Steffi\Desktop\myairberlin.com-pticket-TicketForm.mdi
[2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.03 07:49:15 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.18 20:45:07 | 000,063,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffi\Desktop\myairberlin.com-pticket-TicketForm.mdi
[2012.02.15 20:09:01 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.02.17 19:15:19 | 000,016,373 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffi\ESt2010_XXXXXXXXXXXXX.elfo
[2007.10.26 00:35:15 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2006.12.17 18:21:34 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.10.28 15:49:41 | 000,099,328 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.20 17:55:32 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2010.12.09 17:15:07 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{877475ef-2c54-b7c3-8710-d69271777200}\@
[2010.12.09 17:15:07 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{877475ef-2c54-b7c3-8710-d69271777200}\L
[2012.10.02 22:53:43 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{877475ef-2c54-b7c3-8710-d69271777200}\U
[2012.10.02 20:58:52 | 000,000,928 | ---- | M] () -- C:\WINDOWS\Installer\{877475ef-2c54-b7c3-8710-d69271777200}\U\00000001.@
[2012.10.02 21:03:39 | 000,002,048 | -HS- | M] () -- C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\@
[2010.12.09 17:15:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\L
[2012.10.03 09:42:04 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\U
[2012.10.02 22:54:57 | 000,000,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\U\00000001.@
[2006.06.28 16:10:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"ThreadingModel" = Both
"" = C:\Dokumente und Einstellungen\Steffi\Lokale Einstellungen\Anwendungsdaten\{877475ef-2c54-b7c3-8710-d69271777200}\n.
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\toshiba
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2012.02.12 15:46:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2008.11.15 18:35:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2011.01.01 11:36:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2011.01.01 11:39:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2006.10.21 13:46:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2007.01.22 12:03:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.01.29 18:31:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\toshiba
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Windows Desktop Search
[2006.08.24 19:03:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2011.08.31 10:14:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Amazon
[2008.12.03 12:23:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\com.adobe.ExMan
[2012.02.12 15:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\elsterformular
[2006.11.02 21:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\InterVideo
[2012.03.05 20:29:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Nokia
[2012.03.05 20:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\PC Suite
[2007.10.26 00:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Samsung
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\toshiba
[2007.01.22 12:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\TuneUp Software
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Windows Desktop Search
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2008.12.03 13:57:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Adobe
[2006.12.29 18:24:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\AdobeUM
[2011.08.31 10:14:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Amazon
[2012.01.29 18:52:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Apple Computer
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\ATI
[2008.12.03 12:23:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\com.adobe.ExMan
[2006.12.01 12:12:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Corel
[2008.12.03 11:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Download Manager
[2009.02.04 17:12:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\dvdcss
[2012.02.12 15:47:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\elsterformular
[2009.10.31 09:55:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Google
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Identities
[2006.10.20 17:56:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Intel
[2006.11.02 21:50:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\InterVideo
[2006.12.17 18:06:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Macromedia
[2012.10.03 08:12:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Malwarebytes
[2012.01.29 17:25:32 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Microsoft
[2007.01.22 12:18:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Mozilla
[2012.03.05 20:29:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Nokia
[2012.03.05 20:28:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\PC Suite
[2007.10.26 00:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Samsung
[2008.12.05 17:57:08 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\SecuROM
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sonic
[2007.01.06 19:15:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Sun
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\toshiba
[2007.01.22 12:04:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\TuneUp Software
[2011.02.06 20:14:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\vlc
[2006.08.24 18:59:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Windows Desktop Search
[2008.02.18 22:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
[2007.09.28 18:02:57 | 001,214,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2006.12.01 12:04:22 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\ARPPRODUCTICON.exe
[2006.12.01 12:04:22 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\Steffi\Anwendungsdaten\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.08.12 08:22:02 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.08.12 08:22:02 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.10 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.08.12 08:22:02 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.08.12 08:22:02 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.10 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.10 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.10 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.10 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.10 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.10 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.10 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.10 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.06.28 18:03:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.06.28 18:03:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.06.28 18:03:30 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
OTL Extras: Code:
OTL Extras logfile created on: 03.10.2012 13:26:01 - Run 1
OTL by OldTimer - Version 3.2.70.1 Folder = C:\Dokumente und Einstellungen\Steffi\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,43 Gb Available Physical Memory | 81,21% Memory free
4,33 Gb Paging File | 3,98 Gb Available in Paging File | 91,95% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111,79 Gb Total Space | 12,19 Gb Free Space | 10,90% Space Free | Partition Type: NTFS
Computer Name: STEFFIXP | User Name: Steffi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-2161460215-1838618490-1716237765-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Unable to open value key File not found
.url [@ = InternetShortcut] -- Reg Error: Unable to open value key File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Unable to open value key
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Unable to open value key
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{089DD780-DB3F-4CDB-A0C2-111360247298}" = PC Connectivity Solution
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EB6332B-AF02-457C-A31C-835458C5B48B}" = TOSHIBA Benutzerhandbücher
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}" = TOSHIBA SD-Speicherkarten-Formatierung
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{63218538-4A69-497F-8455-904261B0E9E4}" = CorelDRAW Graphics Suite X3
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zoom-Dienstprogramm
"{64DD71BC-3109-4C88-9AD3-D5422644B722}" = TOSHIBA Hotkey Utility
"{69BE47C2-36FE-4397-8199-85D8EAE69982}" = TOSHIBA TouchPad ON/Off Utility
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C31E111-96BB-4ADC-9C81-E6D3EEDDD8D3}" = Powertoys For Windows XP
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78C68CB9-3DF5-44F3-AB9D-FA305C5EB85C}" = TOSHIBA Utilities
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83227C6D-EE12-44F2-9C50-BCB454F18C2C}" = Adobe Update Manager CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8B12BA86-ADAC-4BA6-B441-FFC591087252}" = TOSHIBA Virtual Sound
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9F1868CA-BF34-45A7-A2C6-AF9EB7A8007E}" = MSN Suche Toolbar
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A307716E-7714-4A3F-AAF7-9BF23988BD66}" = NetDoppelkopf
"{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}" = TOSHIBA Controls
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AFA9D219-A7FD-4240-8793-E5C7C9D715F4}" = IKEA Home Planner
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{C45F4811-31D5-4786-801D-F79CD06EDD85}" = SD-Sicherheitsmodul
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C717DB21-853A-4F7A-BAAE-4D1766AD600F}" = Adobe Setup
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C9FB6FFC-B3D2-4AA0-AC05-73DB7796B638}" = DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{E3A54A70-1CFA-4D79-ACD6-5AA2A98C212F}" = Samsung PC Studio 3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle MediaCenter
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows-Treiberpaket - Nokia Modem (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe_4c96cd7621076512aaef5e76536b4ef" = Adobe Contribute CS4
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"avast!" = avast! Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows-Treiberpaket - Nokia Modem (06/09/2010 7.01.0.7)
"ElsterFormular 13.0.0.8086p" = ElsterFormular
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"ESET Online Scanner" = ESET Online Scanner v3
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"PC-Diagnose-Tool" = TOSHIBA PC-Diagnose-Tool
"Power Saver" = TOSHIBA Power Saver
"ProInst" = Intel(R) PROSet/Wireless Software
"Project X_is1" = Project X
"PROSet" = Intel(R) PRO Network Connections Drivers
"Rossmann Fotowelt Software" = Rossmann Fotowelt Software 4.9
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"VLC media player" = VLC media player 2.0.2
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)
"xp-AntiSpy" = xp-AntiSpy 3.96-4
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.09.2012 14:01:50 | Computer Name = STEFFIXP | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 24.09.2012 14:01:50 | Computer Name = STEFFIXP | Source = Bonjour Service | ID = 100
Description = 360: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 26.09.2012 13:13:52 | Computer Name = STEFFIXP | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 26.09.2012 13:13:52 | Computer Name = STEFFIXP | Source = Bonjour Service | ID = 100
Description = 360: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 02.10.2012 16:54:23 | Computer Name = STEFFIXP | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
Error - 02.10.2012 18:05:09 | Computer Name = STEFFIXP | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.
Error - 02.10.2012 18:05:33 | Computer Name = STEFFIXP | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
Error - 03.10.2012 01:48:20 | Computer Name = STEFFIXP | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.
Error - 03.10.2012 01:48:30 | Computer Name = STEFFIXP | Source = WinMgmt | ID = 28
Description = WinMgmt konnte die Kernteile nicht initialisieren. Mögliche Ursache
hierfür könnte eine beschädigte WinMgmt-Version, ein WinMgmt-Repositoryaktualisierungsfehler
oder nicht genügend Speicherplatz oder Arbeitsspeicher sein.
Error - 03.10.2012 03:45:43 | Computer Name = STEFFIXP | Source = Media Center Extender Services | ID = 36864
Description = ERROR: Device Service Initialization - Unable to create or initialize
Device Table. Error code 0x80004005.
[ System Events ]
Error - 24.09.2012 16:06:12 | Computer Name = STEFFIXP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 24.09.2012 16:09:32 | Computer Name = STEFFIXP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 26.09.2012 12:01:50 | Computer Name = STEFFIXP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 26.09.2012 13:36:15 | Computer Name = STEFFIXP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 02.10.2012 14:55:47 | Computer Name = STEFFIXP | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.23 für die Netzwerkkarte mit der Netzwerkadresse
0018DE23F1F5 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 02.10.2012 14:57:38 | Computer Name = STEFFIXP | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.23 für die Netzwerkkarte mit der Netzwerkadresse
0018DE23F1F5 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 02.10.2012 14:58:59 | Computer Name = STEFFIXP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 02.10.2012 15:10:33 | Computer Name = STEFFIXP | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "ServiceLayer"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
Error - 03.10.2012 03:46:46 | Computer Name = STEFFIXP | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1060
Error - 03.10.2012 03:46:46 | Computer Name = STEFFIXP | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Media Center Extender Service" wurde mit folgendem dienstspezifischem
Fehler beendet: 2147500037 (0x80004005).
< End of report >
Kann jemand helfen Vorab schon einmal ein dickes Dankeschön!
mj |
