Hallo, da ich gerade über zweieinhalb Stunden schmerzhaft lernen musste, dass der Rechner von meiner Freundin total vermüllt ist. Jetzt hier die Logs der Programme.
MalwareByte Anti MalWare:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8348
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13
11.12.2011 00:15:55
mbam-log-2011-12-11 (00-15-55).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 255875
Laufzeit: 2 Stunde(n), 34 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 9
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
c:\dokumente und einstellungen\all users\anwendungsdaten\tarwjfmmky.exe (Rogue.FakeHDD) -> 2188 -> Unloaded process successfully.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\TaRwjfMMKY.exe (Rogue.FakeHDD) -> Value: TaRwjfMMKY.exe -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\tarwjfmmky.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\WINDOWS\niwradsoft shell pack\Backup\ctfmon.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
OTL Logfile:
Code:
OTL logfile created on: 11.12.2011 00:21:11 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Nora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,36 Mb Total Physical Memory | 295,81 Mb Available Physical Memory | 29,16% Memory free
2,38 Gb Paging File | 1,74 Gb Available in Paging File | 73,06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,01 Gb Total Space | 80,80 Gb Free Space | 54,23% Space Free | Partition Type: NTFS
Computer Name: NORAS-PC | User Name: Nora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Nora\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
PRC - C:\Programme\WSED\WSED.exe (Dell)
PRC - C:\Programme\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
PRC - C:\Programme\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
PRC - C:\Programme\Battery Meter\BTMeter.exe (Dell)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU ()
MOD - C:\WINDOWS\system32\preflib.dll ()
MOD - C:\WINDOWS\system32\bcm1xsup.dll ()
MOD - C:\Programme\Dell Video Chat\QtGui4.dll ()
MOD - C:\Programme\Dell Video Chat\QtCore4.dll ()
MOD - C:\Programme\Dell Video Chat\QtOpenGL4.dll ()
MOD - C:\Programme\Dell Video Chat\QtNetwork4.dll ()
MOD - C:\Programme\Dell Video Chat\SDL.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\EMSC.DLL ()
========== Win32 Services (SafeList) ==========
SRV - (AppMgmt) -- File not found
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (GoToAssist) -- C:\Programme\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (USBModem) -- C:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\WINDOWS\system32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\WINDOWS\system32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (OA012Ufd) -- C:\WINDOWS\system32\drivers\OA012Ufd.sys (Creative Technology Ltd.)
DRV - (OA012Vid) -- C:\WINDOWS\system32\drivers\OA012Vid.sys (Creative Technology Ltd.)
DRV - (OA012Afx) -- C:\WINDOWS\system32\drivers\OA012Afx.sys (Creative Technology Ltd.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (CtClsFlt) -- C:\WINDOWS\system32\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (EMSC) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.msn.com/sphome.aspx
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.meinvz.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.32
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.26 20:26:09 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.26 10:34:45 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Programme\Mozilla Sunbird\components [2011.01.22 16:40:27 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Programme\Mozilla Sunbird\plugins [2011.06.18 17:32:53 | 000,000,000 | -H-D | M]
[2009.09.06 16:54:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Extensions
[2011.11.11 19:24:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions
[2010.08.23 19:53:49 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.21 13:24:23 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.01 14:55:25 | 000,000,000 | -H-D | M] (Personas) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Firefox\Profiles\f7c8ebww.default\extensions\personas@christopher.beard
[2009.10.12 14:04:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Mozilla\Sunbird\Profiles\ajfhmbc2.default\extensions
[2011.11.26 20:26:17 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NORA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\F7C8EBWW.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\NORA\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\F7C8EBWW.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2011.11.26 20:26:08 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2009.09.22 09:15:24 | 000,404,992 | -H-- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll
[2009.03.24 11:10:44 | 000,114,688 | -H-- | M] (Zylom) -- C:\Programme\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011.10.20 12:55:36 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.20 12:55:36 | 000,002,252 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.20 12:55:36 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.20 12:55:36 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.20 12:55:36 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.20 12:55:36 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BTMeter] C:\Programme\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Programme\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Programme\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OA012Mon] C:\WINDOWS\OA012Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WSED] C:\Programme\WSED\WSED.exe (Dell)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SightSpeed] C:\Programme\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A573518-7E16-4FD5-8386-7C533D90A30D}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Programme\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - Unable to read "AutoRun" value or value not present!
O32 - AutoRun File - [2008.04.29 17:09:27 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - Unable to obtain root file information for disk C:\
O33 - MountPoints2\{eaf8b8d0-c583-11de-9b54-0024e8c8fa00}\Shell - "" = AutoRun
O33 - MountPoints2\{eaf8b8d0-c583-11de-9b54-0024e8c8fa00}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{eaf8b8d0-c583-11de-9b54-0024e8c8fa00}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Play.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.12.11 00:06:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Nora\Recent
[2011.12.10 21:34:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\Malwarebytes
[2011.12.10 21:34:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.12.10 21:34:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.12.10 21:34:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.12.10 21:34:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.12.10 21:20:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nora\Desktop\OTL.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011.12.11 00:18:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.11 00:18:33 | 1063,702,528 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.10 21:36:50 | 000,080,384 | ---- | M] () -- C:\Dokumente und Einstellungen\Nora\Desktop\MBRCheck.exe
[2011.12.10 21:34:33 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.10 21:19:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Nora\Desktop\OTL.exe
[2011.12.10 18:39:49 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.19 19:02:32 | 000,001,393 | -H-- | M] () -- C:\WINDOWS\imsins.BAK
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011.12.10 21:37:26 | 000,080,384 | ---- | C] () -- C:\Dokumente und Einstellungen\Nora\Desktop\MBRCheck.exe
[2011.12.10 21:34:33 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.19 22:34:09 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\d3dx.dat
[2010.12.11 10:44:56 | 000,169,280 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2009.10.13 12:45:48 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\UniFish3.exe
[2009.09.07 12:46:09 | 000,036,352 | -H-- | C] () -- C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.06 16:54:24 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2009.09.06 11:42:36 | 000,000,478 | -H-- | C] () -- C:\Dokumente und Einstellungen\Nora\Anwendungsdaten\wklnhst.dat
[2009.09.06 11:31:33 | 000,000,141 | -H-- | C] () -- C:\Dokumente und Einstellungen\Nora\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.08.03 11:17:47 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\setpwr32.exe
[2009.08.03 11:16:50 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.08.03 09:05:06 | 000,000,061 | -H-- | C] () -- C:\WINDOWS\smscfg.ini
[2009.08.03 08:53:00 | 000,000,075 | RHS- | C] () -- C:\WINDOWS\CT4CET.bin
[2009.08.03 08:41:11 | 000,266,240 | -H-- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2009.08.03 08:39:13 | 000,143,360 | -H-- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.08.03 08:39:12 | 000,753,664 | -H-- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.08.03 08:39:12 | 000,024,576 | -H-- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2009.05.21 05:24:48 | 000,001,683 | -H-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.09.29 20:39:00 | 002,854,976 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2008.05.27 04:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.27 04:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.27 04:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.27 03:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.27 03:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.04.29 17:11:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.04.29 17:07:35 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.04.29 17:06:17 | 000,003,776 | -H-- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008.04.29 11:56:05 | 000,486,154 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2008.04.29 11:56:05 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2008.04.29 11:56:05 | 000,095,822 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2008.04.29 11:56:05 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2008.04.29 11:55:54 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.29 11:55:53 | 000,443,222 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.29 11:55:53 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.29 11:55:53 | 000,072,488 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.29 11:55:53 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.29 11:55:52 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.29 11:55:52 | 000,004,627 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.29 11:55:51 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2008.04.29 11:55:48 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.29 11:55:48 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.29 11:55:45 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.29 11:55:42 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.29 04:02:14 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.04.29 04:01:17 | 000,295,664 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001.11.14 19:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll
< End of report >
--- --- ---
Extras:
OTL Logfile:
Code:
OTL Extras logfile created on: 11.12.2011 00:21:11 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Nora\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1014,36 Mb Total Physical Memory | 295,81 Mb Available Physical Memory | 29,16% Memory free
2,38 Gb Paging File | 1,74 Gb Available in Paging File | 73,06% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 149,01 Gb Total Space | 80,80 Gb Free Space | 54,23% Space Free | Partition Type: NTFS
Computer Name: NORAS-PC | User Name: Nora | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Programme\CeWe Color\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Programme\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process
"C:\Programme\Dell Video Chat\DellVideoChat.exe" = C:\Programme\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{10F15459-C54E-41BA-AC83-F12ACAF24690}" = Moorfrosch XS
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21BBAD12-C75F-4F06-A9B0-6F8BEEAF3846}" = Moorhuhn X - XS
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{391DEA9B-0EF0-4E13-993E-D5E84296558F}" = Kröt XXL
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5C85747A-91B6-4233-AAF8-063506D0FF4F}" = LG United Mobile Drivers
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABD7DBE3-E344-4BCA-B8AD-4360494DD1D9}" = LG MC USB U330 driver
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7437092-E534-46A5-895B-94FC627139B6}" = COMPUTERBILD-Abzockschutz
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Application" = Dienstprogramm für Dell Wireless WLAN Karte
"Cake Mania 2_is1" = Cake Mania 2
"Creative OA012" = Integrated Webcam Driver (1.02.02.0403)
"Dell Support Center" = Dell Support Center
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"Diner Dash_is1" = Diner Dash
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Farm Frenzy_is1" = Farm Frenzy
"FormatFactory" = FormatFactory 2.10
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Gardenscapes_is1" = Gardenscapes
"GoToAssist" = GoToAssist 8.0.0.514
"Gourmania" = Gourmania
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Akkuanzeige
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"Mystery Cookbook" = Mystery Cookbook
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Ranch Rush_is1" = Ranch Rush
"RollerCoaster Tycoon Setup" = Roll
"Seven Remix XP" = Seven Remix XP 2.31
"Sprill Bermuda" = Sprill Bermuda
"SynTPDeinstKey" = Dell Touchpad
"The Clumsys 2 - Butterfly Effect" = The Clumsys 2 - Butterfly Effect (entfernen)
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaMizer" = VistaMizer 3.3.0.0
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zylom Games Player Plugin" = Zylom Games Player Plugin
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.10.2011 12:19:58 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 730313
Error - 30.10.2011 03:24:28 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2011 03:24:28 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953
Error - 30.10.2011 03:24:28 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953
Error - 30.10.2011 03:24:30 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.10.2011 03:24:30 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4062
Error - 30.10.2011 03:24:30 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4062
Error - 14.11.2011 16:56:57 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 14.11.2011 16:56:57 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2016
Error - 14.11.2011 16:56:57 | Computer Name = NORAS-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2016
[ OSession Events ]
Error - 16.02.2011 09:56:00 | Computer Name = NORAS-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1477
seconds with 600 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10.12.2011 19:12:37 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:13:08 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:13:38 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:14:08 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:14:39 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:15:09 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:15:39 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:16:10 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:16:40 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 10.12.2011 19:17:11 | Computer Name = NORAS-PC | Source = DCOM | ID = 10010
Description = Der Server "{28DD3979-0566-4ED3-9B14-1548B3187491}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
< End of report >
--- --- ---
MBR:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x00000014
Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7ABD000 \WINDOWS\system32\KDCOM.DLL
0xF79CD000 \WINDOWS\system32\BOOTVID.dll
0xF75BD000 msmewwl.sys
0xF73C9000 spgq.sys
0xF7ABF000 \WINDOWS\System32\Drivers\WMILIB.SYS
0xF73B1000 \WINDOWS\System32\Drivers\SCSIPORT.SYS
0xF7382000 ACPI.sys
0xF7371000 pci.sys
0xF75CD000 isapnp.sys
0xF79D1000 compbatt.sys
0xF79D5000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B85000 pciide.sys
0xF783D000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF75DD000 MountMgr.sys
0xF7352000 ftdisk.sys
0xF7845000 PartMgr.sys
0xF79D9000 ACPIEC.sys
0xF7B86000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF75ED000 VolSnap.sys
0xF733A000 atapi.sys
0xF75FD000 disk.sys
0xF760D000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF731A000 fltMgr.sys
0xF7308000 sr.sys
0xF761D000 PxHelp20.sys
0xF72F1000 KSecDD.sys
0xF72DE000 WudfPf.sys
0xF7251000 Ntfs.sys
0xF7224000 NDIS.sys
0xF720A000 Mup.sys
0xF766D000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7A75000 \SystemRoot\system32\DRIVERS\EMSC.SYS
0xF767D000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xF710D000 \SystemRoot\System32\Drivers\wdf01000.sys
0xF6B77000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6B63000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6B3B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF69E7000 \SystemRoot\system32\DRIVERS\bcmwl5.sys
0xF69C9000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF789D000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF69A5000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78A5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7A89000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF768D000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6973000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7AC5000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78C5000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF693A000 \SystemRoot\System32\Drivers\at64b72t.SYS
0xF6849000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xF7CE4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7ACD000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF7935000 \SystemRoot\System32\Drivers\Modem.SYS
0xF769D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7AA5000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6832000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF76AD000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF76BD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7955000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6821000 \SystemRoot\system32\DRIVERS\psched.sys
0xF76CD000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF7965000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF7975000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF76DD000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF7AD3000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF67FE000 \SystemRoot\system32\DRIVERS\ks.sys
0xF67A0000 \SystemRoot\system32\DRIVERS\update.sys
0xF7AB9000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF71E2000 \SystemRoot\system32\DRIVERS\lgbtbus.sys
0xF76ED000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76FD000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF799D000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF79A5000 \SystemRoot\system32\DRIVERS\btport.sys
0xF770D000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF79DD000 \SystemRoot\system32\DRIVERS\lgvmodem.sys
0xF71A9000 \SystemRoot\system32\DRIVERS\lgbtport.sys
0xAA2C7000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAA2A3000 \SystemRoot\system32\drivers\portcls.sys
0xF772D000 \SystemRoot\system32\drivers\drmk.sys
0xAA1DB000 \??\C:\WINDOWS\system32\Drivers\OA012Afx.sys
0xF773D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7AB5000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7ADB000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7BB8000 \SystemRoot\System32\Drivers\Null.SYS
0xF7ADF000 \SystemRoot\System32\Drivers\Beep.SYS
0xF788D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7895000 \SystemRoot\System32\drivers\vga.sys
0xF7AE3000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7AE7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF78B5000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF78D5000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF6794000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAA158000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAA0FF000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAA0D7000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAA0B1000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAA08F000 \SystemRoot\System32\drivers\afd.sys
0xF774D000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF78ED000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xAA064000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA9FF4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF776D000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9FA5000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xF7AEF000 \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys
0xF7905000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xA9F7A000 \SystemRoot\System32\Drivers\RtsUStor.sys
0xA9F37000 \SystemRoot\system32\DRIVERS\OA012Vid.sys
0xA9F16000 \SystemRoot\system32\DRIVERS\OA012Ufd.sys
0xA9EF2000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0xF779D000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xF77AD000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF77BD000 \SystemRoot\System32\Drivers\btwusb.sys
0xAA1A7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF77CD000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAA1A3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xA9ED4000 \SystemRoot\system32\DRIVERS\btwdndis.sys
0xF792D000 \SystemRoot\system32\DRIVERS\btwmodem.sys
0xA9E53000 \SystemRoot\system32\drivers\btaudio.sys
0xF77DD000 \SystemRoot\system32\DRIVERS\btwhid.sys
0xF7AA1000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xA9E13000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7AFB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA9FEC000 \SystemRoot\System32\drivers\Dxapi.sys
0xF797D000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7CB8000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xBF47A000 \SystemRoot\System32\ATMFD.DLL
0xA9CBC000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xA9D57000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xA9CB0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA9997000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA9982000 \SystemRoot\system32\drivers\wdmaud.sys
0xA9C64000 \SystemRoot\system32\drivers\sysaudio.sys
0xA960A000 \SystemRoot\system32\DRIVERS\srv.sys
0xA9079000 \SystemRoot\System32\Drivers\HTTP.sys
0xA8FA9000 \SystemRoot\system32\DRIVERS\ipfltdrv.sys
0xA8A68000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
0x10000000 \Programme\DAEMON Tools Lite\Engine.dll
Processes (total 55):
0 System Idle Process
4 System
496 C:\WINDOWS\system32\smss.exe
908 csrss.exe
932 C:\WINDOWS\system32\winlogon.exe
976 C:\WINDOWS\system32\services.exe
988 C:\WINDOWS\system32\lsass.exe
1164 C:\WINDOWS\system32\svchost.exe
1208 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1316 C:\WINDOWS\system32\svchost.exe
1468 svchost.exe
1532 svchost.exe
1760 C:\WINDOWS\system32\WLTRYSVC.EXE
1776 C:\WINDOWS\system32\BCMWLTRY.EXE
1796 C:\WINDOWS\system32\spoolsv.exe
1876 C:\Programme\Avira\AntiVir Desktop\sched.exe
128 svchost.exe
552 C:\Programme\Avira\AntiVir Desktop\avguard.exe
568 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
708 C:\Programme\Avira\AntiVir Desktop\avshadow.exe
740 C:\WINDOWS\explorer.exe
444 C:\Programme\Bonjour\mDNSResponder.exe
848 C:\Programme\Java\jre6\bin\jqs.exe
1456 C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
1912 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
628 C:\WINDOWS\system32\svchost.exe
828 C:\WINDOWS\system32\searchindexer.exe
2136 C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2456 C:\WINDOWS\system32\wbem\wmiapsrv.exe
2612 alg.exe
2692 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
2836 C:\WINDOWS\RTHDCPL.EXE
2996 C:\WINDOWS\system32\igfxpers.exe
3028 C:\WINDOWS\OA012Mon.exe
3036 C:\WINDOWS\system32\igfxsrvc.exe
3176 C:\WINDOWS\system32\WLTRAY.EXE
3188 C:\Programme\WSED\WSED.exe
3220 C:\Programme\Battery Meter\BTMeter.exe
3328 C:\Programme\CapsLKNotify\CapsLKNotify.exe
3420 C:\Programme\Java\jre6\bin\jusched.exe
3436 C:\WINDOWS\system32\svchost.exe
3448 C:\Programme\Avira\AntiVir Desktop\avgnt.exe
3792 C:\Programme\iTunes\iTunesHelper.exe
3800 C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
3836 C:\WINDOWS\system32\ctfmon.exe
4076 C:\Programme\Dell Video Chat\DellVideoChat.exe
2092 C:\Programme\iPod\bin\iPodService.exe
2556 C:\WINDOWS\system32\searchprotocolhost.exe
1112 C:\WINDOWS\NOTEPAD.EXE
2516 C:\WINDOWS\NOTEPAD.EXE
1956 searchfilterhost.exe
3300 C:\Programme\Mozilla Firefox\firefox.exe
3308 C:\WINDOWS\system32\notepad.exe
1652 C:\Dokumente und Einstellungen\Nora\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
PhysicalDrive0 Model Number: ST9160314AS, Rev: 0003DEM1
Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 Dell Inspiron MBR code detected
SHA1: AE3E0A945D44C8EA304A19A8F50F69065C34344B
Done!
Schon nach dem Scan mit MalWare war eine Verbesserung zu verzeichnen, denn die neu abgelegten Dateien auf dem Desktop waren nach dem Neustart sichtbar. Die "Fehlermeldungen" sind nicht mehr gekommen. Wenn jetzt noch die alten Dateien wieder sichtbar werden, dann habt ihr echt jemanden glücklich gemacht und dadurch mich auch