| pandafleisch | 14.10.2012 16:09 |
virus programme lassen sich nicht installieren, pc ist extrem langsam
virus programme lassen sich nciht installieren, weil immer die meldung "pc ist eventuell infiziert" kommt.
pc hängt, reagiert nicht, programme starten dauert extrem lange.
bestimmte programme und dateien lassen sich nicht löschen.
defoggerlog: Code:
defoggerlog:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:55 on 14/10/2012 (Knaller)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
d347prt -> Already disabled
d347bus -> Already disabled
-=E.O.F=-
otl:
OTL Logfile: Code:
OTL logfile created on: 14.10.2012 17:12:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Knaller\Desktop
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,41 Mb Total Physical Memory | 690,80 Mb Available Physical Memory | 67,57% Memory free
2,41 Gb Paging File | 2,19 Gb Available in Paging File | 90,93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 10,76 Gb Total Space | 2,25 Gb Free Space | 20,88% Space Free | Partition Type: NTFS
Drive E: | 21,05 Gb Total Space | 15,81 Gb Free Space | 75,10% Space Free | Partition Type: NTFS
Drive F: | 117,24 Gb Total Space | 11,20 Gb Free Space | 9,55% Space Free | Partition Type: NTFS
Drive H: | 10,00 Gb Total Space | 2,84 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive I: | 40,00 Gb Total Space | 1,48 Gb Free Space | 3,71% Space Free | Partition Type: NTFS
Drive J: | 61,78 Gb Total Space | 6,64 Gb Free Space | 10,74% Space Free | Partition Type: NTFS
Computer Name: MAKI | User Name: Knaller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.10.14 16:57:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Knaller\Desktop\OTL.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009.09.02 13:03:00 | 000,715,392 | ---- | M] (COMODO) -- C:\Programme\COMODO\COMODO Internet Security\Repair\cmdagent.exe
PRC - [2006.05.02 16:57:28 | 002,203,648 | ---- | M] () -- C:\WINDOWS\system32\Pd71HiFiPan.exe
PRC - [2004.03.12 01:10:20 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2006.05.02 16:57:28 | 002,203,648 | ---- | M] () -- C:\WINDOWS\system32\Pd71HiFiPan.exe
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\DOKUME~1\Knaller\LOKALE~1\Temp\hpdj.exe -- (hpdj)
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.10.14 16:58:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.09.13 23:19:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.04.05 11:37:38 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2009.09.02 13:03:00 | 000,715,392 | ---- | M] (COMODO) [Auto | Running] -- C:\Programme\COMODO\COMODO Internet Security\Repair\cmdagent.exe -- (cmdAgent)
SRV - [2004.10.22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.07.28 13:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\Bulk533.sys -- (USBCamera)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Auto | Stopped] -- System32\Drivers\Ca533av.sys -- (Ca533av)
DRV - [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.09.30 06:18:22 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.08.27 16:40:12 | 000,132,168 | ---- | M] (COMODO) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2009.08.27 16:40:12 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\inspect.sys -- (Inspect)
DRV - [2009.08.27 16:40:12 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009.03.25 03:59:11 | 000,002,996 | ---- | M] (Buzz) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2008.09.15 19:05:55 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.11.07 05:40:20 | 000,169,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinavt2.sys -- (ATIAVAIW)
DRV - [2006.05.02 16:57:36 | 000,036,480 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pd71HiFiWdm.sys -- (Pd71HiFi_01)
DRV - [2006.05.02 16:56:54 | 000,037,248 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pd71HiFi.sys -- (Pd71HiFi_AA)
DRV - [2004.11.15 09:44:42 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004.11.15 09:44:38 | 000,033,408 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004.11.03 14:58:20 | 000,086,144 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004.10.07 12:59:30 | 000,500,224 | ---- | M] (QSound Labs, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pd71HiFiQve.sys -- (Pd71HiFiQve)
DRV - [2004.08.22 17:31:48 | 000,005,248 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\d347prt.sys -- (d347prt)
DRV - [2004.08.22 17:31:10 | 000,155,136 | ---- | M] ( ) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\d347bus.sys -- (d347bus)
DRV - [2004.07.09 04:26:38 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2004.03.12 00:43:50 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.travian.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3
FF - prefs.js..extensions.enabledAddons: nasanightlaunch@example.com:0.6.20120915
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20120421
FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:3.6
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Programme\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.13 23:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.05 15:24:05 | 000,000,000 | ---D | M]
[2009.11.11 19:10:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Extensions
[2012.10.14 17:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions
[2011.07.07 20:43:16 | 000,000,000 | ---D | M] (Web2PDF converter) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions\{e8f509f0-b677-11de-8a39-0800200c9a66}
[2010.11.29 20:28:40 | 000,000,000 | ---D | M] (RedShift V3.6) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions\redshift_V2@shift-themes.com
[2012.10.14 17:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions\staged
[2012.09.29 11:52:34 | 002,282,522 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions\nasanightlaunch@example.com.xpi
[2012.08.06 17:14:30 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.04 16:37:06 | 000,257,937 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.14 17:03:24 | 000,252,340 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Mozilla\Firefox\Profiles\qwvb194e.default\extensions\staged\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.06.23 19:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.13 23:19:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.13 23:19:02 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2001.08.18 12:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O4 - HKLM..\Run: [{1606DC18-9578-4cbd-8312-8E9868F06A1D}] C:\Dokumente und Einstellungen\Knaller\Lokale Einstellungen\Temp\cis11102\cmdinstall.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Programme\COMODO\COMODO Internet Security\Repair\cfp.exe (COMODO)
O4 - HKLM..\Run: [DAEMON Tools-1033] C:\Programme\D-Tools\daemon.exe (DAEMON'S HOME)
O4 - HKLM..\Run: [Pd71HiFiPan] C:\WINDOWS\System32\Pd71HiFiPan.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - E:\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {00000161-0000-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/msaudio.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98AA5F9B-DEA0-482E-B4E3-2909EE3E07DB}: NameServer = 192.168.1.254
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.26 21:55:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004.08.28 15:37:28 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.05.26 15:39:14 | 000,000,000 | ---- | M] () - H:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\##192.168.1.3#crusader (e)\Shell - "" = AutoRun
O33 - MountPoints2\##192.168.1.3#crusader (e)\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\##192.168.1.3#crusader (e)\Shell\AutoRun\command - "" = Z:\RoNsetup.exe /autorun
O33 - MountPoints2\{6a332272-b3f0-11dc-b538-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6a332272-b3f0-11dc-b538-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6a332272-b3f0-11dc-b538-806d6172696f}\Shell\AutoRun\command - "" = G:\Setup.EXE
O33 - MountPoints2\{a61b4944-242f-11de-9215-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{a61b4944-242f-11de-9215-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a61b4944-242f-11de-9215-806d6172696f}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.10.14 16:57:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Knaller\Desktop\OTL.exe
[2012.10.05 16:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Malwarebytes
[2012.10.05 16:00:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.10.05 16:00:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.10.05 16:00:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.10.05 16:00:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.10.05 15:59:44 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Knaller\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.05 14:40:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Softwin
[2012.10.05 14:33:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knaller\.swt
[2012.10.05 14:14:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TightVNC
[2012.10.05 14:13:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CPA_VA
[2012.10.05 14:12:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Comodo
[2012.10.05 14:11:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\COMODO
[2012.10.05 14:07:49 | 088,861,872 | ---- | C] (COMODO) -- C:\Dokumente und Einstellungen\Knaller\Desktop\cispremium510_installer.exe
[2012.10.05 13:56:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Kaspersky Lab Setup Files
[2012.10.05 13:52:33 | 165,974,760 | ---- | C] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Knaller\Desktop\kis13.0.1.4190de-de.exe
[2012.09.30 16:01:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamSpeak 3 Client
[2012.09.30 16:00:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knaller\Eigene Dateien\teamspeak3
[2008.04.02 04:36:08 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Knaller\d3dx9_24.dll
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.10.14 16:58:30 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.10.14 16:57:22 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Knaller\Desktop\OTL.exe
[2012.10.14 16:52:39 | 000,001,141 | RHS- | M] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012.10.14 16:52:39 | 000,000,434 | ---- | M] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012.10.14 16:51:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.14 16:51:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.05 16:06:37 | 000,000,052 | ---- | M] () -- C:\Dokumente und Einstellungen\Knaller\defogger_reenable
[2012.10.05 16:05:42 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\Defogger.exe
[2012.10.05 16:00:02 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.05 15:59:44 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Knaller\Desktop\mbam-setup-1.65.0.1400.exe
[2012.10.05 15:36:03 | 000,000,203 | RHS- | M] () -- C:\boot.ini
[2012.10.05 15:18:19 | 000,029,287 | ---- | M] () -- C:\WINDOWS\hpdj5100.his
[2012.10.05 15:18:19 | 000,004,685 | ---- | M] () -- C:\WINDOWS\hpdj5100.ini
[2012.10.05 14:09:40 | 088,861,872 | ---- | M] (COMODO) -- C:\Dokumente und Einstellungen\Knaller\Desktop\cispremium510_installer.exe
[2012.10.05 13:55:33 | 165,974,760 | ---- | M] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Knaller\Desktop\kis13.0.1.4190de-de.exe
[2012.09.30 16:01:26 | 000,000,805 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012.09.29 14:58:02 | 001,525,901 | ---- | M] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290652.JPG
[2012.09.29 14:57:54 | 001,644,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290651.JPG
[2012.09.29 14:57:36 | 001,455,795 | ---- | M] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290650.JPG
[2012.09.29 14:57:22 | 001,498,127 | ---- | M] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290649.JPG
[2012.09.20 15:22:17 | 000,033,719 | ---- | M] () -- C:\WINDOWS\DIIUnin.dat
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.10.05 16:06:31 | 000,000,052 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\defogger_reenable
[2012.10.05 16:05:42 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\Defogger.exe
[2012.10.05 16:00:02 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.05 15:17:52 | 000,219,987 | ---- | C] () -- C:\WINDOWS\hpdj5100.hi2
[2012.10.05 15:17:52 | 000,010,467 | ---- | C] () -- C:\WINDOWS\hpdj5100.bu2
[2012.10.05 14:10:49 | 000,000,434 | ---- | C] () -- C:\WINDOWS\System32\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012.10.05 14:10:48 | 000,001,141 | RHS- | C] () -- C:\WINDOWS\System32\{1606DC18-9578-4cbd-8312-8E9868F06A1D}.conf
[2012.09.30 16:01:26 | 000,000,805 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamSpeak 3 Client.lnk
[2012.09.29 15:33:01 | 001,644,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290651.JPG
[2012.09.29 15:33:00 | 001,498,127 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290649.JPG
[2012.09.29 15:33:00 | 001,455,795 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290650.JPG
[2012.09.29 15:32:59 | 001,525,901 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\Desktop\P9290652.JPG
[2009.08.25 20:23:31 | 001,077,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2007.12.27 05:49:41 | 000,118,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Knaller\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.26 22:42:18 | 004,306,588 | -H-- | C] () -- C:\Dokumente und Einstellungen\Knaller\Lokale Einstellungen\Anwendungsdaten\IconCache_.db
========== ZeroAccess Check ==========
[2007.12.26 22:35:43 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2004.03.12 01:10:06 | 001,462,784 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004.03.12 01:09:52 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.03.12 01:10:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2008.08.05 01:14:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic
[2010.05.17 16:02:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2008.02.01 06:49:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2012.10.05 15:11:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CPA_VA
[2008.09.08 14:58:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\metier2000Apps
[2012.02.22 23:03:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2008.07.27 18:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft
[2009.01.16 22:43:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2009.11.19 01:29:50 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.04.27 22:03:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\.minecraft
[2009.12.28 11:26:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Acreon
[2009.07.25 15:43:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Any Video Converter
[2012.10.05 14:33:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Azureus
[2011.07.24 03:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\ICQ
[2010.06.30 13:36:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\LolClient
[2010.01.17 21:53:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\MobMapUpdater
[2008.05.27 20:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\PC Suite
[2007.12.28 02:17:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Prabang
[2011.12.21 18:46:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Rovio
[2009.11.19 01:32:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\TuneUp Software
[2008.07.27 18:13:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knaller\Anwendungsdaten\Ubisoft
========== Purity Check ==========
< End of report >
--- --- ---
extras:
OTL Logfile: Code:
OTL Extras logfile created on: 14.10.2012 17:12:40 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Knaller\Desktop
Windows XP Professional Edition Service Pack 2, v.2096 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2096)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1022,41 Mb Total Physical Memory | 690,80 Mb Available Physical Memory | 67,57% Memory free
2,41 Gb Paging File | 2,19 Gb Available in Paging File | 90,93% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 10,76 Gb Total Space | 2,25 Gb Free Space | 20,88% Space Free | Partition Type: NTFS
Drive E: | 21,05 Gb Total Space | 15,81 Gb Free Space | 75,10% Space Free | Partition Type: NTFS
Drive F: | 117,24 Gb Total Space | 11,20 Gb Free Space | 9,55% Space Free | Partition Type: NTFS
Drive H: | 10,00 Gb Total Space | 2,84 Gb Free Space | 28,42% Space Free | Partition Type: NTFS
Drive I: | 40,00 Gb Total Space | 1,48 Gb Free Space | 3,71% Space Free | Partition Type: NTFS
Drive J: | 61,78 Gb Total Space | 6,64 Gb Free Space | 10,74% Space Free | Partition Type: NTFS
Computer Name: MAKI | User Name: Knaller | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Dokumente und Einstellungen\Knaller\Desktop\jenny bilder\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Dokumente und Einstellungen\Knaller\Desktop\jenny bilder\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1"
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:NetBIOS-Sitzungsdienst
"445:TCP" = 445:TCP:*:Enabled:SMB über TCP
"137:UDP" = 137:UDP:*:Enabled:NetBIOS-Namensdienst
"138:UDP" = 138:UDP:*:Enabled:NetBIOS-Datagrammdienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:NetBIOS-Sitzungsdienst
"445:TCP" = 445:TCP:LocalSubNet:Enabled:SMB über TCP
"137:UDP" = 137:UDP:LocalSubNet:Enabled:NetBIOS-Namensdienst
"138:UDP" = 138:UDP:LocalSubNet:Enabled:NetBIOS-Datagrammdienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:Remoteunterstützung -- (Microsoft Corporation)
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"F:\game\DungeonSiege2.exe" = F:\game\DungeonSiege2.exe:*:Enabled:Dungeon Siege 2 Game Executable
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Programme\Gemeinsame Dateien\Comodo\tvnserver.exe" = C:\Programme\Gemeinsame Dateien\Comodo\tvnserver.exe:*:Enabled:TVN Server
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06053AB3-B607-B752-3252-4A2EA9E9761E}" = CCC Help Dutch
"{07C903D3-2996-4683-9B49-7839207148CA}" = NGists G15/TeamSpeak Display
"{0B4A8658-43F1-50CA-AF30-C67E3AE2C9ED}" = CCC Help Greek
"{0CC61470-D776-2353-D5CB-C7BC20204863}" = CCC Help Finnish
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{12655AB3-9285-A2F0-5BBC-C5C45E4D718C}" = CCC Help Czech
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24700C01-3A72-29D4-001B-6EE6BF71EB5E}" = CCC Help Korean
"{259A8A5E-2886-4BED-9EF1-D5485282CCC3}" = Overlord - Raising Hell
"{26262388-95BF-58B0-CD46-A8F957BB67BF}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{329376FB-FB6C-C587-F483-07E3418456F5}" = ccc-utility
"{33A38A8B-9E1E-BCBB-EA87-CE797EC75080}" = CCC Help Chinese Traditional
"{369EEB32-64D1-F22A-1B2C-A3E81582E767}" = CCC Help Japanese
"{3DED3A72-61A8-4B87-98A5-EF0BC8038AA0}" = DAEMON Tools
"{3FCD8F30-057D-C96F-AEF4-B0D77DE9730C}" = CCC Help Portuguese
"{46605BDE-7F82-DB0F-7906-3279A7E639BE}" = Catalyst Control Center Localization All
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{480A8E00-D808-7D79-977B-CEBBB3BEB409}" = CCC Help French
"{48C7FD10-D6AD-8EE0-2E8E-0480C4EEB1BD}" = Catalyst Control Center HydraVision Full
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5CA7ABC3-5F89-3A1D-A113-046EA4C7FCEB}" = ccc-core-static
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F77AD48-BA04-F868-2D04-FC1BFF5E00BA}" = Catalyst Control Center Graphics Light
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{788907C5-C83B-9785-A1F0-67050017324E}" = CCC Help Spanish
"{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
"{7F5F1767-88C6-CBFC-5DD3-D853343FD5AE}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84DE3702-3262-BE38-27E8-5ED423D803C6}" = CCC Help Chinese Standard
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95053B5A-42E0-830E-85BD-733FAFC28BA7}" = ccc-core-preinstall
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B40D533-4F38-893D-EE5A-17226104BBC2}" = Skins
"{A08CB73B-5DEA-185D-5D98-2230004D75ED}" = CCC Help Danish
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A22D91C3-E7BD-CBEE-7CDC-DE4C42FA27B7}" = CCC Help Hungarian
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.0 - Deutsch
"{AD0DD974-ADC2-8C10-DFA6-C1203A6E5106}" = CCC Help Polish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B014F739-B305-5319-D996-6612BD60ED74}" = CCC Help Swedish
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C570CAF4-D734-5412-C842-9AB150803074}" = Catalyst Control Center Core Implementation
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D01F5B2C-2776-6C46-441C-E819C08DF4FF}" = CCC Help Turkish
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D2FCA53F-F568-D08A-458F-F7C9769A30ED}" = CCC Help Norwegian
"{D89B70AB-CF91-36A4-8658-FACA3AF6A654}" = Catalyst Control Center Graphics Previews Common
"{DF1274DC-02D4-B2D7-6197-5D24E1EF84B1}" = CCC Help Thai
"{E000D42E-5842-20A6-EEB1-6DED8C2746C5}" = CCC Help Italian
"{E35B3C63-E958-4E31-A178-95D22024109A}" = Battlefield Vietnam(TM)
"{E7679B31-21F5-4AAE-1620-0DFACF702325}" = Catalyst Control Center Graphics Full New
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F83491F9-7CDF-46A7-9994-9E002CE5CE75}" = CCC Help Russian
"{FDE409B1-1FF3-DC39-083E-C0F4ED496D5E}" = CCC Help English
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Diablo II" = Diablo II
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Guitar Pro 5_is1" = Guitar Pro 5.2
"Icy Tower v1.5_is1" = Icy Tower v1.5
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.8.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PhotoFiltre" = PhotoFiltre
"Prodigy 7.1 HiFi Audio Driver Ver 1.02 Setup" = Prodigy 7.1 HiFi Audio Driver Ver 1.02
"S3" = Die Siedler III Gold Edition
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.1
"Vuze" = Vuze
"Winamp" = Winamp (remove only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Warcraft III" = Warcraft III: All Products
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2012 08:48:59 | Computer Name = MAKI | Source = MsiInstaller | ID = 11920
Description = Produkt: BitDefender 8 Free Edition -- Fehler 1920. Dienst "BitDefender
Scan Server" (BDSS) konnte nicht gestartet werden. Überprüfen Sie, ob Sie ausreichende
Berechtigungen zum Starten von Systemdiensten besitzen.
Error - 05.10.2012 08:49:54 | Computer Name = MAKI | Source = MsiInstaller | ID = 11920
Description = Produkt: BitDefender 8 Free Edition -- Fehler 1920. Dienst "BitDefender
Scan Server" (BDSS) konnte nicht gestartet werden. Überprüfen Sie, ob Sie ausreichende
Berechtigungen zum Starten von Systemdiensten besitzen.
Error - 05.10.2012 09:09:04 | Computer Name = MAKI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung cmdinstall.exe, Version 5.10.31649.2253, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 05.10.2012 09:18:47 | Computer Name = MAKI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _is30.exe, Version 12.0.0.58849, fehlgeschlagenes
Modul _is30.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
Error - 05.10.2012 09:25:56 | Computer Name = MAKI | Source = MsiInstaller | ID = 10005
Description = Product: NGists G15/TeamSpeak Display -- NGists G15/TeamSpeak Display
can only be installed if the Logitech LCD Manager application is installed.
Error - 05.10.2012 09:26:02 | Computer Name = MAKI | Source = MsiInstaller | ID = 10005
Description = Product: NGists G15/TeamSpeak Display -- NGists G15/TeamSpeak Display
can only be installed if the Logitech LCD Manager application is installed.
Error - 05.10.2012 09:26:08 | Computer Name = MAKI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung _is79.exe, Version 12.0.0.58849, fehlgeschlagenes
Modul _is79.exe, Version 12.0.0.58849, Fehleradresse 0x0001e7b9.
Error - 05.10.2012 09:35:25 | Computer Name = MAKI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000048.
Error - 05.10.2012 09:56:37 | Computer Name = MAKI | Source = MsiInstaller | ID = 11920
Description = Produkt: BitDefender 8 Free Edition -- Fehler 1920. Dienst "BitDefender
Scan Server" (BDSS) konnte nicht gestartet werden. Überprüfen Sie, ob Sie ausreichende
Berechtigungen zum Starten von Systemdiensten besitzen.
Error - 05.10.2012 09:57:21 | Computer Name = MAKI | Source = MsiInstaller | ID = 11920
Description = Produkt: BitDefender 8 Free Edition -- Fehler 1920. Dienst "BitDefender
Scan Server" (BDSS) konnte nicht gestartet werden. Überprüfen Sie, ob Sie ausreichende
Berechtigungen zum Starten von Systemdiensten besitzen.
[ System Events ]
Error - 05.10.2012 10:12:52 | Computer Name = MAKI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 05.10.2012 10:12:52 | Computer Name = MAKI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 05.10.2012 10:12:53 | Computer Name = MAKI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 05.10.2012 10:12:53 | Computer Name = MAKI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 05.10.2012 10:12:53 | Computer Name = MAKI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 05.10.2012 10:12:54 | Computer Name = MAKI | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\D gefunden.
Error - 14.10.2012 10:51:59 | Computer Name = MAKI | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 14.10.2012 10:52:13 | Computer Name = MAKI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DV Series Video Capture" wurde aufgrund folgenden Fehlers
nicht gestartet: %%2
Error - 14.10.2012 10:52:13 | Computer Name = MAKI | Source = Service Control Manager | ID = 7000
Description = Der Dienst "hpdj" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 14.10.2012 10:52:13 | Computer Name = MAKI | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
< End of report >
--- --- ---
wenn ich Gmer scannen lasse wird der bilschirm blau mit der meldung: "es wurde ein problem fdestgestellt....Stellen sie sicher, dass neue hardware oder software richtig installiert ist....." |
