| siebensieben | 16.11.2012 08:06 |
pxMdWicSEXclEk-exe Hab mir wohl einen Trojaner eingefangen
Guten Morgen allerseits, habe über Freund Google diesen Link gefunden und bitte Euch um Rat. Der Laptop lief wunderbar - bis er in die Knie ging. Viele Dateien sind nicht mehr sichtbar, aber alles ist da und alles funktioniert!
Dennoch:
- Im Startmenü ist nichts mehr.
- Der Explorer funktioniert, aber zeigt nichts an. Über extras / Optionen / Ansicht / Alle Dateien und Ordner anzeigen ist alles wieder sichtbar, aber die Icons sind 'flau', also als seien sie nicht als benutzbar freigegeben. Dann findet man auch exe-Dateien oder Dateien, die man ganz normal bearbeiten kann. Aber nach einiger Zeit sind die Icons wieder weg, dann muss man sie wieder manuell einschalten. Es funktioniert, aber ist lästig.
- Internetzugang funktioniert
- Ab und zu zeigt Zonealarm an, dass pxMdWicSEXclEk-exe ins Internet will, wird natürlich abgelehnt. Wobei ich mir nicht ganz sicher bin, ob nicht auch schon mal eine andere Buchstabenkombination zu lesen war, aber auch wohl Hinweise auf Böses!
Und dann gibt's unzählige Warnungen wie diese hier:
- Seek error, sector not found
- The device cannot find enough free recources that it can use
- hard drive controller failure
- Device initialisation failed
- System message write fault error. A write command during the test has failed due to a read or write error. The system generates an exeption error when using a reference to an invalid system memory adress.
- criticl error: drive sector not foud error
- Date error reading drive c:
Die vorletzte geht dann bald 20 mal hintereinander auf, kann man löschen, dann dauert's ein paar Minuten, dann geht's von vorne los.
Ich habe jetzt diverse Scans nach Eurer Anleitung laufen lassen, ich hoffe, es ist alles so, wie Ihr es braucht. Ich habe mich bemüht, bin aber ziemlicher Laie mit ein bisschen Halbwissen. Bisher auch nichts gelöscht, alles in Quarantäne, soweit es angeboten wurde.
Hier die Logs: Code:
Malwarebytes Anti-Malware (Test) 1.65.1.1000
www.malwarebytes.org
Datenbank Version: v2012.11.15.07
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
*** :: ST06 [Administrator]
Schutz: Aktiviert
15.11.2012 19:21:22
mbam-log-2012-11-15 (23-12-07).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410311
Laufzeit: 3 Stunde(n), 14 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe (Trojan.FakeAlert) -> 956 -> Keine Aktion durchgeführt.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|pxMdWicSEXclEk.exe (Trojan.FakeAlert) -> Daten: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe -> Keine Aktion durchgeführt.
Infizierte Dateiobjekte der Registrierung: 6
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowHelp (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowRun (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 2
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe (Trojan.FakeAlert) -> Keine Aktion durchgeführt.
C:\Programme\VOB in MPG\eRightSoft\SUPER\SUPER.exe (Trojan.Downloader) -> Keine Aktion durchgeführt.
(Ende)
OTL Logfile: Code:
OTL logfile created on: 15.11.2012 23:30:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 25,13% Memory free
3,84 Gb Paging File | 2,47 Gb Available in Paging File | 64,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,95 Gb Total Space | 22,02 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Drive Z: | 917,07 Gb Total Space | 481,87 Gb Free Space | 52,54% Space Free | Partition Type: NTFS
Computer Name: ST06 | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.11.15 23:26:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
PRC - [2012.11.12 13:34:57 | 000,253,952 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe
PRC - [2012.11.12 13:17:30 | 000,346,624 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe
PRC - [2012.11.09 04:21:26 | 003,673,808 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2012.11.09 04:21:14 | 002,777,296 | -H-- | M] (Crawler.com) -- C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012.11.01 15:34:28 | 002,717,816 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012.10.29 09:58:42 | 000,917,984 | -H-- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.04 16:30:32 | 000,161,768 | -H-- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012.07.03 08:04:54 | 000,252,848 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.20 12:59:04 | 002,042,208 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgtray.exe
PRC - [2010.04.07 13:57:42 | 000,099,896 | -H-- | M] (HP) -- C:\WINDOWS\system32\HPSIsvc.exe
PRC - [2009.09.12 08:48:03 | 000,693,016 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe
PRC - [2009.09.12 08:48:03 | 000,486,680 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgrsx.exe
PRC - [2009.09.12 08:48:00 | 000,595,736 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgnsx.exe
PRC - [2009.09.12 08:47:58 | 000,908,056 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgemc.exe
PRC - [2009.09.12 08:47:54 | 000,297,752 | -H-- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgwdsvc.exe
PRC - [2009.09.06 05:06:20 | 000,169,312 | -H-- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009.08.25 22:28:27 | 000,282,624 | RH-- | M] (France Telecom SA) -- C:\Programme\CardDetector\HUAWEI1752_1552\CardDetector.exe
PRC - [2009.08.25 20:06:20 | 000,077,824 | -H-- | M] (France Telecom SA) -- C:\Programme\Gemeinsame Dateien\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2009.07.09 11:22:18 | 000,144,712 | -H-- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009.05.21 11:13:58 | 000,206,064 | -H-- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtcmd.exe
PRC - [2008.08.13 23:04:44 | 000,201,968 | -H-- | M] (SupportSoft, Inc.) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe
PRC - [2008.08.04 00:02:20 | 000,036,352 | -H-- | M] () -- C:\Programme\Winamp\winampa.exe
PRC - [2008.07.09 08:05:20 | 000,919,016 | -H-- | M] (Zone Labs, LLC) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.07.09 08:05:18 | 000,075,304 | -H-- | M] (Zone Labs, LLC) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2008.02.26 10:57:28 | 000,128,296 | -H-- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008.02.22 12:43:38 | 001,245,184 | -H-- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.02.21 14:25:06 | 000,040,960 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\hidfind.exe
PRC - [2008.02.21 14:24:56 | 000,159,744 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\Apoint.exe
PRC - [2008.02.21 14:24:54 | 000,050,736 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApMsgFwd.exe
PRC - [2008.02.21 14:24:54 | 000,049,152 | -H-- | M] (Alps Electric Co., Ltd.) -- C:\Programme\DellTPad\ApntEx.exe
PRC - [2007.06.13 14:21:45 | 001,036,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.09.11 04:40:32 | 000,218,032 | -H-- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005.10.14 19:00:38 | 001,005,386 | -H-- | M] (Acronis) -- C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe
PRC - [2005.10.14 19:00:38 | 000,172,032 | -H-- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe
PRC - [2005.10.14 19:00:38 | 000,118,784 | -H-- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe
PRC - [2004.08.04 14:00:00 | 000,421,376 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.12 13:34:57 | 000,253,952 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe
MOD - [2012.11.12 13:17:30 | 000,346,624 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe
MOD - [2012.11.01 15:34:02 | 000,092,792 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012.10.29 09:58:42 | 002,295,264 | -H-- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.10.23 17:40:08 | 000,109,688 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
MOD - [2012.05.29 09:18:47 | 008,797,856 | -H-- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2010.03.04 16:55:34 | 000,147,456 | -H-- | M] () -- C:\WINDOWS\system32\HP1100LM.DLL
MOD - [2010.03.04 16:55:14 | 000,069,632 | -H-- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\HP1100PP.dll
MOD - [2009.01.20 07:57:09 | 005,449,728 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2009.01.20 07:55:32 | 007,867,392 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2009.01.20 07:55:24 | 011,485,184 | -H-- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2008.08.30 10:11:06 | 000,034,816 | -H-- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2008.08.04 00:02:20 | 000,036,352 | -H-- | M] () -- C:\Programme\Winamp\winampa.exe
MOD - [2008.07.09 08:06:24 | 000,194,032 | -H-- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\zpui.pyd
MOD - [2008.07.09 08:06:24 | 000,144,880 | -H-- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyexpat.pyd
MOD - [2008.07.09 08:06:24 | 000,046,576 | -H-- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\_socket.pyd
MOD - [2008.07.09 08:06:24 | 000,026,096 | -H-- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\signedDll.pyd
MOD - [2008.07.09 08:06:24 | 000,026,096 | -H-- | M] () -- C:\WINDOWS\system32\ZoneLabs\lib\pyd\pyvsinit.pyd
MOD - [2008.07.09 08:05:28 | 000,017,808 | -H-- | M] () -- C:\Programme\Zone Labs\ZoneAlarm\zlavscan_loc0407.dll
MOD - [2008.07.09 08:05:08 | 000,796,048 | -H-- | M] () -- C:\WINDOWS\system32\libeay32_0.9.6l.dll
MOD - [2008.05.15 20:40:10 | 000,139,264 | -H-- | M] () -- C:\WINDOWS\system32\preflib.dll
MOD - [2008.05.15 20:39:24 | 000,753,664 | -H-- | M] () -- C:\WINDOWS\system32\bcm1xsup.dll
MOD - [2008.02.22 12:45:06 | 000,098,304 | -H-- | M] () -- C:\Programme\Dell\QuickSet\dadkeyb.dll
MOD - [2007.07.23 15:04:46 | 000,068,080 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\dlaapi_w.dll
MOD - [2006.08.24 13:17:52 | 000,004,096 | -H-- | M] () -- C:\Programme\Messenger Plus! Live\Detoured.dll
MOD - [2005.10.13 12:53:36 | 000,090,223 | -H-- | M] () -- C:\Programme\Dell\QuickSet\preflibcl.dll
MOD - [2004.08.04 14:00:00 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012.10.29 09:58:42 | 000,115,168 | -H-- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.04 16:30:32 | 000,161,768 | -H-- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.10.27 10:34:30 | 000,718,384 | -H-- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.03.18 07:11:02 | 000,947,528 | -H-- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010.07.26 13:14:21 | 000,316,816 | -H-- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01)
SRV - [2010.04.23 11:22:46 | 000,867,080 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.07 13:57:42 | 000,099,896 | -H-- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPSIsvc.exe -- (HPSIService)
SRV - [2009.09.12 08:47:58 | 000,908,056 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009.09.12 08:47:54 | 000,297,752 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2009.09.06 05:06:20 | 000,169,312 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.08.25 20:06:20 | 000,077,824 | -H-- | M] (France Telecom SA) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2009.07.09 11:22:18 | 000,144,712 | -H-- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008.10.23 16:45:14 | 000,307,200 | -H-- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.08.13 23:04:44 | 000,201,968 | -H-- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Programme\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)
SRV - [2008.07.09 08:05:18 | 000,075,304 | -H-- | M] (Zone Labs, LLC) [Auto | Running] -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2007.07.11 09:33:28 | 000,069,632 | RH-- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2006.10.26 19:49:34 | 000,441,136 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005.10.14 19:00:38 | 000,172,032 | -H-- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.11.01 15:35:20 | 000,068,272 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsm.sys -- (pctplsm)
DRV - [2012.11.01 15:35:14 | 000,202,280 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012.10.31 14:21:28 | 000,260,760 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012.10.23 17:40:32 | 000,062,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012.10.22 16:38:28 | 000,368,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012.02.28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011.08.17 12:56:32 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.08.17 12:56:30 | 000,008,192 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.08.17 12:56:26 | 000,023,168 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.08.17 12:56:22 | 000,018,176 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.09.18 10:11:10 | 000,249,152 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\timntr.sys -- (timounter)
DRV - [2010.09.18 10:11:10 | 000,030,688 | -H-- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.09.18 10:11:07 | 000,096,320 | -H-- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\snapman.sys -- (snapman)
DRV - [2010.07.26 13:14:21 | 003,033,712 | -H-- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01)
DRV - [2010.03.06 00:40:57 | 000,017,408 | -H-- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2009.09.12 08:48:03 | 000,335,240 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.09.12 08:48:03 | 000,027,784 | -H-- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.06.15 12:45:36 | 000,102,656 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.06.15 12:45:36 | 000,102,400 | RH-- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.05.10 20:18:47 | 000,108,552 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008.08.26 10:26:12 | 000,018,816 | -H-- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.09 08:05:22 | 000,394,952 | -H-- | M] (Zone Labs, LLC) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008.05.15 20:40:02 | 001,123,328 | -H-- | M] (Broadcom Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.02.27 02:10:44 | 000,051,176 | -H-- | M] (Zone Labs, LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008.02.21 17:28:14 | 000,105,856 | -H-- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.02.21 14:38:30 | 000,043,480 | -H-- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.21 14:38:24 | 000,048,472 | -H-- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.02.21 14:24:52 | 000,155,136 | -H-- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008.02.21 14:21:58 | 004,625,408 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2008.02.20 03:52:54 | 000,034,688 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcampr5.sys -- (PCAMPR5)
DRV - [2008.02.20 03:52:54 | 000,032,128 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pcandis5.sys -- (PCANDIS5)
DRV - [2007.09.12 16:24:00 | 000,026,816 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.07.23 15:05:18 | 000,009,104 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007.07.23 15:04:58 | 000,037,360 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007.07.23 15:04:56 | 000,098,448 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007.07.23 15:04:56 | 000,093,552 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007.07.23 15:04:54 | 000,027,216 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007.07.23 15:04:52 | 000,032,848 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007.07.23 15:04:52 | 000,016,304 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007.07.23 15:04:50 | 000,108,752 | -H-- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007.07.23 14:49:44 | 000,030,064 | -H-- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007.07.23 14:49:44 | 000,014,576 | -H-- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007.07.19 14:10:28 | 000,127,768 | -H-- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2007.06.26 10:53:54 | 000,013,824 | -H-- | M] (T-Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tsmpkt.sys -- (TSMPacket)
DRV - [2005.08.12 16:50:46 | 000,016,128 | -H-- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPDRV.SYS -- (APPDRV)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1080830
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60747
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1080830
IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1080830
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.de/hws/sb/dell-row/de/side.html?channel=de-smb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=1080830
IE - HKCU\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
IE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747
IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://search.avg.com/route/?d=$instd$&v=$ver$&i=$dchid$&tp=chrome&q={searchTerms}&lng={moz:locale}&iy=&ychte=de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: avg@igeared:7.005.030.004
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fe_3.6@nokia.com:1.7.56.205
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1591.6512\npCIDetect13.dll (Google)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG8\Firefox [2009.12.22 09:32:15 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011.06.17 13:15:36 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2011.11.28 08:48:36 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Programme\Crawler\Toolbar\firefox\ [2012.11.14 07:38:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012.11.15 19:14:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.29 09:58:42 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.10.29 09:58:32 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2011.11.28 08:49:00 | 000,000,000 | -H-D | M]
[2008.09.02 14:18:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Extensions
[2012.10.24 14:46:28 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\mldvp6th.default\extensions
[2012.07.26 08:05:30 | 000,741,958 | -H-- | M] () (No name found) -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Mozilla\Firefox\Profiles\mldvp6th.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.10.29 09:58:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.10.29 09:58:29 | 000,000,000 | -H-D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.10.29 09:58:42 | 000,261,600 | -H-- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.04.19 09:32:32 | 000,001,392 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.17 10:30:24 | 000,002,465 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2007.07.26 13:05:16 | 000,001,329 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\crawlersrch.xml
[2012.04.19 09:32:32 | 000,001,153 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.19 09:32:32 | 000,006,805 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.19 09:32:32 | 000,001,178 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.19 09:32:32 | 000,001,105 | -H-- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programme\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Programme\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI1752_1552] C:\Programme\CardDetector\HUAWEI1752_1552\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [Dell QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\dell\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [pxMdWicSEXclEk.exe] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe ()
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [PdkpYXSaW9tBjP] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe ()
O4 - HKCU..\Run: [phonostarTimer] C:\Programme\phonostar-Player\phonostarTimer.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\DSL-Manager.lnk = C:\Programme\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1F831FA3-42FC-11D4-95A6-0080AD30DCE1} file://C:\Programme\AutoCAD LT 2002 Deu\InstFred.ocx (InstaFred)
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file://C:\Programme\AutoCAD LT 2002 Deu\AcDcToday.ocx (AcDcToday-Steuerung)
O16 - DPF: {AE563724-B4F5-11D4-A415-00108302FDFD} file://C:\Programme\AutoCAD LT 2002 Deu\InstBanr.ocx (NOXLATE-BANR)
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file://C:\Programme\AutoCAD LT 2002 Deu\AcPreview.ocx (AcPreview-Steuerung)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{900649E8-5B19-440F-9FD2-CD2E445C8FD1}: NameServer = 192.168.0.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Programme\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (avgrsstx.dll) - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.08.13 12:54:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{79325953-bb46-11e0-b448-002170985e9a}\Shell - "" = AutoRun
O33 - MountPoints2\{79325953-bb46-11e0-b448-002170985e9a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79325953-bb46-11e0-b448-002170985e9a}\Shell\AutoRun\command - "" = E:\AutoRunCardDetector.exe
O33 - MountPoints2\{a951715f-f513-11de-85b5-002170985e9a}\Shell\verb1\command - "" = desktop.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.11.15 23:37:43 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\****\Recent
[2012.11.15 23:28:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten-Dateien
[2012.11.15 23:27:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2012.11.15 19:18:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Malwarebytes
[2012.11.15 19:18:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.11.15 19:18:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.11.15 19:18:41 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.11.15 19:18:41 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.11.15 19:14:06 | 000,062,688 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012.11.15 19:14:05 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012.11.15 19:14:05 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012.11.15 19:14:05 | 000,150,648 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012.11.15 19:11:48 | 000,260,760 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012.11.15 19:11:26 | 000,019,464 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012.11.15 19:11:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
[2012.11.15 19:11:10 | 000,071,752 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012.11.15 19:11:10 | 000,068,272 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsm.sys
[2012.11.15 18:58:06 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2012.11.15 18:58:05 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2012.11.15 18:58:04 | 000,368,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012.11.15 18:58:04 | 000,163,288 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2012.11.15 18:58:02 | 000,202,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012.11.15 18:58:02 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2012.11.15 18:56:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.11.15 18:56:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2012.11.15 18:56:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TestApp
[2012.11.14 18:20:28 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\****\Desktop\hsr2.0cdromsetup
[2012.11.14 07:37:52 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Crawler Toolbar
[2012.11.14 07:37:49 | 000,000,000 | -H-D | C] -- C:\Programme\Crawler
[2012.11.14 07:32:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Spyware Terminator
[2012.11.14 07:32:32 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2012.11.14 07:32:31 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
[2012.11.14 07:19:41 | 000,000,000 | -H-D | C] -- C:\Programme\Spyware Terminator
[2012.11.13 14:25:15 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\****\Desktop\ORCA AVA
[2012.11.12 14:02:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\NtmsData
[2012.11.12 13:35:02 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\File Restore
[2012.10.29 09:58:28 | 000,000,000 | -H-D | C] -- C:\Programme\Mozilla Firefox
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.11.15 23:35:39 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.11.15 23:34:18 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\xiwu56j3.exe
[2012.11.15 23:34:07 | 222,744,608 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2012.11.15 23:29:17 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2012.11.15 23:28:31 | 000,074,083 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.11.15 23:26:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\****\Desktop\OTL.exe
[2012.11.15 23:24:35 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2012.11.15 19:18:43 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.15 19:11:27 | 000,001,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012.11.15 18:58:17 | 000,514,298 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012.11.15 16:27:05 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.11.15 16:16:17 | 000,000,120 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-PdkpYXSaW9tBjP
[2012.11.15 16:15:20 | 000,000,592 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP
[2012.11.15 16:10:14 | 000,358,382 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.11.15 16:09:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.11.15 16:09:43 | 2137,444,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.15 12:17:21 | 002,616,644 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2012.11.15 09:05:57 | 000,000,144 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-PdkpYXSaW9tBjPr
[2012.11.14 07:32:31 | 000,000,705 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2012.11.13 14:25:15 | 000,000,300 | -H-- | M] () -- C:\WINDOWS\AVASETUP.INI
[2012.11.13 14:25:11 | 000,000,439 | -H-- | M] () -- C:\WINDOWS\AVAIMP.INI
[2012.11.12 17:34:04 | 000,080,070 | -H-- | M] () -- C:\Fenster-_Balkontürtypen - UNILUX AG - Fenster und Türen.pdf
[2012.11.12 13:35:02 | 000,000,845 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\File_Restore.lnk
[2012.11.12 13:34:57 | 000,253,952 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe
[2012.11.12 13:31:10 | 000,000,625 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Startmenü\Programme\Autostart\DSL-Manager.lnk
[2012.11.12 13:17:30 | 000,346,624 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe
[2012.11.12 09:42:09 | 000,002,509 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Microsoft Office Word 2003.lnk
[2012.11.07 14:42:24 | 000,000,871 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel
[2012.11.07 14:26:24 | 000,060,510 | -H-- | M] () -- C:\Dokumente und Einstellungen\****\Desktop\Unbenannt.jpg
[2012.11.01 15:35:20 | 000,068,272 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsm.sys
[2012.11.01 15:35:18 | 000,071,752 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2012.11.01 15:35:14 | 000,202,280 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2012.11.01 15:35:10 | 000,019,464 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2012.10.31 14:21:28 | 000,260,760 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2012.10.23 17:40:32 | 000,062,688 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2012.10.23 17:40:28 | 000,150,648 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2012.10.23 17:40:26 | 002,280,568 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2012.10.23 17:40:26 | 001,690,744 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2012.10.23 17:40:00 | 000,769,144 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2012.10.23 16:30:44 | 000,003,488 | ---- | M] () -- C:\WINDOWS\UDB.zip
[2012.10.23 16:30:44 | 000,000,882 | ---- | M] () -- C:\WINDOWS\RegSDImport.xml
[2012.10.23 16:30:44 | 000,000,879 | ---- | M] () -- C:\WINDOWS\RegISSImport.xml
[2012.10.23 16:30:44 | 000,000,131 | ---- | M] () -- C:\WINDOWS\IDB.zip
[2012.10.22 16:38:28 | 000,368,616 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2012.10.22 16:38:26 | 000,163,288 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.11.15 23:34:19 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\xiwu56j3.exe
[2012.11.15 23:29:17 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\****\defogger_reenable
[2012.11.15 23:28:30 | 000,074,083 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\69886-alle-hilfesuchenden-eroeffnung-themas-beachten.html
[2012.11.15 23:24:37 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Defogger.exe
[2012.11.15 19:18:43 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.11.15 19:14:06 | 000,769,144 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012.11.15 19:14:06 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2012.11.15 19:14:06 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2012.11.15 19:14:05 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2012.11.15 19:14:05 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2012.11.15 19:11:27 | 000,001,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2012.11.15 18:58:06 | 000,514,298 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2012.11.14 16:38:01 | 2137,444,352 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.14 07:32:33 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2012.11.14 07:32:31 | 000,000,705 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2012.11.12 17:34:02 | 000,080,070 | -H-- | C] () -- C:\Fenster-_Balkontürtypen - UNILUX AG - Fenster und Türen.pdf
[2012.11.12 17:13:04 | 000,000,144 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-PdkpYXSaW9tBjPr
[2012.11.12 17:13:04 | 000,000,120 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\-PdkpYXSaW9tBjP
[2012.11.12 13:35:02 | 000,000,845 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\File_Restore.lnk
[2012.11.12 13:34:58 | 000,000,592 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP
[2012.11.12 13:34:57 | 000,253,952 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe
[2012.11.12 13:19:44 | 000,346,624 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe
[2012.11.07 14:42:24 | 000,000,871 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\.recently-used.xbel
[2012.11.07 14:26:23 | 000,060,510 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\Desktop\Unbenannt.jpg
[2012.03.10 20:44:25 | 001,511,424 | -H-- | C] () -- C:\WINDOWS\System32\HP1100SM.EXE
[2012.03.10 20:44:25 | 000,147,456 | -H-- | C] () -- C:\WINDOWS\System32\HP1100LM.DLL
[2012.03.10 20:44:04 | 000,081,920 | -H-- | C] () -- C:\WINDOWS\System32\mvusbews.dll
[2012.03.10 20:44:01 | 000,054,272 | -H-- | C] () -- C:\WINDOWS\System32\HP1100SMs.dll
[2012.03.10 20:43:56 | 000,284,160 | -H-- | C] () -- C:\WINDOWS\System32\mvhlewsi.dll
[2009.01.20 07:53:03 | 000,522,384 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2008.10.11 16:52:12 | 000,055,808 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.02 13:21:00 | 000,014,852 | -H-- | C] () -- C:\Programme\settings.dat
[2008.09.02 11:49:15 | 015,728,640 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\NTUSER.bak
[2008.09.02 11:49:15 | 000,000,140 | -H-- | C] () -- C:\Dokumente und Einstellungen\****\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2004.08.13 13:02:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.21 08:01:11 | 001,494,528 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2004.08.04 14:00:00 | 000,472,064 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 14:00:00 | 000,273,920 | -H-- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2010.04.19 06:51:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010.09.18 10:16:23 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2010.11.01 12:33:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2008.12.23 10:41:43 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.05.22 16:30:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJPLM
[2012.05.21 13:04:16 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJSolutionMenuEX
[2012.05.21 13:00:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt
[2010.04.23 12:08:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData
[2012.07.30 07:33:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kummert GmbH
[2008.09.02 14:47:28 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2009.02.22 16:25:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Messenger Plus!
[2011.11.28 08:48:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.11.09 13:41:13 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010.11.09 14:03:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2012.11.15 16:16:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2008.08.30 10:12:00 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SupportSoft
[2010.10.29 14:49:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2012.11.15 19:46:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.09.09 13:48:08 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.04.19 06:52:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ACD Systems
[2008.11.08 12:02:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Autodesk
[2009.05.22 11:14:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\AVGTOOLBAR
[2012.05.21 13:04:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Canon
[2008.09.22 08:41:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DeepBurner
[2012.11.12 13:38:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox
[2012.04.26 16:04:22 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\DVDVideoSoft
[2012.08.10 13:59:34 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\gtk-2.0
[2011.10.28 16:18:49 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Haite
[2010.01.22 21:45:27 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\InfraRecorder
[2011.12.13 11:16:55 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Inkscape
[2009.12.30 12:22:37 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\iTag
[2010.04.08 13:33:10 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\MSNInstaller
[2011.11.28 08:47:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Nokia
[2010.11.09 14:05:31 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Nokia Ovi Suite
[2011.11.28 09:14:56 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Nokia Suite
[2010.01.06 16:39:11 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org
[2008.09.02 13:37:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\OpenOffice.org3
[2012.05.29 09:21:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Oracle
[2011.02.12 23:41:40 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\PC Suite
[2010.08.01 11:45:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\phonostar GmbH
[2009.07.13 23:01:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Pro Cycling Manager 2007
[2010.07.29 13:53:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Pro Cycling Manager 2009
[2010.04.12 07:14:03 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\RayV
[2011.02.01 13:37:48 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\ReportStd
[2012.11.14 07:32:32 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Spyware Terminator
[2008.10.05 23:31:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\temp
[2012.11.15 18:56:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\TestApp
[2011.12.27 16:15:18 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\Wise Registry Cleaner
[2012.11.15 16:40:17 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\****\Anwendungsdaten\XnView
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 165 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 15.11.2012 23:30:18 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\****\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,50 Gb Available Physical Memory | 25,13% Memory free
3,84 Gb Paging File | 2,47 Gb Available in Paging File | 64,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 148,95 Gb Total Space | 22,02 Gb Free Space | 14,78% Space Free | Partition Type: NTFS
Drive Z: | 917,07 Gb Total Space | 481,87 Gb Free Space | 52,54% Space Free | Partition Type: NTFS
Computer Name: ST06 | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Programme\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe" = C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" = C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program -- (CyberLink Corp.)
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Programme\Cyanide\GameCenter\GameCenter.exe" = C:\Programme\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter -- (Cyanide)
"C:\SpieleTobias\Tour de France 2009 - Der offizielle Radsport-Manager\PCM.exe" = C:\SpieleTobias\Tour de France 2009 - Der offizielle Radsport-Manager\PCM.exe:*:Enabled:Tour de France 2009 - Der offizielle Radsport-Manager -- (Cyanide)
"C:\SpieleTobias\Tour de France 2009 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe" = C:\SpieleTobias\Tour de France 2009 - Der offizielle Radsport-Manager\Autorun\Exe\Autorun.exe:*:Enabled:Tour de France 2009 - Der offizielle Radsport-Manager - AutoRun -- ()
"C:\Programme\Orange\IEWInternet\Connectivity\ConnectivityManager.exe" = C:\Programme\Orange\IEWInternet\Connectivity\ConnectivityManager.exe:*:enabled:CSS -- (France Telecom SA)
"C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\****\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4900_series" = Canon iP4900 series Printer Driver
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1882D3BE-8B8F-4EA3-9414-EB06CD5B9CD8}" = Modem Diagnostics Tool
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{412033BC-44CF-48D9-B813-4B835101F4D3}" = Adobe Illustrator 10
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53AD87D3-72AE-4D07-8A7A-1F4D54E83777}" = ACDSee Foto-Editor
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5783F2D7-0109-0407-0000-0060B0CE6BBA}" = AutoCAD LT 2002 - Deutsch
"{587CC611-95FA-442B-852D-A9B0DEC5C09B}" = MainConceptDemoCodecs
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF88496B-4BBA-4922-97E9-2582D3A28358}" = Nokia Connectivity Cable Driver
"{BEWINTERNET-FR-DMGP-V2}.UninstallSuite" = Internet Everywhere
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA83357B-931E-44DC-AD43-9996FEEB8116}" = Acronis*True*Image
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DB24A9E5-A068-43DD-88D0-B51BED3C0B99}" = Nokia Suite
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AnswerWorks" = AnswerWorks Runtime
"AVG8Uninstall" = AVG Free 8.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Karte
"Browser Defender_is1" = Browser Guard 4.0
"Canon iP4900 series Benutzerregistrierung" = Canon iP4900 series Benutzerregistrierung
"Canon iP4900 series On-screen Manual" = Canon iP4900 series On-screen Manual
"CardDetectorHUAWEI1752_1552" = Card Detector for Huawei E1752 and E1552
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"CToolbar_UNINSTALL" = Web Security Guard with Crawler Toolbar
"E.M. PowerPoint Video Converter_is1" = E.M. PowerPoint Video Converter 2.30
"FastStone Image Viewer" = FastStone Image Viewer 3.6
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 5.0.9.412
"GameCenter" = GameCenter
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP LaserJet Professional P1100-P1560-P1600 Series" = HP LaserJet Professional P1100-P1560-P1600 Series
"IC-Report Standard" = IC-Report Standard
"InfraRecorder" = InfraRecorder
"Inkscape" = Inkscape 0.48.2
"IrfanView" = IrfanView (remove only)
"iTag" = iTag
"jZip" = jZip
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSNINST" = MSN
"Nokia Suite" = Nokia Suite
"ORCA AVA" = ORCA AVA
"PDFCreator Toolbar" = PDFCreator Toolbar
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.7
"Pro Cycling Manager 2009_is1" = Tour de France 2009 - Der offizielle Radsport-Manager 1.0.0.1
"SearchAssist" = SearchAssist
"Spyware Doctor" = PC Tools Spyware Doctor 9.1
"SUPER ©" = SUPER © Version 2009.bld.35 (Jan 5, 2009)
"ThumbsPlus 3.21" = ThumbsPlus Version 3.21-R
"VLC media player" = VLC media player 0.9.8a
"Volo View Express" = Volo View Express
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"web2date" = DATA BECKER web to date 5
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 6.14
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 14.11.2012 12:45:34 | Computer Name = ST06 | Source = LoadPerf | ID = 3013
Description = Die Die Zeichenfolgen der Leistungsindikatoren der Sprachenkennung
007 konnten nicht aktualisiert werden. Der zurückgegebene Win32-Status ist das erste
DWORD im Datenbereich.
Error - 14.11.2012 12:45:34 | Computer Name = ST06 | Source = LoadPerf | ID = 3009
Error - 14.11.2012 12:46:27 | Computer Name = ST06 | Source = LoadPerf | ID = 3013
Description = Die Die Zeichenfolgen der Leistungsindikatoren der Sprachenkennung 007 konnten nicht aktualisiert werden.
Der zurückgegebene Win32-Status ist das erste DWORD im Datenbereich.
Error - 14.11.2012 12:46:27 | Computer Name = ST06 | Source = LoadPerf | ID = 3009
Error - 15.11.2012 03:38:08 | Computer Name = ST06 | Source = LoadPerf | ID = 3013
Description = Die Die Zeichenfolgen der Leistungsindikatoren der Sprachenkennung
007 konnten nicht aktualisiert werden. Der zurückgegebene Win32-Status ist das erste
DWORD im Datenbereich.
Error - 15.11.2012 03:38:08 | Computer Name = ST06 | Source = LoadPerf | ID = 3009
Error - 15.11.2012 03:38:32 | Computer Name = ST06 | Source = LoadPerf | ID = 3013
Description = Die Die Zeichenfolgen der Leistungsindikatoren der Sprachenkennung 007 konnten nicht aktualisiert werden.
Der zurückgegebene Win32-Status ist das erste DWORD im Datenbereich.
Error - 15.11.2012 03:38:32 | Computer Name = ST06 | Source = LoadPerf | ID = 3009
Error - 15.11.2012 11:10:19 | Computer Name = ST06 | Source = LoadPerf | ID = 3013
Description = Die Die Zeichenfolgen der Leistungsindikatoren der Sprachenkennung
007 konnten nicht aktualisiert werden. Der zurückgegebene Win32-Status ist das erste
DWORD im Datenbereich.
Error - 15.11.2012 11:10:19 | Computer Name = ST06 | Source = LoadPerf | ID = 3009
Error - 15.11.2012 11:15:00 | Computer Name = ST06 | Source = LoadPerf | ID = 3013
Description = Die Die Zeichenfolgen der Leistungsindikatoren der Sprachenkennung 007 konnten nicht aktualisiert werden.
Der zurückgegebene Win32-Status ist das erste DWORD im Datenbereich.
Error - 15.11.2012 11:15:00 | Computer Name = ST06 | Source = LoadPerf | ID = 3009
Error - 15.11.2012 11:16:00 | Computer Name = ST06 | Source = LoadPerf | ID = 3013
Description = Die Die Zeichenfolgen der Leistungsindikatoren der Sprachenkennung
007 konnten nicht aktualisiert werden. Der zurückgegebene Win32-Status ist das erste
DWORD im Datenbereich.
Error - 15.11.2012 11:16:00 | Computer Name = ST06 | Source = LoadPerf | ID = 3009
Error encountered while reading event logs.
< End of report >
--- --- ---
[code]
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-16 07:16:09
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01
Running: xiwu56j3.exe; Driver: C:\DOKUME~1\Standop\LOKALE~1\Temp\pxtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwConnectPort [0x9CF26040]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateFile [0x9CF22930]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0x9AE0F088]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreatePort [0x9CF26510]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x9ADDBB60]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x9ADDBE28]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateSection [0x9CF2FFD0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwCreateWaitablePort [0x9CF26600]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDeleteFile [0x9CF22F20]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0x9AE0FE68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0x9AE10180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwDuplicateObject [0x9CF2C580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwLoadKey [0x9CF2E8B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenFile [0x9CF22D70]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0x9AE0E1CC]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenProcess [0x9CF2C350]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwOpenThread [0x9CF2C150]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0x9AE1064A]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwReplaceKey [0x9CF2ECB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRequestWaitReplyPort [0x9CF25C00]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwRestoreKey [0x9CF2F080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSecureConnectPort [0x9CF26220]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs, LLC) ZwSetInformationFile [0x9CF23120]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0x9AE0F3E8]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x9ADDB75E]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2C4C 80503B28 12 Bytes [10, 65, F2, 9C, 60, BB, DD, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D1C 80503BF8 4 Bytes CALL BC9CD8EF
.text ntkrnlpa.exe!ZwCallbackReturn + 2F70 80503E4C 4 Bytes CALL ECEB1F44
? srescan.sys Das System kann die angegebene Datei nicht finden. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\ntvdm.exe[412] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02A00001
.text C:\Programme\DellTPad\Apoint.exe[448] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00EA0001
.text C:\WINDOWS\system32\wscntfy.exe[840] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A50001
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pxMdWicSEXclEk.exe[956] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E40001
.text C:\WINDOWS\Explorer.EXE[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01AF0001
.text ...
.text C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[2596] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 00450055 C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
.text C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[2648] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01140001
.text C:\Programme\Dell Support Center\bin\sprtcmd.exe[2912] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 03DA0001
.text C:\Programme\iTunes\iTunesHelper.exe[2972] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 099B0001
.text C:\WINDOWS\system32\wuauclt.exe[2976] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01460001
.text C:\Programme\Acronis\TrueImage\TrueImageMonitor.exe[3076] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01100001
.text ...
.text C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[3596] kernel32.dll!ExitProcess 7C81CDDA 5 Bytes JMP 05051F3E C:\Programme\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[3596] USER32.dll!MessageBoxA 7E3A058A 5 Bytes JMP 05051EE8 C:\Programme\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe[3596] USER32.dll!MessageBoxW 7E3B630A 5 Bytes JMP 05051F13 C:\Programme\Google\Google Desktop Search\GoogleServices.DLL (Google Desktop/Google)
.text C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe[3684] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02690001
.text C:\Programme\Skype\Phone\Skype.exe[3772] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02F70001
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00EC0001
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001E20 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001C60 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001BE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001EE0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001CF0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001F50 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001D80 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] ADVAPI32.dll!CryptDeriveKey 77DBA685 7 Bytes JMP 28001000 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] ADVAPI32.dll!CryptDecrypt 77DBA7B1 2 Bytes JMP 28001060 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] ADVAPI32.dll!CryptDecrypt + 3 77DBA7B4 4 Bytes [24, B0, CC, CC] {AND AL, 0xb0; INT 3 ; INT 3 }
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!GetWindowLongW 7E3688A6 7 Bytes JMP 28006A20 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 280045E0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 28003CA0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!SetWindowRgn 7E36FFB2 7 Bytes JMP 28005F00 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!LoadIconW 7E370894 5 Bytes JMP 28006880 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!LoadImageW 7E372CFE 5 Bytes JMP 28006690 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!CreateDialogParamW 7E377D4F 5 Bytes JMP 28006040 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!SetWindowPlacement 7E37D84C 5 Bytes JMP 28005DC0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 28006230 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] USER32.dll!TrackPopupMenuEx 7E3BCD28 5 Bytes JMP 28004EC0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WS2_32.dll!send 71A1428A 5 Bytes JMP 2800B800 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WS2_32.dll!WSARecv 71A14318 5 Bytes JMP 2800B5E0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WS2_32.dll!recv 71A1615A 5 Bytes JMP 2800B440 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WS2_32.dll!WSASend 71A16233 5 Bytes JMP 2800B9E0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WS2_32.dll!closesocket 71A19639 5 Bytes JMP 2800BC20 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] SHELL32.dll!Shell_NotifyIconW 7E6D1B92 5 Bytes JMP 28003400 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] ole32.dll!CoInitializeEx 774C42F3 5 Bytes JMP 28002260 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] ole32.dll!CoCreateInstance 774F6009 5 Bytes JMP 28002600 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] ole32.dll!CoRegisterClassObject 77511BFC 5 Bytes JMP 28002360 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WININET.dll!HttpOpenRequestA 7719368D 5 Bytes JMP 2800A2C0 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WININET.dll!InternetCloseHandle 77194D4C 5 Bytes JMP 2800A600 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WININET.dll!HttpSendRequestA 771960D9 5 Bytes JMP 2800A530 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Programme\Windows Live\Messenger\msnmsgr.exe[3804] WININET.dll!InternetReadFile 7719828C 5 Bytes JMP 2800A450 C:\Programme\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe[3972] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 042A0001
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe[3972] explorer.exe 01C71986 1 Byte [03]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe[3972] explorer.exe 01C7198A 1 Byte [00]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe[3972] explorer.exe 01C7198E 1 Byte [01]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe[3972] explorer.exe 01C71992 1 Byte [00]
.text C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PdkpYXSaW9tBjP.exe[3972] explorer.exe 01C71996 1 Byte [00]
.text ...
.text C:\Programme\Skype\Plugin Manager\skypePM.exe[4032] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01210001
.text C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[4168] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 004508F9 C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)
.text C:\WINDOWS\explorer.exe[4344] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01160001
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\Tcp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
Device \Driver\Tcpip \Device\Udp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\RawIp pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \Driver\Tcpip \Device\IPMULTICAST pctgntdi.sys (PC Tools Generic TDI Driver/PC Tools)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Services - GMER 1.0.15 ----
Service C:\Programme\Dell (*** hidden *** ) [AUTO] sprtsvc_dellsupportcenter <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
--- --- ---
Zusammenfassung: PC funktioniert, aber der Virus ist da und macht die ganze Sache unübesichtlich und lästig. Auch alle Daten sind da, extern gesichert.
Wäre klasse, wenn Ihr mir helfen könnt. Danke schon mal fürs Ansehen!
Kleines update: Der schwarze Bildschirmhintergrund ist inzwischen einem "normalen" blauen gewichen, die icons auf dem Desktop bleiben und verschwinden nicht mehr (sind aber "flau" angezeigt, wie im Explorer, siehe oben), und es gibt nicht mehr die unzähligen Fehlermeldungen allel paar Minuten. Also leichte Besserung. Kann sein, dass es daran liegt, dass der Trojaner vielleicht jetzt in Quarantäne ist. Aber das Startmenü ist immer noch leer (bis auf vier Anwendungen, von denen zwei (open office) nicht funktionieren, weil die Unterordner angeblich leer sind).
Rechengeschwindigkeit normal, war vorher weder besser, noch schlechter. Aber das System ist halt irgendwie noch zerschossen. Zum Beispiel gibt's bei "Start" auch keine weiteren Anwendungen wie "Ausführen", oder "Systemsteuerung".
Aber der Windows taskmanager geht wieder, gestern war auch der nicht funktionabel. |
WARNUNG an die MITLESER: 
