Hallo, vielen Dank für die Antwort. Hier ist der erste Teil:
Zoek.exe Version 4.0.0.2 Updated 23-04-2013
Tool run by Désirée on 02.05.2013 at 18:45:38,00.
Microsoft Windows XP Home Edition 5.1.2600 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
02.05.2013 18:46:28 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
hier Teil zwei:OTL Logfile:
Code:
OTL logfile created on: 02.05.2013 19:08:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Dokumente und Einstellungen\Désirée\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 431,42 Mb Available Physical Memory | 42,16% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,40% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 48,83 Gb Total Space | 17,13 Gb Free Space | 35,08% Space Free | Partition Type: NTFS
Drive D: | 25,69 Gb Total Space | 14,49 Gb Free Space | 56,41% Space Free | Partition Type: NTFS
Computer Name: DAPHNE | User Name: Désirée | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.05.02 19:07:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Dokumente und Einstellungen\Désirée\Eigene Dateien\Downloads\OTL.exe
PRC - [2013.02.05 17:48:44 | 000,272,248 | ---- | M] (McAfee, Inc.) -- D:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe
PRC - [2012.07.05 08:51:36 | 000,924,600 | ---- | M] (Mozilla Corporation) -- D:\Programme\Mozilla Firefox\firefox.exe
PRC - [2010.11.03 20:08:31 | 000,405,249 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\update.exe
PRC - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
PRC - [2010.03.24 16:03:24 | 000,796,784 | ---- | M] (Tesline-Service SRL) -- D:\Programme\Rohos\agent.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- D:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2005.06.21 15:09:58 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- D:\WINDOWS\SOUNDMAN.EXE
PRC - [2004.08.04 14:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2013.03.13 18:52:42 | 014,717,144 | ---- | M] () -- D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2012.07.05 08:51:34 | 001,952,696 | ---- | M] () -- D:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
MOD - [2009.01.28 16:03:49 | 000,326,401 | ---- | M] () -- D:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.10.20 08:38:13 | 000,126,721 | ---- | M] () -- D:\Programme\Avira\AntiVir Desktop\scewxmlw.dll
MOD - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () -- D:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
MOD - [2006.10.26 13:56:46 | 000,757,008 | ---- | M] () -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2004.08.04 14:00:00 | 000,014,336 | ---- | M] () -- D:\WINDOWS\system32\msdmo.dll
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\wuauserv.dll -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.13 18:52:44 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- D:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.07.05 08:51:35 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- D:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.05.08 13:48:36 | 000,229,376 | ---- | M] () [Auto | Running] -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.24 16:03:24 | 000,796,784 | ---- | M] (Tesline-Service SRL) [Auto | Running] -- D:\Programme\Rohos\agent.exe -- (Rohos Disk)
SRV - [2010.02.07 22:59:21 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.09.19 11:38:02 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2008.09.19 11:37:58 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2008.09.19 11:37:36 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007.09.11 01:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- D:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006.10.26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- D:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- D:\DOKUME~1\DSIRE~1\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2010.04.09 15:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.03.25 10:08:30 | 000,105,728 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.03.20 11:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.20 10:28:00 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.12.17 00:23:35 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.12.07 21:43:14 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.07.24 10:43:26 | 000,033,280 | ---- | M] (Tesline-Service SRL) [Kernel | Auto | Running] -- D:\Programme\Rohos\rhdisk.sys -- (RHDISK)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2005.08.12 11:16:30 | 000,845,356 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.08.09 22:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.07.13 17:26:52 | 003,851,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2005.03.04 11:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004.10.29 19:48:10 | 003,222,784 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- D:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\..\URLSearchHook: {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found
IE - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: D:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.8.1: C:\BrowserPlusPlugins\b5407f9601ba4ef11ee6bb967513fd17\npybrowserplus_2.8.1.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: D:\Programme\Mozilla Firefox\components [2012.07.05 08:51:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: D:\Programme\Mozilla Firefox\plugins [2012.07.05 08:51:50 | 000,000,000 | ---D | M]
[2009.08.10 22:04:29 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Extensions
[2012.10.23 12:48:34 | 000,000,000 | ---D | M] (No name found) -- D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default\extensions
[2012.07.05 08:52:53 | 000,020,591 | ---- | M] () (No name found) -- D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.07.04 15:22:11 | 000,000,000 | ---D | M] (No name found) -- D:\Programme\Mozilla Firefox\extensions
[2010.04.26 19:45:48 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- D:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012.07.05 08:51:41 | 000,097,208 | ---- | M] (Mozilla Foundation) -- D:\Programme\mozilla firefox\components\browsercomps.dll
[2012.07.05 08:51:25 | 000,001,392 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.05 08:51:25 | 000,002,252 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.07.05 08:51:25 | 000,001,153 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.05 08:51:24 | 000,006,805 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.05 08:51:24 | 000,001,178 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.05 08:51:24 | 000,001,105 | ---- | M] () -- D:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - D:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {990af1c2-5a27-4460-8149-ecc6bc122af3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AlcWzrd] D:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] D:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [SoundMan] D:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-1715567821-1417001333-839522115-1005..\Run: [ccleaner] D:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - Startup: D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = D:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1417001333-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Programme\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CC0EC2D-EC6F-4D23-97F3-DC0BFA6B76D9}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - D:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - D:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (D:\WINDOWS\system32\userinit.exe) - D:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - D:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.10 19:25:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{93e96bd4-cbd2-11de-8a23-0013ce735f8d}\Shell\AutoRun\command - "" = F:\installer.exe
O33 - MountPoints2\{93e96bd4-cbd2-11de-8a23-0013ce735f8d}\Shell\verb\command - "" = F:\installer.exe
O33 - MountPoints2\{a9c4e136-9b46-11e1-8fb2-0013ce735f8d}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c4e136-9b46-11e1-8fb2-0013ce735f8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9c4e136-9b46-11e1-8fb2-0013ce735f8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{a9c4e13a-9b46-11e1-8fb2-0013ce735f8d}\Shell - "" = AutoRun
O33 - MountPoints2\{a9c4e13a-9b46-11e1-8fb2-0013ce735f8d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a9c4e13a-9b46-11e1-8fb2-0013ce735f8d}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.02 18:56:46 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2013.05.02 18:56:42 | 000,000,000 | RH-D | C] -- D:\Dokumente und Einstellungen\Désirée\Recent
[2013.05.02 18:54:26 | 000,000,000 | ---D | C] -- D:\WINDOWS\Temp
[2013.04.29 11:35:54 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Désirée\Desktop\Mietsache Augartenstraße
[2013.04.27 23:00:26 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Désirée\Desktop\Werbung 2012
[2013.04.27 21:54:36 | 000,000,000 | ---D | C] -- D:\Dokumente und Einstellungen\Désirée\Desktop\Syrien Bilder
[8 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.02 18:55:42 | 000,002,048 | --S- | M] () -- D:\WINDOWS\bootstat.dat
[2013.05.02 18:50:22 | 000,000,884 | ---- | M] () -- D:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.02 18:45:32 | 000,024,064 | ---- | M] () -- D:\WINDOWS\zoek-delete.exe
[2013.05.01 19:00:33 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2013.04.21 10:12:03 | 000,000,000 | ---- | M] () -- D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\AVSDVDPlayer.m3u
[2013.04.17 19:57:37 | 000,067,291 | ---- | M] () -- D:\Dokumente und Einstellungen\Désirée\Desktop\Leave and Learn.gif
[8 D:\WINDOWS\*.tmp files -> D:\WINDOWS\*.tmp -> ]
[1 D:\WINDOWS\System32\*.tmp files -> D:\WINDOWS\System32\*.tmp -> ]
[1 D:\*.tmp files -> D:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.02 18:54:26 | 000,024,064 | ---- | C] () -- D:\WINDOWS\zoek-delete.exe
[2013.04.17 19:57:35 | 000,067,291 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Desktop\Leave and Learn.gif
[2011.04.18 14:21:58 | 000,216,715 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Word and Press
[2011.01.02 17:54:24 | 000,186,760 | ---- | C] () -- D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.08.17 22:27:17 | 000,001,490 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\.recently-used.xbel
[2010.03.16 23:01:05 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\AVSDVDPlayer.m3u
[2010.03.01 21:51:52 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Anwendungsdaten\rx_image.Cache
[2010.02.13 20:45:51 | 000,002,828 | -HS- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.02.13 20:45:51 | 000,000,088 | RHS- | C] () -- D:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6EBCB2DC45.sys
[2010.02.13 20:25:40 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\AVSMediaPlayer.m3u
[2009.11.07 22:34:35 | 000,001,410 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\gsview32.ini
[2009.08.11 16:14:40 | 000,000,140 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.08.11 15:56:11 | 000,000,000 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\wklnhst.dat
[2009.08.10 20:10:27 | 000,030,720 | ---- | C] () -- D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009.08.10 19:28:38 | 000,000,227 | RHS- | M] () -- D:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 18:18:27 | 001,506,304 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:18:19 | 000,473,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = D:\WINDOWS\system32\wbem\wbemess.dll -- [2004.08.04 14:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
--- --- ---
und der Rest:OTL Logfile:
Code:
OTL Extras logfile created on: 02.05.2013 19:08:22 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Dokumente und Einstellungen\Désirée\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,36 Mb Total Physical Memory | 431,42 Mb Available Physical Memory | 42,16% Memory free
2,40 Gb Paging File | 1,91 Gb Available in Paging File | 79,40% Paging File free
Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Programme
Drive C: | 48,83 Gb Total Space | 17,13 Gb Free Space | 35,08% Space Free | Partition Type: NTFS
Drive D: | 25,69 Gb Total Space | 14,49 Gb Free Space | 56,41% Space Free | Partition Type: NTFS
Computer Name: DAPHNE | User Name: Désirée | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1715567821-1417001333-839522115-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"D:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Programme\Microsoft Office\Office12\GROOVE.EXE" = D:\Programme\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = D:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Programme\Skype\Plugin Manager\skypePM.exe" = D:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"D:\Programme\IncrediMail\Bin\IncMail.exe" = D:\Programme\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail
"D:\Programme\IncrediMail\Bin\ImApp.exe" = D:\Programme\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail
"D:\Programme\IncrediMail\Bin\ImpCnt.exe" = D:\Programme\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail
"D:\Programme\Skype\Phone\Skype.exe" = D:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4200" = Canon iP4200
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{54178A9B-7B4B-4B24-B863-7B44EBF28318}" = ODF Add-In für Microsoft Office
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Amazon Kindle" = Amazon Kindle
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"ATI Display Driver" = ATI Display Driver
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"BlackBerry_{84F1B62A-E6F6-458E-BC19-51DBB14055EA}" = BlackBerry Desktop Software 4.7
"CCleaner" = CCleaner (remove only)
"Circuit Construction Kit (DC Only)" = Circuit Construction Kit (DC Only)
"Circuit Construction Kit (DC Only), Virtual Lab" = Circuit Construction Kit (DC Only), Virtual Lab
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Gas Properties" = Gas Properties
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"GSview 4.9" = GSview 4.9
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Rohos_Rohos22_is1" = Rohos Mini Drive 1.7
"Rutherford Scattering" = Rutherford Scattering
"SMSERIAL" = Motorola SM56 Data Fax Modem
"States of Matter" = States of Matter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Greenhouse Effect" = The Greenhouse Effect
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Weight Watchers FlexPoints" = Weight Watchers FlexPoints
"WEKA BILDANALYSE 4_5" = Bildanalyse 4.5
"WEKA KUNST SAMMLER 4_0" = Kunst Sammler 4.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Wondershare BlackBerry Converter Suite_is1" = Wondershare BlackBerry Converter Suite(Build 4.2.1.0)
"Wondershare DVD to BlackBerry Converter_is1" = Wondershare DVD to BlackBerry Converter(Build 4.2.1.0)
"Wondershare Video Converter for BlackBerry_is1" = Wondershare Video Converter for BlackBerry(Build 4.2.1.0)
"WordToPDF_is1" = WordToPDF 2.4
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1715567821-1417001333-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 20.03.2013 16:25:01 | Computer Name = DAPHNE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 20.03.2013 16:25:01 | Computer Name = DAPHNE | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 31.03.2013 07:20:53 | Computer Name = DAPHNE | Source = LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter
ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich
und der Werte LastHelp ist das dritte DWORD im Datenbereich.
Error - 31.03.2013 07:20:53 | Computer Name = DAPHNE | Source = LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter
ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich
und der Werte LastHelp ist das dritte DWORD im Datenbereich.
Error - 31.03.2013 07:20:53 | Computer Name = DAPHNE | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 31.03.2013 10:19:43 | Computer Name = DAPHNE | Source = LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter
ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich
und der Werte LastHelp ist das dritte DWORD im Datenbereich.
Error - 31.03.2013 10:19:43 | Computer Name = DAPHNE | Source = LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess Performance auf dem Erweitungerungsindikator-Anbieter
ausgeführt wird. Der Wert BaseIndex aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert LastCounter ist das zweite DWORD im Datenbereich
und der Werte LastHelp ist das dritte DWORD im Datenbereich.
Error - 31.03.2013 10:19:43 | Computer Name = DAPHNE | Source = LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst WmiApRpl (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 28.04.2013 11:26:20 | Computer Name = DAPHNE | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 12.0.0.4493, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 01.05.2013 15:26:22 | Computer Name = DAPHNE | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
[ OSession Events ]
Error - 11.05.2010 13:40:11 | Computer Name = DAPHNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 147
seconds with 60 seconds of active time. This session ended with a crash.
Error - 31.10.2011 03:26:32 | Computer Name = DAPHNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 197
seconds with 60 seconds of active time. This session ended with a crash.
Error - 03.11.2011 03:25:32 | Computer Name = DAPHNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 373
seconds with 240 seconds of active time. This session ended with a crash.
Error - 29.01.2012 16:28:05 | Computer Name = DAPHNE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3136
seconds with 2820 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 01.05.2013 17:37:27 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 01.05.2013 17:38:48 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 02.05.2013 12:24:15 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio
Hard Drive Watcher 9.
Error - 02.05.2013 12:24:15 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 02.05.2013 12:25:51 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 02.05.2013 12:57:07 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio
Hard Drive Watcher 9.
Error - 02.05.2013 12:57:07 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Automatische Updates" wurde mit folgendem Fehler beendet:
%%126
Error - 02.05.2013 12:57:42 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sptd
Error - 02.05.2013 12:58:25 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
Error - 02.05.2013 12:58:25 | Computer Name = DAPHNE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
--- --- ---
:-)
HKEY_USERS\S-1-5-21-1715567821-1417001333-839522115-1005\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default
user.js not found
---- Lines mystart removed from prefs.js ----
user_pref("browser.search.defaultenginename", "MyStart Search");
---- Lines mystart modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1850_.backup
ProfilePath: D:\Dokumente und Einstellungen\Gast (adminrechte)\Anwendungsdaten\Mozilla\Firefox\Profiles\8fqj4syo.default
user.js not found
---- Lines mystart removed from prefs.js ----
---- Lines mystart modified from prefs.js ----
---- FireFox user.js and prefs.js backups ----
prefs__1850_.backup
==== Deleting Files \ Folders ======================
"D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default\searchplugins\MyStart Search.xml" deleted
"D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default\searchplugins\MyStart Search.xml" deleted
"D:\Programme\Conduit" deleted
==== Files Recently Created / Modified ======================
====== D:\WINDOWS ====
====== D:\DOKUME~1\DSIRE~1\LOKALE~1\Temp ====
====== D:\WINDOWS\system32 =====
====== D:\WINDOWS\system32\drivers =====
====== D:\WINDOWS\Tasks ======
====== D:\WINDOWS\Temp ======
======= D:\Programme =====
======= D: =====
====== D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten ======
====== D:\Dokumente und Einstellungen\Désirée ======
2013-05-02 16:24:04 -------- d--h--r- D:\Dokumente und Einstellungen\Désirée\Recent
2013-05-01 20:33:59 -------- d-s---w- D:\Dokumente und Einstellungen\LocalService\UserData
2013-05-01 20:32:18 -------- d-----r- D:\Dokumente und Einstellungen\LocalService\Favoriten
====== D: exe-files ==
=== D: other files ==
2013-05-02 16:27:41 3C7365784F0A254104764E83C238778B 485138 ----a-r- D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Temp\attachments_2013_05_02.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE"
[HKEY_USERS\S-1-5-21-1715567821-1417001333-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="D:\Programme\CCleaner\CCleaner.exe /AUTO"
"Skype"="D:\Programme\Skype\\Phone\Skype.exe /nosplash /minimized"
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe"
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"ATIPTA"="D:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"avgnt"="D:\Programme\Avira\AntiVir Desktop\avgnt.exe /min"
"GrooveMonitor"="D:\Programme\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe Reader Speed Launcher"="D:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="D:\Programme\CCleaner\CCleaner.exe /AUTO"
"Skype"="D:\Programme\Skype\\Phone\Skype.exe /nosplash /minimized"
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe"
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"D:\\Programme\\Gemeinsame Dateien\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Photo Downloader]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe Photo Downloader"
"hkey"="HKLM"
"command"="\"D:\\Programme\\Adobe\\Photoshop Elements 6.0\\apdproxy.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Reader_sl"
"hkey"="HKLM"
"command"="\"D:\\Programme\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BlackBerryAutoUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RIMAutoUpdate"
"hkey"="HKLM"
"command"="D:\\Programme\\Gemeinsame Dateien\\Research In Motion\\Auto Update\\RIMAutoUpdate.exe /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKCU"
"command"="\"D:\\Programme\\DAEMON Tools Lite\\daemon.exe\" -autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DivXUpdate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DivXUpdate"
"hkey"="HKLM"
"command"="\"D:\\Programme\\DivX\\DivX Update\\DivXUpdate.exe\" /CHECKNOW"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Rohos]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Rohos"
"hkey"="HKCU"
"command"="D:\\Programme\\Rohos\\agent.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RoxWatchTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RoxWatchTray"
"hkey"="HKLM"
"command"="\"D:\\Programme\\Gemeinsame Dateien\\Roxio Shared\\9.0\\SharedCOM\\RoxWatchTray9.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SMSERIAL]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sm56hlpr"
"hkey"="HKLM"
"command"="sm56hlpr.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="D:\\Programme\\Java\\jre1.5.0\\bin\\jusched.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SynTPEnh"
"hkey"="HKLM"
"command"="D:\\Programme\\Synaptics\\SynTP\\SynTPEnh.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Desktop Manager.lnk]
"path"="D:\\Dokumente und Einstellungen\\All Users\\Startmenü\\Programme\\Autostart\\Desktop Manager.lnk"
"backup"="D:\\WINDOWS\\pss\\Desktop Manager.lnkCommon Startup"
"command"="D:\\PROGRA~1\\RESEAR~1\\BLACKB~1\\DESKTO~1.EXE "
"item"="Desktop Manager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\D:^Dokumente und Einstellungen^Désirée^Startmenü^Programme^Autostart^Kunst Sammler.lnk]
"item"="Kunst Sammler"
"path"="D:\\Dokumente und Einstellungen\\Désirée\\Startmenü\\Programme\\Autostart\\Kunst Sammler.lnk"
"backup"="D:\\WINDOWS\\pss\\Kunst Sammler.lnkStartup"
"command"="D:\\PROGRA~1\\WEKA\\KUNSTU~1\\Sammler\\IPView.exe"
==== Startup Folders ======================
2011-08-19 19:25:45 1731 ----a-w- D:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk
==== Task Scheduler Jobs ======================
D:\WINDOWS\tasks\Adobe Flash Player Updater.job --a------ D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [13.03.2013 18:52]
==== Firefox Extensions ======================
ProfilePath: D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
ProfilePath: D:\Dokumente und Einstellungen\Gast (adminrechte)\Anwendungsdaten\Mozilla\Firefox\Profiles\8fqj4syo.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
==== Firefox Plugins ======================
Profilepath: D:\Dokumente und Einstellungen\Désirée\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default
47299371607DC2FB234444EEACB1639E - D:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
75300E5ED4CD5B4363C3DBBB2D03269C - D:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll - McAfee Security Scanner +
6827CA29D7AD3595660271F3F05C79B5 - D:\Programme\DivX\DivX Plus Web Player\npdivx32.dll - DivX Web Player
DC58F0B52AE8B185B98D65191C3DCCA3 - C:\BrowserPlusPlugins\b5407f9601ba4ef11ee6bb967513fd17\npybrowserplus_2.8.1.dll - BrowserPlus (from Yahoo) v2.8.1
A055971A27B8B767F5F0858B8F299282 - D:\Programme\Mozilla Firefox\plugins\nppdf32.dll - Adobe Acrobat
AB87EEFFD18F2BAAFC274E7075EA6C67 - D:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
9A6101F29E2E9D41B99CBCC8F106E8FE - D:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL - 2007 Microsoft Office system
99FE410180B11A6EF8F18DCB5EB1CE7A - D:\Programme\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
CD7C09C63325A27E7F1A3E2D0BC69C9B - D:\Programme\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
E23ACF29DA293B959B35DD211407EDEE - D:\Programme\Windows Media Player\npdrmv2.dll - Microsoft® DRM
A055971A27B8B767F5F0858B8F299282 - D:\Programme\Adobe\Reader 9.0\Reader\browser\nppdf32.dll - Adobe Acrobat
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://mystart.incredimail.com/?a=1eyoj1dlrxI"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1715567821-1417001333-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{B5A7F190-DDA6-4420-B3BA-52453494E6CD} deleted successfully
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{72853161-30C5-4D22-B7F9-0BBC1D38A37E} deleted successfully
==== Empty IE Cache ======================
D:\Dokumente und Einstellungen\Gast (adminrechte)\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully
D:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5 emptied successfully
D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\s6nrojad.default\Cache emptied successfully
D:\Dokumente und Einstellungen\Gast (adminrechte)\Lokale Einstellungen\Anwendungsdaten\Mozilla\Firefox\Profiles\8fqj4syo.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
After Reboot
==== Empty Temp Folders ======================
D:\WINDOWS\Temp successfully emptied
D:\DOKUME~1\DSIRE~1\LOKALE~1\Temp successfully emptied
==== Empty Recycle Bin ======================
D:\RECYCLER successfully emptied
==== Deleting Files / Folders ======================
"D:\Dokumente und Einstellungen\Désirée\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not found
"D:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat" not deleted
AdwCleaner auf deinen Desktop.
SecurityCheck und: