![]() |
|
Plagegeister aller Art und deren Bekämpfung: explorer.exe hat ein problem festgestellt und muss beendet werden xpWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() explorer.exe hat ein problem festgestellt und muss beendet werden xp Hallo, ich habe gleich mehrere Probleme einmal fährt mein PC nur jedes 2-4 Mal ganz hoch, so dass ich ihn benutzen kann und seid gestern kommt folgende Meldung dau: explorer.exe hat ein problem festgestellt und muss beendet werden xp Ich habe schon mal Malwarbyts, OTL und Hjack durchlaufen lassen und folgende Logs bekommen. Hoff dadurch kann mir schneller geholfen werden ( bzw. sparen wir uns die ersten standart Mails ![]() Malwarbyts: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7003 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 02.07.2011 09:39:13 mbam-log-2011-07-02 (09-39-13).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 176769 Laufzeit: 3 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Nun OTL 1: OTL logfile created on: 02.07.2011 09:54:35 - Run 5 OTL by OldTimer - Version 3.2.25.0 Folder = C:\downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,81% Memory free 5,09 Gb Paging File | 4,21 Gb Available in Paging File | 82,71% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 199,35 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.02 09:53:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL(2).exe PRC - [2011.07.02 07:56:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.28 07:26:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.03.18 11:29:50 | 005,140,264 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer.exe PRC - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.03.10 17:36:38 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2008.02.22 00:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007.06.11 19:53:44 | 000,455,600 | ---- | M] () -- C:\Programme\Lexmark 6500 Series\lxdfmon.exe PRC - [2007.06.01 14:06:09 | 000,020,480 | ---- | M] () -- C:\Programme\Lexmark 6500 Series\lxdfamon.exe PRC - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdfcoms.exe PRC - [2006.06.01 21:06:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.06.01 21:06:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe PRC - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe ========== Modules (SafeList) ========== MOD - [2011.07.02 09:53:29 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\downloads\OTL(2).exe MOD - [2010.03.10 17:39:40 | 000,118,784 | ---- | M] (RealPlayer) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MOD - [2009.08.13 15:55:39 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll MOD - [2006.06.01 21:06:00 | 001,050,624 | R--- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (JavaQuickStarterService) SRV - [2011.07.02 07:56:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.29 20:47:18 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Programme\Gemeinsame Dateien\Akamai\netsession_win_e477fed.dll -- (Akamai) SRV - [2011.05.29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.08.25 10:03:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 11:26:08 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009.03.17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2008.09.05 12:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate) SRV - [2008.02.22 00:02:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007.05.29 12:06:44 | 000,598,960 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdfcoms.exe -- (lxdf_device) SRV - [2007.05.29 12:06:20 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe -- (lxdfCATSCustConnectService) SRV - [2006.12.14 18:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.06.01 21:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2005.08.24 03:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc) SRV - [2005.04.02 02:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService) ========== Driver Services (SafeList) ========== DRV - [2011.07.02 07:56:45 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.02 07:56:45 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.03 17:51:32 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07) DRV - [2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.02.28 01:04:51 | 000,028,608 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sef3x1.sys -- (sef3x1) DRV - [2011.02.28 01:03:11 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2011.02.28 01:03:11 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2010.07.14 11:04:30 | 000,051,200 | ---- | M] (XECUTER) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ck3pro.sys -- (ck3pro) DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 15:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010.05.26 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF) DRV - [2009.03.17 14:24:06 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2009.03.17 13:56:58 | 000,447,024 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008.09.10 21:08:20 | 000,002,560 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\JungleFlasher v0.1.78 Beta (183)\portio32.sys -- (PORTIO64) DRV - [2008.08.25 03:22:40 | 000,014,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu) DRV - [2008.08.06 18:12:10 | 004,755,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008.08.01 11:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008.08.01 11:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008.06.16 10:02:34 | 000,017,024 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys -- (BS_I2cIo) DRV - [2007.12.11 15:30:08 | 000,030,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2007.05.11 04:10:50 | 000,034,704 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\blueletaudio.sys -- (BlueletAudio) DRV - [2007.05.09 02:59:40 | 000,036,496 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb) DRV - [2007.04.16 17:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM) DRV - [2007.03.05 07:00:04 | 000,027,792 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BlueletSCOAudio.sys -- (BlueletSCOAudio) DRV - [2007.03.05 06:59:04 | 000,018,320 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btnetdrv.sys -- (BT) DRV - [2007.03.05 06:57:14 | 000,019,472 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VHIDMini.sys -- (VHidMinidrv) DRV - [2007.03.05 06:56:18 | 000,035,600 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BTHidMgr.sys -- (BTHidMgr) DRV - [2007.03.05 06:55:12 | 000,020,880 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\vbtenum.sys -- (BTHidEnum) DRV - [2007.03.05 06:53:18 | 000,044,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VcommMgr.sys -- (VcommMgr) DRV - [2007.03.05 06:52:18 | 000,034,448 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VComm.sys -- (VComm) DRV - [2006.11.21 23:41:18 | 000,022,416 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Programme\IVT Corporation\BlueSoleil\device\Win2k\BTNetFilter.sys -- (BTNetFilter) DRV - [2005.07.20 08:26:00 | 001,390,656 | R--- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmudaxu.sys -- (cmudau) DRV - [2005.04.25 11:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b) DRV - [2005.03.16 08:23:54 | 000,013,696 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BIOS.sys -- (BIOS) DRV - [2004.04.30 10:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s) DRV - [2004.02.24 16:42:44 | 000,021,248 | ---- | M] (AIPTEK International Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\aiptektp.sys -- (aiptektp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\URLSearchHook: {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "AlphaMarket Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2922774&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "AlphaMarket Customized Web Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.tixuma.de" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10 FF - prefs.js..extensions.enabledItems: {eebc5c3f-ec4b-4ad4-b5d1-fa51b3c42c57}:1.0.2 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.1 FF - prefs.js..extensions.enabledItems: {df4e4df5-5cb7-46b0-9aef-6c784c3249f8}:1.2.0 FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1 FF - prefs.js..keyword.URL: "hxxp://jixey.com/?id={7FB7ED77-B6D4-4fea-8F56-57F262C1728B}&ver=1.5.4&src=adr&q=" FF - prefs.js..network.proxy.http: "91.205.174.48" FF - prefs.js..network.proxy.http_port: 80 FF - HKLM\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.10 17:39:42 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: E:\runtergeladene Sachen\java\lib\deploy\jqs\ff FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.28 07:26:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2009.11.04 22:53:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.07.02 08:57:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions [2011.03.23 10:07:11 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.06.24 09:19:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.02.19 19:42:05 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a} [2011.01.10 19:03:32 | 000,000,000 | ---D | M] (Fox!Box) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8} [2011.05.07 18:00:06 | 000,000,000 | ---D | M] (Awesome screenshot: Capture and Annotate) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack [2011.01.17 17:50:21 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\extensions\SkipScreen@SkipScreen [2011.05.31 18:57:40 | 000,000,925 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\t93ev5hf.default\searchplugins\conduit.xml [2011.05.05 09:14:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\{D57C9FF1-6389-48FC-B770-F78BD89B6E8A}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T93EV5HF.DEFAULT\EXTENSIONS\PLUGIN@APTURE.COM.XPI [2011.06.28 07:26:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml Hosts file not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CmUsbSound] File not found O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Lexmark 6500 Series Fax Server] C:\Programme\Lexmark 6500 Series\fm3032.exe () O4 - HKLM..\Run: [lxdfamon] C:\Programme\Lexmark 6500 Series\lxdfamon.exe () O4 - HKLM..\Run: [lxdfmon.exe] C:\Programme\Lexmark 6500 Series\lxdfmon.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.11.04 01:50:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011.07.02 09:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.07.02 09:34:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop [2011.06.30 18:24:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Lx_cats [2011.06.30 18:16:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ABBYY FineReader 6.0 Sprint [2011.06.30 18:13:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Lexmark 6500 Series [2011.06.24 16:03:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\FileZilla FTP Client [2011.06.24 16:03:51 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client [2011.06.22 21:00:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Kopie von Link_M [2011.06.21 21:54:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Link_M [2011.06.15 09:22:06 | 000,000,000 | ---D | C] -- C:\PR-Backlink-Generator [2011.06.13 20:20:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads [2011.06.08 17:15:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Application Data [2011.06.03 22:16:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft [2011.06.03 17:51:32 | 000,101,376 | ---- | C] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV07.sys [2011.06.03 17:50:12 | 000,131,584 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBReg.exe [2011.06.03 17:50:11 | 000,628,736 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltocx12n.ocx [2011.06.03 17:50:11 | 000,626,688 | ---- | C] (DATA BECKER) -- C:\WINDOWS\DBREG.dll [2011.06.03 17:50:11 | 000,406,016 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltkrn12n.dll [2011.06.03 17:50:11 | 000,328,704 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LFCMP12n.DLL [2011.06.03 17:50:11 | 000,327,680 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txobj32.dll [2011.06.03 17:50:11 | 000,323,584 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_word.dll [2011.06.03 17:50:11 | 000,290,816 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\Tx4ole.ocx [2011.06.03 17:50:11 | 000,259,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\LTDIS12n.dll [2011.06.03 17:50:11 | 000,207,872 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltefx12n.dll [2011.06.03 17:50:11 | 000,164,864 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltimg12n.dll [2011.06.03 17:50:11 | 000,135,168 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_htm32.dll [2011.06.03 17:50:11 | 000,131,072 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_rtf32.dll [2011.06.03 17:50:11 | 000,131,072 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\ltfil12n.DLL [2011.06.03 17:50:11 | 000,081,920 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\txtls32.dll [2011.06.03 17:50:11 | 000,069,632 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\ic32.dll [2011.06.03 17:50:11 | 000,061,440 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\wndtls32.dll [2011.06.03 17:50:11 | 000,045,056 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_tif32.flt [2011.06.03 17:50:11 | 000,035,840 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lttwn12n.dll [2011.06.03 17:50:11 | 000,035,328 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfgif12n.dll [2011.06.03 17:50:11 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_wmf32.flt [2011.06.03 17:50:11 | 000,032,768 | ---- | C] (The Imaging Source Europe GmbH) -- C:\WINDOWS\System32\tx_bmp32.flt [2011.06.03 17:50:11 | 000,030,720 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\lfbmp12n.dll [2011.06.03 17:50:10 | 001,050,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msjet35.dll [2011.06.03 17:50:10 | 000,647,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCOMCT2.OCX [2011.06.03 17:50:10 | 000,252,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSRD2X35.DLL [2011.06.03 17:50:10 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSFLXGRD.OCX [2011.06.03 17:50:10 | 000,140,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\COMDLG32.OCX [2011.06.03 17:50:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CMDLGDE.DLL [2011.06.03 17:50:09 | 000,415,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll [2011.06.03 17:50:09 | 000,279,800 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.DLL [2011.06.03 17:50:09 | 000,173,304 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MimeX.dll [2011.06.03 17:50:09 | 000,152,824 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.dll [2011.06.03 17:50:09 | 000,148,736 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\FtpX.OCX [2011.06.03 17:50:09 | 000,148,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJINT35.DLL [2011.06.03 17:50:09 | 000,144,640 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.OCX [2011.06.03 17:50:09 | 000,132,360 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\EncodeX.OCX [2011.06.03 17:50:09 | 000,132,344 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\PopX.dll [2011.06.03 17:50:09 | 000,099,576 | ---- | C] (Mabry Software, Inc.) -- C:\WINDOWS\System32\MabryObj.dll [2011.06.03 17:50:09 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB5DB.DLL [2011.06.03 17:50:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSCC2DE.DLL [2011.06.03 17:50:09 | 000,024,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSJTER35.DLL [2011.06.03 17:50:00 | 000,000,000 | ---D | C] -- C:\Programme\DATA BECKER [2011.06.03 17:20:18 | 000,000,000 | ---D | C] -- C:\Data Becker Web To Date 5 [2011.06.02 21:35:08 | 000,000,000 | ---D | C] -- C:\Programme\NetObjects [2009.11.05 13:39:56 | 000,950,272 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfusb1.dll [2009.11.05 13:39:56 | 000,434,176 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhcp.dll [2009.11.05 13:39:56 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfinpa.dll [2009.11.05 13:39:56 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfiesc.dll [2009.11.05 13:39:55 | 001,200,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfserv.dll [2009.11.05 13:39:55 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfpmui.dll [2009.11.05 13:39:55 | 000,565,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdflmpm.dll [2009.11.05 13:39:55 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfprox.dll [2009.11.05 13:39:54 | 000,320,432 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfih.exe [2009.11.05 13:39:53 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfhbn3.dll [2009.11.05 13:39:53 | 000,598,960 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcoms.exe [2009.11.05 13:39:52 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomc.dll [2009.11.05 13:39:52 | 000,365,488 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcfg.exe [2009.11.05 13:39:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdfcomm.dll [2009.11.04 02:04:41 | 000,159,616 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347b.sys [2009.11.04 02:04:41 | 000,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\Vax347s.sys [58 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.02 09:34:45 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.02 08:41:33 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.07.02 08:41:33 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-1606980848-839522115-500.job [2011.07.02 08:41:31 | 000,207,407 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.07.02 08:41:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.07.02 07:56:45 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.07.02 07:56:45 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.07.02 07:53:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.06.30 18:17:08 | 000,191,429 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf [2011.06.30 17:40:10 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.06.29 09:58:22 | 000,000,218 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\meinungsstudie_a.php [2011.06.28 07:54:11 | 000,001,122 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\lxdf [2011.06.22 21:00:42 | 000,248,533 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Link_M.rar [2011.06.20 21:10:25 | 000,071,554 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee_Meinungsstudie_online_Geld_verdienen.jpg [2011.06.20 08:13:32 | 000,050,743 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee.de_Tixuma_online_geld_verdienen.jpg [2011.06.17 17:17:39 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.06.17 17:15:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.06.15 09:04:28 | 000,005,611 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-vb.pdf [2011.06.15 08:49:02 | 000,019,870 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-hv.pdf [2011.06.08 21:55:55 | 002,666,243 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 91.pdf [2011.06.08 21:55:06 | 002,269,129 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 92.pdf [2011.06.05 10:01:24 | 000,005,599 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-vb.pdf [2011.06.05 10:01:01 | 000,019,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-hv.pdf [2011.06.03 22:16:31 | 003,823,520 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.06.03 17:51:32 | 000,101,376 | ---- | M] (Protect Software GmbH) -- C:\WINDOWS\System32\drivers\ACEDRV07.sys [58 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.02 09:34:45 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.29 09:28:32 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\meinungsstudie_a.php [2011.06.22 21:00:42 | 000,248,533 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Link_M.rar [2011.06.20 21:10:25 | 000,071,554 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee_Meinungsstudie_online_Geld_verdienen.jpg [2011.06.20 08:13:32 | 000,050,743 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hobby-idee.de_Tixuma_online_geld_verdienen.jpg [2011.06.15 09:04:28 | 000,005,611 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-vb.pdf [2011.06.15 08:49:02 | 000,019,870 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\blaue-dampflok-knuth-hv.pdf [2011.06.08 21:55:55 | 002,666,243 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 91.pdf [2011.06.08 21:55:06 | 002,269,129 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Auktinsidden 92.pdf [2011.06.05 10:01:24 | 000,005,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-vb.pdf [2011.06.05 10:01:01 | 000,019,848 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\xeon-scheinwerfer-hv.pdf [2011.06.04 12:57:09 | 000,001,122 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\lxdf [2011.06.03 17:50:12 | 000,016,070 | ---- | C] () -- C:\WINDOWS\German2.ini [2011.06.03 17:50:11 | 000,446,464 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2011.06.03 17:50:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2011.01.16 19:13:42 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2011.01.13 21:55:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.07 14:27:54 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\$_hpcst$.hpc [2010.04.07 14:17:05 | 000,641,872 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.03.04 16:52:08 | 000,001,545 | ---- | C] () -- C:\WINDOWS\cssslang.ini [2010.03.04 16:52:08 | 000,000,669 | ---- | C] () -- C:\WINDOWS\Id007.ini [2010.03.04 16:52:08 | 000,000,062 | ---- | C] () -- C:\WINDOWS\csss.ini [2010.03.04 16:08:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\tblmouse.exe [2010.03.04 16:08:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\RmTablet.exe [2010.03.04 16:08:23 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\Funckey.dll [2010.03.04 16:08:23 | 000,003,544 | ---- | C] () -- C:\WINDOWS\aiptbl.ini [2010.01.28 13:39:42 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2010.01.28 13:35:28 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2010.01.27 20:34:27 | 000,241,664 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.exe [2010.01.27 20:34:27 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\cmdrvrmu.dll [2010.01.27 20:34:21 | 000,040,960 | R--- | C] () -- C:\WINDOWS\CmiUSB2Uninstall.exe [2010.01.27 20:34:09 | 000,005,690 | R--- | C] () -- C:\WINDOWS\Cmudau.ini [2010.01.15 12:52:49 | 000,000,046 | ---- | C] () -- C:\WINDOWS\System32\DonationCoder_urlsnooper_InstallInfo.dat [2010.01.06 14:04:33 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll [2009.12.03 12:48:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2009.11.25 14:00:41 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\mlcrs0ft.dll [2009.11.23 11:37:54 | 000,000,166 | ---- | C] () -- C:\WINDOWS\EasyCT.INI [2009.11.17 13:37:44 | 000,327,168 | ---- | C] () -- C:\WINDOWS\System32\cutil32.dll [2009.11.08 14:28:48 | 000,054,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009.11.07 12:16:09 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.11.07 11:25:14 | 000,004,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\QuickZip45.ini [2009.11.06 11:50:25 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2009.11.05 13:42:31 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdfvs.dll [2009.11.05 13:42:30 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfcoin.dll [2009.11.05 13:42:07 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdfdrs.dll [2009.11.05 13:42:07 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfcnv4.dll [2009.11.05 13:42:07 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdfcaps.dll [2009.11.05 13:41:51 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdfoem.dll [2009.11.05 13:41:51 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDFPMON.DLL [2009.11.05 13:41:51 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDFFXPU.DLL [2009.11.05 13:40:09 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdfrwrd.ini [2009.11.05 13:39:56 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdfinst.dll [2009.11.05 13:39:53 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdfgrd.dll [2009.11.05 12:34:08 | 000,110,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.11.04 22:53:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.11.04 19:25:38 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2009.11.04 02:07:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.11.04 02:04:50 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2009.11.04 01:55:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.11.04 01:48:05 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.11.04 01:44:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.11.04 01:43:39 | 003,823,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2009.01.16 04:42:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.01.16 04:42:00 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009.01.16 04:42:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.01.16 04:42:00 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2009.01.16 04:42:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.01.16 04:42:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.01.16 04:42:00 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009.01.16 04:42:00 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2006.06.01 21:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.06.01 21:06:00 | 001,868,868 | ---- | C] () -- C:\WINDOWS\System32\RSA32_16.DLL [2006.06.01 21:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.06.01 21:06:00 | 000,452,304 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.06.01 21:06:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.06.01 21:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.06.01 21:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.06.01 21:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.06.01 21:06:00 | 000,081,136 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.06.01 21:06:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.06.01 21:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.06.01 21:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.06.01 21:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.06.01 21:06:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys [2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2006.06.01 21:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.06.01 21:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.06.01 21:06:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2006.06.01 21:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ========== [2010.08.11 13:15:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\6500 Series [2011.06.16 23:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BOM [2010.05.17 21:28:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BSplayer [2010.01.15 12:52:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DonationCoder [2011.02.24 21:18:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\EurekaLog [2011.06.29 10:06:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FileZilla [2010.03.01 14:11:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FireShot [2011.01.27 19:47:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\FVZilla [2011.04.30 15:38:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GetRightToGo [2010.01.15 12:45:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\GrabPro [2010.12.18 15:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gtk-2.0 [2010.11.21 18:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\HamsterSoft [2009.11.30 11:49:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\inkscape [2011.06.30 18:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lexmark Productivity Studio [2011.03.11 21:25:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\MAGIX [2009.11.07 14:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera [2010.01.16 00:23:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Orbit [2011.01.13 17:16:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PanoramaStudio2Pro [2010.04.11 12:40:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer [2011.05.03 08:00:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software [2011.03.12 23:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\VideoPPT [2009.11.05 13:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\6500 Series [2010.08.23 12:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software [2009.11.16 23:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth [2010.01.15 12:52:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DonationCoder [2011.03.11 21:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.05.15 16:46:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2010.05.13 13:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SITEguard [2010.05.13 13:46:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STOPzilla! [2010.03.10 17:23:15 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System Restore [2009.11.07 14:41:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.12.04 20:37:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2011.05.04 19:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.05.03 07:59:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2009.11.07 15:03:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2011.06.17 17:17:39 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7E95B6FD < End of report > OTL 2: OTL Extras logfile created on: 02.07.2011 09:54:35 - Run 5 OTL by OldTimer - Version 3.2.25.0 Folder = C:\downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 69,81% Memory free 5,09 Gb Paging File | 4,21 Gb Available in Paging File | 82,71% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 465,75 Gb Total Space | 199,35 Gb Free Space | 42,80% Space Free | Partition Type: NTFS Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = SafariHTML] -- Reg Error: Key error. File not found .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "F:\runtergeladene Sachen\apple safari Browser\Safari.exe" -url "%1" https [open] -- "F:\runtergeladene Sachen\apple safari Browser\Safari.exe" -url "%1" InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [CEWE FOTOSCHAU] -- "F:\runtergeladene Sachen\Fotobuch sotware\CEWW Kalender-Software\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [SCHLECKER Foto Digital Service] -- "F:\runtergeladene Sachen\Fotobuch sotware\CEWW Kalender-Software\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "139:TCP" = 139:TCP:LocalSubNet ![]() "445:TCP" = 445:TCP:LocalSubNet ![]() "137:UDP" = 137:UDP:LocalSubNet ![]() "138:UDP" = 138:UDP:LocalSubNet ![]() "1900:UDP" = 1900:UDP:LocalSubNet ![]() "2869:TCP" = 2869:TCP:LocalSubNet ![]() "1043:TCP" = 1043:TCP:*:Enabled:Akamai NetSession Interface "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "E:\runtergeladene Sachen\Free Video Zilla\FVZilla.exe" = E:\runtergeladene Sachen\Free Video Zilla\FVZilla.exe:*:Enabled:FVZilla "E:\runtergeladene Sachen\Drucker\Lexmark 6500 Series\lxdfmon.exe" = E:\runtergeladene Sachen\Drucker\Lexmark 6500 Series\lxdfmon.exe:*:Enabled:Printer Device Monitor "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfpswx.exe:*:Enabled:Printer Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdfjswx.exe:*:Enabled:Job Status Window Interface -- () "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdftime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.) "E:\runtergeladene Sachen\java\bin\javaw.exe" = E:\runtergeladene Sachen\java\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3 "{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin "{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 24 "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2 "{28FFFE19-141E-47CF-8E9B-DD75B43C4B06}" = BIOS Update "{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3 "{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3 "{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1 "{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools "{2E3C4040-B524-43BD-A665-564D2B5C5C19}" = eHOT Line "{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{438BB9B4-65FE-4626-91D9-A8F57B18001D}" = Bluesoleil2.6.0.8 Release 070517 "{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Premium "{47F74349-1262-45C4-9546-E405D0C1C39C}" = NetObjects Fusion 9.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3 "{556F2137-B772-43BB-9A45-E0275234DD16}" = Free Notes & Office Ink "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings "{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit "{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation "{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3 "{8544556F-92C9-478E-9ABC-BC2823E39577}" = MAGIX Speed burnR (MSI) "{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006 "{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3 "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003 "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{920DF926-D85A-4ED9-8F4D-7D98F0EAF2C6}" = CEWE FOTOBUCH PRO "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A0CBFC47-690E-4277-82BB-13BE18CF0C2E}" = CEWE FOTOBUCH PRO Designvorlagen "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AAE31374-02C2-452E-88EC-2F16D92731A9}" = MAGIX Screenshare "{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0 "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1 "{B5734BB9-56FC-4937-88F2-AB34ABF49821}" = XECUTER CK3 PRO - USB "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver "{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2 "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client "{D0EA5DD0-8D2C-4762-A83E-A9B924FE8531}" = NetObjects Fusion 9.0 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings "{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player "{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3 "{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation) "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" = "{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform "{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs "{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3 "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8 "CADIX Signature Screen Saver 2.0" = CADIX Signature Screen Saver 2.0 "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "C-Media USB Sound" = TEAC media systems 5.1 USB "C-Media USB Sound Driver" = C-Media USB Sound Driver "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "DivX Setup.divx.com" = DivX-Setup "FileZilla Client" = FileZilla Client 3.5.0 "Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition "Free 3GP Video Converter_is1" = Free 3GP Video Converter version 3.5 "Free Video Zilla_is1" = Free Video Zilla "Google Chrome" = Google Chrome "Hamster Free Video Converter_is1" = HamsterFreeVideoConverter "HijackThis" = HijackThis 2.0.2 "Inkscape" = Inkscape 0.47 "IsoBuster_is1" = IsoBuster 2.8.5 "Lexmark 6500 Series" = Lexmark 6500 Series "MAGIX 3D Maker D" = MAGIX 3D Maker (embeded) "MAGIX Foto Manager 8 D" = MAGIX Foto Manager 8 6.0.1.457 (D) "MAGIX Fotobuch" = MAGIX Fotobuch 3.6 "MAGIX Online Druck Service D" = MAGIX Online Druck Service 3.4.3.0 (D) "MAGIX Screenshare D" = MAGIX Screenshare 4.3.6.1987 (D) "MAGIX Video deluxe 15 Premium D" = MAGIX Video deluxe 15 Premium 8.0.0.62 (D) "MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.25.0 (D) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200 "Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5 "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D) "NVIDIA Drivers" = NVIDIA Drivers "PanoramaStudio2Pro" = PanoramaStudio 2.1 Pro (deinstallieren) "PC Wizard 2009_is1" = PC Wizard 2009.1.91 "PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation) "RarZilla Free Unrar" = RarZilla Free Unrar "RealPlayer 12.0" = RealPlayer "Rmtablet" = HyperPen USB Manager "SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service "TeamViewer 5" = TeamViewer 5 "Trojancheck_is1" = Trojancheck 6 "Uninstall_is1" = Uninstall 1.0.0.1 "Update Service" = Update Service "URL Helper_is1" = URL Helper "URLSnooper 2_is1" = URL Snooper v2.26.01 "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 "web2date" = DATA BECKER web to date 5 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinGimp-2.0_is1" = GIMP 2.6.7 "WinLiveSuite_Wave3" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "WinRAR archiver" = WinRAR "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 08.06.2011 10:11:08 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung fusion.exe, Version 9.0.5000.5013, fehlgeschlagenes Modul dalib.dll, Version 6.0.0.5013, Fehleradresse 0x00024ce3. Error - 13.06.2011 14:24:09 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung fusion.exe, Version 9.0.5000.5013, fehlgeschlagenes Modul fusion.exe, Version 9.0.5000.5013, Fehleradresse 0x00057ea0. Error - 19.06.2011 11:35:19 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung pr backlink generator.exe, Version 1.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x0018c410. Error - 30.06.2011 16:50:18 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4. Error - 01.07.2011 01:13:41 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4. Error - 01.07.2011 01:27:09 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4. Error - 01.07.2011 01:45:24 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4. Error - 02.07.2011 01:54:31 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4. Error - 02.07.2011 02:09:50 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4. Error - 02.07.2011 02:42:14 | Computer Name = HOME-PC | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes Modul shdocvw.dll, Version 6.0.2900.3698, Fehleradresse 0x00017fa4. [ System Events ] Error - 02.07.2011 01:54:10 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 02.07.2011 02:09:33 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 02.07.2011 02:09:33 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxdfCATSCustConnectService. Error - 02.07.2011 02:09:33 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 02.07.2011 02:20:11 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 02.07.2011 02:30:13 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7032 Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows-Verwaltungsinstrumentation" Korrekturmaßnahmen (Starten Sie den Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056 Error - 02.07.2011 02:41:57 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "Java Quick Starter" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error - 02.07.2011 02:41:57 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst lxdfCATSCustConnectService. Error - 02.07.2011 02:41:57 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "lxdfCATSCustConnectService" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 02.07.2011 03:53:26 | Computer Name = HOME-PC | Source = DCOM | ID = 10010 Description = Der Server "{8BC3F05E-D86B-11D0-A075-00C04FB68820}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > Und nun HijacThisk: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:52:56, on 02.07.2011 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\Lexmark 6500 Series\lxdfmon.exe C:\Programme\Lexmark 6500 Series\lxdfamon.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe C:\Programme\DivX\DivX Update\DivXUpdate.exe C:\WINDOWS\system32\RunDll32.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\Microsoft ActiveSync\wcescomm.exe C:\Programme\Windows Live\Messenger\msnmsgr.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\Programme\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\lxdfcoms.exe C:\Programme\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe C:\Programme\TeamViewer\Version5\TeamViewer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\dwwin.exe C:\Programme\Mozilla Firefox\firefox.exe C:\WINDOWS\Explorer.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\system32\svchost.exe C:\downloads\HiJackThis204.exe C:\Programme\Avira\AntiVir Desktop\avwsc.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://trojaner-board.de R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: (no name) - {CF745ACA-6FA6-45ED-AB49-E10A0D1870C5} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\runtergeladene Sachen\java\bin\jp2ssv.dll (file missing) O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\runtergeladene Sachen\java\lib\deploy\jqs\ie\jqs_plugin.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [lxdfmon.exe] "C:\Programme\Lexmark 6500 Series\lxdfmon.exe" O4 - HKLM\..\Run: [lxdfamon] "C:\Programme\Lexmark 6500 Series\lxdfamon.exe" O4 - HKLM\..\Run: [Lexmark 6500 Series Fax Server] "C:\Programme\Lexmark 6500 Series\fm3032.exe" /s O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\S-1-5-21-343818398-1606980848-839522115-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Automatisches LiveUpdate - Scheduler (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\MAGIX\Common\Database\bin\fbserver.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - E:\runtergeladene Sachen\java\bin\jqs.exe (file missing) O23 - Service: LiveUpdate - Symantec Corporation - C:\Programme\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: lxdfCATSCustConnectService - Lexmark International, Inc. - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdfserv.exe O23 - Service: lxdf_device - - C:\WINDOWS\system32\lxdfcoms.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Programme\WinPcap\rpcapd.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe O23 - Service: UPnPService - Magix AG - C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- End of file - 8197 bytes |
Themen zu explorer.exe hat ein problem festgestellt und muss beendet werden xp |
0x00000001, akamai, alternate, antivir, antivir guard, avira, becker, bho, bonjour, converter, desktop, eplorer.exe, error, excel, firefox, flash player, fontcache, geld, google chrome, hijack, hijackthis, hkus\s-1-5-18, intranet, logfile, mozilla, pc fährt nicht ordentlich hoch, plug-in, problem, realtek, registry, rundll, schwirigkeiten mit xp, security, shell32.dll, shortcut, software, starten, symantec, usb sound, video converter |