| |
| |||||||
Log-Analyse und Auswertung: Search & Destroy\SDShred.exe' wurde ein Virus 'TR/Crypt.XPACK.Gen' gefunden.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.07.2011, 16:17
| #1 |
| |  Search & Destroy\SDShred.exe' wurde ein Virus 'TR/Crypt.XPACK.Gen' gefunden. Hallo, meine Avira meldete heute: In der Datei 'C:\Programme\Spybot - Search & Destroy\SDShred.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern und vorgestern: In der Datei 'C:\Programme\TuneUp Utilities 2007\SystemInformation.exe' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.XPACK.Gen2' [trojan] gefunden. Ausgeführte Aktion: Zugriff verweigern Ein aktuelle Scan mit Malwarebytes konnte nichts verdächtiges finden: Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Datenbank Version: 7104 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 13.07.2011 10:29:45 mbam-log-2011-07-13 (10-29-45).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|G:\|) Durchsuchte Objekte: 291004 Laufzeit: 1 Stunde(n), 31 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Der Scan mit OLE bringt folgendes Ergebnis: OTL logfile created on: 13.07.2011 17:04:58 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,38 Gb Available Physical Memory | 18,80% Memory free 3,34 Gb Paging File | 1,57 Gb Available in Paging File | 47,06% Paging File free Paging file location(s): c:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 14,81 Gb Free Space | 30,33% Space Free | Partition Type: NTFS Drive D: | 33,60 Gb Total Space | 30,69 Gb Free Space | 91,32% Space Free | Partition Type: NTFS Drive F: | 51,10 Gb Total Space | 47,90 Gb Free Space | 93,74% Space Free | Partition Type: NTFS Drive G: | 15,51 Gb Total Space | 15,45 Gb Free Space | 99,59% Space Free | Partition Type: NTFS Drive M: | 73,27 Gb Total Space | 39,47 Gb Free Space | 53,86% Space Free | Partition Type: NTFS Drive N: | 73,27 Gb Total Space | 28,75 Gb Free Space | 39,24% Space Free | Partition Type: NTFS Computer Name: UWE | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.07.13 17:04:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe PRC - [2011.06.30 11:52:56 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe PRC - [2011.06.30 11:49:18 | 001,526,592 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe PRC - [2011.06.28 15:35:32 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2011.06.28 15:35:32 | 000,400,040 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2011.06.28 15:35:32 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe PRC - [2011.06.28 15:35:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.17 08:02:50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\ramaint.exe PRC - [2011.06.17 08:01:49 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe PRC - [2011.06.16 08:15:42 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.06.16 06:32:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.05.29 09:11:22 | 001,047,656 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2011.02.15 17:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe PRC - [2011.01.31 10:44:46 | 000,353,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32.exe PRC - [2010.11.08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeIn.exe PRC - [2010.11.02 13:35:14 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2010.09.21 00:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe PRC - [2010.09.17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Programme\LogMeIn\x86\LogMeInSystray.exe PRC - [2010.03.26 09:15:25 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.02.03 16:05:52 | 000,203,776 | ---- | M] (Appigo, Inc.) -- C:\Programme\Appigo Sync\Appigo Sync.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.12.14 20:00:26 | 005,791,744 | ---- | M] (CONVERGIT GmbH) -- C:\Programme\TAPICall\TAPICall_Core.exe PRC - [2009.07.15 18:27:10 | 000,132,616 | ---- | M] (4Team Corporation) -- C:\Programme\4Team Corporation\ShareO\sharex.exe PRC - [2009.06.22 21:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OUTLOOK.EXE PRC - [2009.03.08 16:15:42 | 001,372,672 | ---- | M] (Andreas Viebke) -- C:\Programme\ShortCut\ShortCut.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.07.21 07:14:28 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe PRC - [2008.04.14 04:22:56 | 000,422,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.03 08:17:10 | 001,590,272 | ---- | M] (PiX-ART.com) -- M:\Download\DIManager\DIManager6.exe PRC - [2007.08.01 20:26:36 | 002,657,824 | ---- | M] (Copernic Technologies Inc.) -- C:\Programme\Copernic Desktop Search 2\DesktopSearch.exe PRC - [2007.08.01 20:26:26 | 001,514,016 | ---- | M] (Copernic Technologies Inc.) -- C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe PRC - [2007.06.18 10:51:10 | 001,507,328 | ---- | M] (Interactive Digital Media) -- C:\Programme\IDM\Desktop SMS\DesktopSMS.exe PRC - [2007.04.20 14:42:36 | 000,503,808 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis3a.exe PRC - [2007.02.22 18:32:12 | 000,118,784 | ---- | M] (OLYMPUS IMAGING CORP.) -- C:\Programme\Olympus\DeviceDetector\DevDtct2.exe PRC - [2007.02.17 14:35:58 | 001,966,928 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2007.02.17 14:31:02 | 001,194,728 | ---- | M] (Acronis) -- C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2007.02.16 19:49:58 | 000,149,024 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe PRC - [2007.02.16 19:49:50 | 000,411,168 | ---- | M] (Acronis) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe PRC - [2006.06.19 21:09:00 | 000,499,712 | ---- | M] (FinePrint Software, LLC) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe PRC - [2006.05.13 01:18:31 | 002,943,488 | ---- | M] () -- C:\Programme\Workrave\lib\Workrave.exe PRC - [2006.01.20 11:20:00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2005.11.18 15:08:26 | 000,217,088 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe PRC - [2005.11.18 15:08:26 | 000,135,168 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe PRC - [2005.11.18 15:08:24 | 000,106,496 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe PRC - [2005.11.18 15:08:22 | 002,334,720 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\vmware.exe PRC - [2005.11.18 15:08:20 | 004,931,584 | ---- | M] (VMware, Inc.) -- C:\Programme\VMware\VMware Workstation\bin\vmware-vmx.exe PRC - [2005.11.18 14:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe PRC - [2005.11.02 04:06:04 | 000,241,664 | ---- | M] (AVM Berlin) -- C:\Programme\FRITZ!\IWatch.exe PRC - [2005.03.01 11:40:26 | 000,061,440 | ---- | M] (Siemens AG) -- C:\WINDOWS\system32\SerExt.exe PRC - [2003.12.01 10:58:44 | 000,627,712 | ---- | M] (TIO-Soft Kassel) -- C:\Programme\TIOsoft\ISpy\ISpy.exe PRC - [2003.10.07 17:07:44 | 000,449,536 | ---- | M] (SCM Microsystems) -- C:\WINDOWS\system32\sokscmnt.exe PRC - [2003.10.06 18:57:56 | 000,528,384 | ---- | M] (SCM Microsystems) -- C:\WINDOWS\system32\sokscmpn.exe PRC - [2002.11.21 10:50:00 | 000,037,888 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE PRC - [2001.11.14 14:23:12 | 000,086,016 | ---- | M] (Deutsche Telekom AG) -- C:\WINDOWS\system32\ctil2c32.exe PRC - [2001.09.11 13:33:34 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE PRC - [2001.09.11 12:05:16 | 000,549,376 | R--- | M] () -- C:\Programme\WinFax\WFXCTL32.EXE PRC - [2001.08.03 01:00:00 | 001,155,128 | ---- | M] (RVS Datentechnik GmbH, Munich) -- C:\WINDOWS\system32\Rvs_cent.exe PRC - [2000.10.22 14:08:44 | 000,550,400 | ---- | M] () -- C:\Programme\ToDo\ToDo.exe ========== Modules (SafeList) ========== MOD - [2011.07.13 17:04:35 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe MOD - [2011.06.17 08:01:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\system32\LMIRfsClientNP.dll MOD - [2011.05.14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll MOD - [2011.05.14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll MOD - [2011.02.15 17:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008.04.14 04:22:20 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll MOD - [2008.04.14 04:22:20 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll MOD - [2008.04.14 04:22:20 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll MOD - [2008.04.14 04:22:19 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll MOD - [2008.04.14 04:22:09 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll MOD - [2008.04.14 04:22:08 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll MOD - [2006.12.18 23:08:26 | 000,049,152 | ---- | M] (Andreas Viebke) -- C:\Programme\ShortCut\Shortdll.dll MOD - [2006.05.13 01:13:37 | 000,026,624 | ---- | M] () -- C:\Programme\Workrave\lib\harpoon.dll MOD - [2002.11.21 10:50:00 | 000,023,552 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\Scrolling\LGMSGHK.DLL MOD - [2002.11.21 10:50:00 | 000,006,144 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\MouseWare\system\LgWndHk.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - [2011.06.30 11:49:18 | 001,526,592 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2011.06.30 11:46:40 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2011.06.28 15:35:32 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2011.06.28 15:35:32 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2011.06.28 15:35:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.17 08:02:50 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\RaMaint.exe -- (LMIMaint) SRV - [2011.06.17 08:01:49 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011.06.16 08:15:42 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010.11.29 11:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R) SRV - [2010.11.08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Programme\LogMeIn\x86\LogMeIn.exe -- (LogMeIn) SRV - [2010.10.16 01:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2007.02.16 19:49:50 | 000,411,168 | ---- | M] (Acronis) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.01.20 11:20:00 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2005.11.18 15:08:26 | 000,217,088 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService) SRV - [2005.11.18 15:08:26 | 000,135,168 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service) SRV - [2005.11.18 15:08:24 | 000,106,496 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2005.11.18 14:54:34 | 000,245,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2) SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.03.01 11:45:30 | 000,327,680 | ---- | M] (Siemens) [Disabled | Stopped] -- C:\Programme\Gigaset DECT\talk&surf_6_0\xcontrolcom.exe -- (xControlCOM) SRV - [2003.10.07 17:07:44 | 000,449,536 | ---- | M] (SCM Microsystems) [Auto | Running] -- C:\WINDOWS\system32\sokscmnt.exe -- (SCM_Smart_Card_Office_Kernel) SRV - [2003.03.09 06:31:02 | 000,065,795 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2002.07.23 06:45:12 | 000,065,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV) SRV - [2001.08.03 01:00:00 | 001,155,128 | ---- | M] (RVS Datentechnik GmbH, Munich) [Auto | Running] -- C:\WINDOWS\system32\Rvs_cent.exe -- (RVS_CE) SRV - [2000.03.07 16:38:48 | 000,128,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc) ========== Driver Services (SafeList) ========== DRV - [2011.06.28 15:35:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.28 15:35:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.06.17 08:01:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.10.07 14:34:32 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2010.09.17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV - [2010.09.17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Programme\LogMeIn\x86\rainfo.sys -- (LMIInfo) DRV - [2010.05.13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant) DRV - [2010.04.19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2009.06.10 07:12:57 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.22 15:08:36 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2009.04.09 08:38:51 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.02.23 11:41:55 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2008.02.23 11:41:55 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter) DRV - [2008.02.23 11:41:22 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2007.12.04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2006.12.19 04:36:00 | 000,059,648 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPR3322K.sys -- (SPRx3x USB Smart Card Reader) DRV - [2006.12.19 04:36:00 | 000,059,648 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPR3322K.sys -- (SPR3322K) DRV - [2006.06.28 10:25:24 | 004,304,384 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2006.04.07 17:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB) DRV - [2006.02.26 23:46:20 | 000,081,408 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2005.11.24 01:00:00 | 000,053,632 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2005.11.18 15:08:28 | 000,023,424 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge) DRV - [2005.11.18 15:08:28 | 000,015,616 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif) DRV - [2005.11.18 15:08:28 | 000,009,600 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV - [2005.11.18 15:08:26 | 000,022,016 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon) DRV - [2005.11.18 15:08:26 | 000,021,888 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vmusb.sys -- (vmusb) DRV - [2005.11.18 15:08:24 | 000,094,848 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86) DRV - [2005.11.18 15:08:24 | 000,009,216 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmparport.sys -- (VMparport) DRV - [2005.11.18 14:54:34 | 000,011,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Programme\Gemeinsame Dateien\VMware\VMware Virtual Image Editing\vstor2.sys -- (vstor2) DRV - [2005.03.01 11:46:56 | 000,053,632 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Gigusb.sys -- (Gigusb) DRV - [2005.03.01 11:36:02 | 000,008,448 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DectEnum.sys -- (DectEnum) DRV - [2005.03.01 11:33:18 | 000,113,408 | ---- | M] (Siemens AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\siellif.sys -- (siellif) DRV - [2004.09.08 16:22:04 | 000,050,759 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IUAPIWDM.sys -- (IUAPIWDM) ISDN USB Interface (Ver. 1.20.0032) DRV - [2004.09.08 16:22:02 | 000,263,751 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hrcmpa.sys -- (HRCMPA) ISDN Wan driver (Ver. 1.20.0032) DRV - [2004.08.13 11:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor) DRV - [2003.09.17 05:05:00 | 000,182,853 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SPR132.sys -- (SPR132) DRV - [2003.09.09 10:28:16 | 000,048,660 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\spr332.sys -- (SPRx32 USB Smart Card Reader) DRV - [2002.11.15 04:15:00 | 000,012,640 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) DRV - [2002.11.08 11:50:00 | 000,070,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2) DRV - [2002.11.08 11:50:00 | 000,052,238 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2) DRV - [2002.07.15 12:43:04 | 000,073,660 | ---- | M] (elmeg Kommunikationstechnik) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElgTaDrv.sys -- (ElgTaDrv) DRV - [2002.06.21 16:06:54 | 000,153,689 | ---- | M] (Telekom) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elcapi20.sys -- (elcapi20) DRV - [2001.12.11 09:45:38 | 000,087,707 | ---- | M] (elmeg GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\elndiwan.sys -- (TCXDIWAN) DRV - [2001.08.10 07:00:00 | 000,003,252 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS -- (PQNTDrv) DRV - [2001.02.28 01:00:00 | 000,513,936 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase) DRV - [2001.02.28 01:00:00 | 000,029,968 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) DRV - [2000.11.14 00:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\avmport.sys -- (AVMPORT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2613550 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.10 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {c07d1a49-9894-49ff-a594-38960ede8fb9}:3.1.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749 FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=TKR&o=15589&locale=en_US&apn_uid=C2613992-436C-4BBF-909B-839BC4383F0F&apn_ptnrs=IY&apn_sauid=111D40F8-D0B3-4C80-A5FF-D1C56C468E1B&apn_dtid=YYYYYYYYDE&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Programme\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll (Google) FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll () FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Programme\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.07.21 07:14:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2011.06.20 16:36:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.22 09:01:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.22 09:01:07 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{86D92CB0-3EB2-4979-AD43-DF0341807D7F}: C:\Programme\Copernic Desktop Search 2\FirefoxToolbar\ [2008.02.22 19:17:02 | 000,000,000 | ---D | M] [2008.12.03 08:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2011.07.13 10:30:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions [2010.07.06 08:30:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.06.24 08:52:21 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.06.22 09:40:48 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} [2011.01.10 11:31:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.06.22 09:40:52 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.02.17 15:55:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\engine@conduit.com [2008.12.11 15:23:02 | 000,000,000 | ---D | M] ("Foxmarks Bookmark Synchronizer") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\foxmarks@kei(2).com [2009.12.09 21:46:12 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\foxmarks@kei(3).com [2011.06.17 08:33:44 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\foxmarks@kei.com [2011.07.12 18:21:26 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\LogMeInClient@logmein.com [2011.06.22 09:01:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\nostmp [2011.07.13 10:30:56 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\staged [2011.06.17 14:20:02 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\extensions\toolbar@ask.com [2011.07.12 12:47:18 | 000,002,567 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\searchplugins\askcom.xml [2011.06.20 14:06:30 | 000,000,943 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\jk2z7ovc.default\searchplugins\conduit.xml [2011.06.22 09:01:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.09.23 07:42:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} File not found (No name found) -- () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JK2Z7OVC.DEFAULT\EXTENSIONS\{C07D1A49-9894-49FF-A594-38960EDE8FB9}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMINISTRATOR\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JK2Z7OVC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2010.03.19 09:14:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [1999.12.31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2011.01.26 12:34:48 | 000,428,723 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14760 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Programme\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll (Copernic Technologies Inc.) O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Desktop Search 2) - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Programme\Copernic Desktop Search 2\DesktopSearchBand201013011.dll (Copernic Technologies Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CHIPDRIVEPinManager] C:\WINDOWS\system32\sokscmpn.exe (SCM Microsystems) O4 - HKLM..\Run: [Desktop SMS] C:\Programme\IDM\Desktop SMS\DesktopSMS.exe (Interactive Digital Media) O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [LogMeIn GUI] C:\Programme\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC) O4 - HKLM..\Run: [SerExt] C:\WINDOWS\System32\SerExt.exe (Siemens AG) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Appigo Sync] C:\Programme\Appigo Sync\Appigo Sync.exe (Appigo, Inc.) O4 - HKCU..\Run: [Copernic Desktop Search 2] C:\Programme\Copernic Desktop Search 2\DesktopSearchService.exe (Copernic Technologies Inc.) O4 - HKCU..\Run: [DIManager] M:\Download\DIManager\DIManager6.exe (PiX-ART.com) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ISpy ISDN Monitor.lnk = C:\Programme\TIOsoft\ISpy\ISpy.exe (TIO-Soft Kassel) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OUTLOOK.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ShortCut.lnk = C:\Programme\ShortCut\ShortCut.exe (Andreas Viebke) O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ToDo-Liste 3.5.lnk = C:\Programme\ToDo\ToDo.exe () O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\Workrave.lnk = C:\Programme\Workrave\lib\Workrave.exe () O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\WPP-Autostart.lnk = C:\Programme\WinProvex\Terminplaner\STARTKAL.EXE (Merzig) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Controller.LNK = C:\Programme\WinFax\WFXCTL32.EXE () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Device Detector 3.lnk = C:\Programme\Olympus\DeviceDetector\DevDtct2.exe (OLYMPUS IMAGING CORP.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HotSync Manager.lnk = C:\Programme\Palm\Hotsync.exe (PalmSource, Inc) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hp psc 1000 series.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\hpoddt01.exe.lnk = C:\Programme\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ISDNWatch.lnk = C:\Programme\FRITZ!\IWatch.exe (AVM Berlin) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\talk&surf 6.0 - Monitor.lnk = C:\Programme\Gigaset DECT\talk&surf_6_0\semon21.exe (Siemens AG) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\TAPICall.lnk = C:\Programme\TAPICall\TAPICall_Core.exe (CONVERGIT GmbH) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Zahlungserinnerung.lnk = C:\QUICKEN9\billmind.exe (Intuit) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1192128414694 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1192129794186 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Programme\DIALux\DLXToolBox.dll (DIAL GmbH, Germany) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - Reg Error: Key error. File not found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop Components:0 () - hxxp://www.eternit-flachdach.de/uploads/tx_templavoila/klimtop.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O27 - HKLM IFEO\hotsync.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\hotsyncwizard.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\hpod.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\instapp.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\outlookswitcher.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\palm.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\semon21.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O27 - HKLM IFEO\seshel21.exe: Debugger - "C:\Programme\TuneUp Utilities 2011\TUAutoReactivator32.exe" (TuneUp Software) O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - C:\Programme\WinFax\WFXSEH32.DLL (Symantec Corporation) O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.10.11 16:35:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{051ca241-ee71-11dc-b648-005056c00008}\Shell\AutoRun\command - "" = H:\wd_windows_tools\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.07.13 08:43:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Malwarebytes [2011.07.13 08:43:02 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2011.07.13 08:43:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.07.13 08:43:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.07.13 08:42:58 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.07.13 08:42:58 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.07.13 08:09:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2011.07.05 13:05:48 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2011.06.22 08:42:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\PriceGong [2011.06.22 08:41:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2011.06.20 16:21:00 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\WINDOWS\System32\vsutil_loc0407.dll [2011.06.20 16:20:59 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll [2011.06.20 16:20:58 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll [2011.06.20 16:20:58 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll [2011.06.20 16:20:54 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll [2011.06.20 16:20:53 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll [2011.06.20 16:20:53 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll [2011.06.20 16:20:52 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll [2011.06.20 16:20:52 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll [2011.06.20 16:20:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs [2011.06.20 16:20:51 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys [2011.06.20 16:20:51 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2011.06.20 16:20:32 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll [2011.06.20 16:20:32 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll [2011.06.20 16:20:32 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll [2011.06.20 16:16:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs [2011.06.20 16:13:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Application Data [2011.06.20 15:52:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\ForceField Shared Files [2011.06.20 15:52:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\CheckPoint [2011.06.20 15:50:33 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2011.06.20 07:40:26 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.06.17 11:17:39 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll [2011.06.17 08:14:10 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mup.sys [2011.06.17 08:05:05 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll [2011.06.16 08:37:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Brother [2011.06.16 08:36:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Brother [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [80 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.13 17:01:01 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011.07.13 16:58:00 | 000,001,240 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-688789844-839522115-500UA.job [2011.07.13 16:44:11 | 000,001,599 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2011.07.13 16:40:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.07.13 15:40:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.07.13 08:58:00 | 000,001,188 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-688789844-839522115-500Core.job [2011.07.13 08:43:02 | 000,000,770 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.07.13 08:02:24 | 000,000,682 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ShortCut.lnk [2011.07.13 08:00:36 | 000,191,270 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.07.13 07:59:38 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.07.13 07:58:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.07.11 20:05:31 | 000,001,265 | ---- | M] () -- C:\WINDOWS\XI420Ke.INI [2011.07.03 10:36:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011.07.01 08:11:52 | 000,572,778 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.07.01 08:11:52 | 000,515,794 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.07.01 08:11:52 | 000,131,632 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.07.01 08:11:52 | 000,101,372 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.06.30 11:54:02 | 000,031,552 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe [2011.06.30 11:46:40 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll [2011.06.29 17:59:15 | 000,002,438 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Google Chrome.lnk [2011.06.28 15:35:33 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.06.28 15:35:33 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.06.24 18:19:08 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2011.06.22 09:01:13 | 000,000,710 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.06.20 16:21:42 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml [2011.06.20 16:21:08 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat [2011.06.20 16:21:07 | 000,000,725 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ZoneAlarm Security.lnk [2011.06.20 09:22:45 | 000,000,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Interne Preisliste Elektro, Pneumatik.lnk [2011.06.20 07:40:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011.06.20 07:31:09 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.06.17 16:35:29 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.06.17 11:18:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2011.06.17 11:17:52 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2011.06.17 10:48:07 | 000,000,892 | ---- | M] () -- C:\WINDOWS\brwmark.ini [2011.06.17 08:01:52 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll [2011.06.17 08:01:50 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll [2011.06.17 08:01:49 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll [2011.06.16 08:35:54 | 000,000,836 | ---- | M] () -- C:\WINDOWS\brqikmon.ini [9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [80 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.13 08:43:02 | 000,000,770 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.06.22 09:01:13 | 000,000,716 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk [2011.06.22 09:01:13 | 000,000,710 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2011.06.20 16:21:07 | 000,000,725 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\ZoneAlarm Security.lnk [2011.06.20 16:20:51 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml [2011.06.20 09:22:45 | 000,000,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Interne Preisliste Elektro, Pneumatik.lnk [2011.06.17 11:18:01 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_netaapl_01009.Wdf [2011.06.17 11:17:52 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf [2010.06.29 10:21:57 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll [2010.06.29 10:21:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll [2010.02.18 13:49:49 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Dialux.ini [2009.10.28 18:31:27 | 000,191,488 | ---- | C] () -- C:\WINDOWS\System32\ProfMan.dll [2009.10.26 09:05:53 | 000,038,498 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Tabulatorgetrennte Werte (Windows).ADR [2009.10.26 08:56:38 | 000,038,479 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft Excel.ADR [2009.10.26 08:48:21 | 000,038,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft Access.ADR [2009.10.26 08:45:00 | 000,038,490 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Kommagetrennte Werte (DOS).ADR [2009.04.22 15:04:18 | 000,020,454 | ---- | C] () -- C:\WINDOWS\hpoins01.dat [2009.04.22 15:04:18 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat [2009.01.28 09:26:02 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe [2008.12.21 15:10:51 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2008.10.22 18:03:29 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2008.09.18 00:55:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.09.18 00:55:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008.09.18 00:55:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008.09.18 00:55:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008.09.18 00:55:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.09.18 00:55:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.09.18 00:55:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008.09.18 00:55:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008.09.18 00:55:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2008.09.17 09:06:08 | 000,040,976 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2008.08.05 18:12:04 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\Elalui32.dll [2008.08.04 17:24:00 | 000,423,184 | ---- | C] () -- C:\WINDOWS\System32\AvmFaxSP.dll [2008.08.04 17:24:00 | 000,070,416 | ---- | C] () -- C:\WINDOWS\System32\AvmSnd.dll [2008.07.03 11:07:43 | 000,007,718 | ---- | C] () -- C:\WINDOWS\cadx2.ini [2008.05.28 07:16:57 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll [2008.04.14 13:43:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008.03.20 13:48:56 | 000,000,123 | ---- | C] () -- C:\WINDOWS\INTUIT.INI [2008.03.11 09:08:42 | 000,000,696 | ---- | C] () -- C:\WINDOWS\HBCIKRNL.INI [2008.03.10 14:16:57 | 000,010,593 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2008.03.04 15:48:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\bau_vor.ini [2008.03.02 12:37:27 | 000,000,094 | ---- | C] () -- C:\WINDOWS\family.ini [2008.02.27 11:32:47 | 000,000,667 | ---- | C] () -- C:\WINDOWS\mozver.dat [2008.02.23 19:32:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI [2008.02.23 19:29:53 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL [2008.02.23 19:29:53 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI [2008.02.23 19:29:51 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL [2008.02.22 21:04:14 | 000,000,239 | ---- | C] () -- C:\WINDOWS\ktel.ini [2008.02.19 08:40:18 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2008.02.19 08:25:58 | 000,000,892 | ---- | C] () -- C:\WINDOWS\brwmark.ini [2008.02.19 08:17:46 | 000,000,836 | ---- | C] () -- C:\WINDOWS\brqikmon.ini [2008.02.17 18:23:08 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini [2008.02.17 18:04:07 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL [2008.02.17 18:02:19 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll [2008.02.17 15:35:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2008.02.17 15:24:52 | 000,696,320 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\XCMHook.dll [2008.02.17 15:24:52 | 000,024,576 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\XCPCMenu.exe [2008.02.13 11:58:17 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.02.10 18:36:56 | 000,000,058 | -H-- | C] () -- C:\WINDOWS\System32\Favorites.ini [2008.02.05 13:53:53 | 000,011,304 | ---- | C] () -- C:\WINDOWS\RS_SQLIF.INI [2008.02.05 13:53:53 | 000,000,030 | ---- | C] () -- C:\WINDOWS\RS_RUN.INI [2008.02.05 12:17:08 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI [2008.02.03 19:27:04 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat [2008.02.01 20:01:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\IPPCPUID.DLL [2008.02.01 20:01:09 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\pmsbfn32.dll [2008.02.01 19:59:59 | 000,000,411 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2008.01.20 16:46:48 | 000,000,726 | ---- | C] () -- C:\WINDOWS\WINWORD6.INI [2008.01.20 16:45:36 | 000,002,122 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI [2008.01.20 16:45:36 | 000,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI [2008.01.20 15:19:22 | 000,335,872 | ---- | C] () -- C:\WINDOWS\System32\ldf252.dll [2008.01.19 17:37:13 | 000,005,990 | ---- | C] () -- C:\WINDOWS\icoadb32.dat [2008.01.19 12:20:04 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys [2007.10.12 21:18:13 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2007.10.12 20:32:01 | 000,055,808 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.10.12 20:18:20 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ICOA.INI [2007.10.12 20:18:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QFN.ini [2007.10.12 20:18:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QDQICK.ini [2007.10.12 20:10:53 | 000,000,019 | ---- | C] () -- C:\WINDOWS\LxRegi.INI [2007.10.12 19:53:03 | 000,001,599 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2007.10.12 19:53:03 | 000,000,052 | ---- | C] () -- C:\WINDOWS\Intuprof.ini [2007.10.12 19:39:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2007.10.12 18:20:14 | 000,000,518 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007.10.12 18:02:57 | 000,001,265 | ---- | C] () -- C:\WINDOWS\XI420Ke.INI [2007.10.12 17:50:13 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2007.10.12 17:45:16 | 000,072,462 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\firstlsp.reg.dat [2007.10.12 17:33:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini [2007.10.12 17:32:31 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe [2007.10.12 09:37:23 | 001,284,280 | ---- | C] () -- C:\WINDOWS\System32\XMNT2001.EXE [2007.10.12 09:37:23 | 000,003,252 | ---- | C] () -- C:\WINDOWS\System32\drivers\PQNTDRV.SYS [2007.10.11 17:16:27 | 000,018,852 | ---- | C] () -- C:\WINDOWS\System32\Dc147.dll [2007.10.11 17:16:27 | 000,018,372 | ---- | C] () -- C:\WINDOWS\System32\Dc146.dll [2007.10.11 17:15:04 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007.10.11 17:14:17 | 000,269,392 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007.10.11 16:37:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007.10.11 16:33:33 | 000,023,504 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007.06.30 15:02:48 | 000,061,440 | ---- | C] () -- C:\WINDOWS\ST4UNST.EXE [2007.02.05 15:48:36 | 000,016,828 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2007.02.05 15:48:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2007.02.05 15:48:28 | 000,016,562 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2007.02.05 14:24:28 | 000,018,271 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2007.02.05 14:24:26 | 000,099,999 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2004.08.04 02:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2003.03.09 06:31:04 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2001.08.18 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.18 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.18 14:00:00 | 000,572,778 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.08.18 14:00:00 | 000,515,794 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.18 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.18 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.08.18 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.18 14:00:00 | 000,131,632 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.08.18 14:00:00 | 000,101,372 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.18 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.18 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.08.18 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.18 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.18 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999.01.26 23:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C647387D < End of report > OTL Extras logfile created on: 13.07.2011 17:04:58 - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,38 Gb Available Physical Memory | 18,80% Memory free 3,34 Gb Paging File | 1,57 Gb Available in Paging File | 47,06% Paging File free Paging file location(s): c:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 48,83 Gb Total Space | 14,81 Gb Free Space | 30,33% Space Free | Partition Type: NTFS Drive D: | 33,60 Gb Total Space | 30,69 Gb Free Space | 91,32% Space Free | Partition Type: NTFS Drive F: | 51,10 Gb Total Space | 47,90 Gb Free Space | 93,74% Space Free | Partition Type: NTFS Drive G: | 15,51 Gb Total Space | 15,45 Gb Free Space | 99,59% Space Free | Partition Type: NTFS Drive M: | 73,27 Gb Total Space | 39,47 Gb Free Space | 53,86% Space Free | Partition Type: NTFS Drive N: | 73,27 Gb Total Space | 28,75 Gb Free Space | 39,24% Space Free | Partition Type: NTFS Computer Name: UWE | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "FirstRunDisabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] "DisableMonitoring" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP" = 1900:UDP:LocalSubNet  isabled:@xpsp2res.dll,-22007"2869:TCP" = 2869:TCP:LocalSubNet isabled:@xpsp2res.dll,-22008"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics "{117C01B5-9D68-4A15-85E2-A7CDFA82CEB9}" = OpenMG Secure Module 3.1 "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4803" = CanoScan 4400F "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{1C4A3683-C731-4DA5-8AF4-31201995696C}" = TAPICall 4.0.80 "{1E5007FA-DA5E-4EDD-BDE5-14D128D66887}" = PowerQuest PartitionMagic 7.0 "{1FC11AA5-49F6-4567-BEB6-6744BE8DB84C}" = Digitale Telefonauskunft auf CD-ROM "{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011 "{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21 "{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0 "{2A16323A-3CF4-4C2E-BE18-C0D9ACB7AD5B}" = 4Team ShareO "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{307B9D04-A1F4-48EA-809C-DF7FA9C4BB6D}" = Presto! PageManager 7.15.13 "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00 "{3B6A3576-1844-4C99-AB0E-FD06D75DC1F0}" = SPRx32 CT-API und PC/SC Treiber Installation "{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis*True*Image*Home "{48A39B02-21D5-4C73-915E-09C90A13971D}" = XI420 CAPI V1.25 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E603413-3215-49BE-B225-069923BBF9DA}" = SmokeWorks "{541FFA8F-2772-4FA7-A63E-F98493A1EEE1}" = T-Concept XI420 TAPI "{552171BC-30F8-3B29-9C4F-E3FE590B7CAC}" = Google Gears "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.75 "{5980B928-1C95-4B3E-957B-B02D8147FF9E}" = Desktop SMS "{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE) "{688200EE-B071-4E14-809F-622C92FA8CE9}" = SX3x3 Firmware "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69CA3A84-6CE4-41C3-9E5F-69135D18D751}" = Gigaset SX3x3isdn "{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7644618A-76C0-41B0-ABA2-34E3A548D96A}" = DruckStudio Fax-Cartoons "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7AE38076-D8FD-4EF9-A203-98A3EF0C66C1}" = Siemens Data Suite "{7DC96EAC-E214-4CD7-9946-E4565A17BA97}" = Outlook Mapping Add In "{7E7C9FB7-711A-4FF0-B22F-42BD08652096}" = talk&surf 6.0 "{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE) "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{89B2ECA9-C617-482C-AD0A-F757AD1C4B87}" = DDBAC "{8B5D4884-2ACF-4230-8A00-FC569EDDA2D7}" = Olympia Chronik 2004 "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90E00407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003 "{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{927AE974-7B5B-463B-A672-D3B048664D6B}" = T-Concept XI420 "{981EF798-BF48-497D-9255-77E238F9991F}" = Appigo Sync "{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One "{98D1A713-438C-4A23-8AB6-41B37C4A2D47}" = VMware Workstation "{98F2555F-6749-49BA-949F-FC887831A524}" = Palm Desktop by ACCESS "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.2 - Deutsch "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Speicher-Disc "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007 "{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series "{C9115565-111A-4DFB-9C92-9F79D55686B8}" = Bucharchiv "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB38554F-58F5-4831-8AFA-F7FB888D6740}" = 3D-Weltatlas "{CC016F21-3970-11DE-B878-005056806466}" = Google Earth "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player "1&1 EasyLogin" = 1&1 EasyLogin "ABViewer 6.1_is1" = ABViewer 6 "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Avira AntiVir Desktop" = Avira AntiVir Premium "AVM ISDN TAPI Services" = AVM ISDN TAPI Services for CAPI "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0 "CCleaner" = CCleaner (remove only) "CDex" = CDex extraction audio "CHIPDRIVE Smartcard Tools Light_CDInst21" = CHIPDRIVE Smartcard Tools Light "conduitEngine" = Conduit Engine "CopernicDesktopSearch2" = Copernic Desktop Search 2 "DasTelefonbuch GelbeSeiten Map & Route" = DasTelefonbuch GelbeSeiten Map & Route "DIALux" = DIALux 4.7 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "EXPERTool_is1" = EXPERTool 6.4 "FastStone Image Viewer" = FastStone Image Viewer 3.2 "FE5AE7DC-7B01-4263-A94C-B4526C276549_is1" = iPhone Explorer "FinePrint" = FinePrint "Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1 "FreeBee" = FreeBee "FRITZ! 2.0" = AVM FRITZ! "Google Updater" = Google Updater "GPL Ghostscript 8.63" = GPL Ghostscript 8.63 "Handwerk Version 1.1" = KHK Handwerk "HDMI" = Intel(R) Graphics Media Accelerator Driver "HijackThis" = HijackThis 1.99.0 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HP DeskJet 1220C Drucker" = HP DeskJet 1220C Drucker "HP PSC 1200 Series" = HP Foto und Bildbearbeitung 2.0 - hp psc 1200 series "HPW8 Toolbox" = HP DeskJet 1220C Toolbox "InstallShield_{8B5D4884-2ACF-4230-8A00-FC569EDDA2D7}" = Olympia Chronik 2004 "InstallShield_{CB38554F-58F5-4831-8AFA-F7FB888D6740}" = 3D-Weltatlas "ISpy ISDN Monitor" = ISpy ISDN Monitor 2.01.233 "KeePass Password Safe_is1" = KeePass Password Safe 1.14 "Keseling Newsletter Mailer 1.0.2_is1" = Keseling Newsletter Mailer 1.0.2 "Kronen-Design_is1" = Kronen-Design 1.33 "LiveReg" = LiveReg (Symantec Corporation) "LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200 "McAfee Security Scan" = McAfee Security Scan Plus "Medion GoPal Assistant" = Medion GoPal Assistant 4.03.006 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "NeroMultiInstaller!UninstallKey" = Nero Suite "NVIDIA Drivers" = NVIDIA Drivers "OpenMG HotFix3.1-02-08-09-01" = OpenMG Limited Patch 3.1-02-12-04-01 "OpenMG HotFix3.1-02-08-15-01" = OpenMG Limited Patch 3.1-02-10-22-01 "PC-Bibliothek Express" = PC-Bibliothek Express "PDF Editor 2" = PDF Editor 2 "pdfFactory Pro" = pdfFactory Pro "Picasa 3" = Picasa 3 "POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.0 "Quicken2002" = Quicken2002 "RealPlayer 6.0" = RealPlayer "ShortCut_is1" = ShortCut Autotype Application "SKS CD-Menü 4.7_is1" = SKS CD-Menü 4.7 "softonic-de3 Toolbar" = softonic-de3 Toolbar "ST4UNST #2" = WinProvex-Terminplaner (C:\Programme\WinProvex\Terminplaner\) "ST6UNST #1" = WinProvex-Terminplaner 5.32 "TuneUp Utilities 2011" = TuneUp Utilities 2011 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinFax" = Symantec WinFax PRO "WinRAR archiver" = WinRAR Archivierer "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Workrave_is1" = Workrave 1.8.3 "ZoneAlarm" = ZoneAlarm "ZoneAlarm Toolbar" = ZoneAlarm Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 16.06.2011 02:12:20 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 16.06.2011 02:12:20 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 20.06.2011 10:08:04 | Computer Name = UWE | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. Error - 22.06.2011 04:32:16 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung zurückgegeben. . Error - 22.06.2011 04:32:16 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 22.06.2011 04:32:17 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 22.06.2011 04:32:17 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 22.06.2011 04:32:17 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 22.06.2011 04:32:17 | Computer Name = UWE | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 23.06.2011 14:23:27 | Computer Name = UWE | Source = WmiAdapter | ID = 4099 Description = Dienst konnte nicht geöffnet werden. [ OSession Events ] Error - 28.12.2009 05:45:52 | Computer Name = UWE | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 110 seconds with 60 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.07.2011 01:39:40 | Computer Name = UWE | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst HTTP-SSL. Error - 11.07.2011 01:39:40 | Computer Name = UWE | Source = Service Control Manager | ID = 7000 Description = Der Dienst "HTTP-SSL" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error - 13.07.2011 03:21:40 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. Error - 13.07.2011 03:22:24 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. Error - 13.07.2011 03:23:06 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. Error - 13.07.2011 07:53:55 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. Error - 13.07.2011 07:57:46 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. Error - 13.07.2011 08:03:35 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. Error - 13.07.2011 08:04:29 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. Error - 13.07.2011 10:49:07 | Computer Name = UWE | Source = SCardSvr | ID = 610 Description = Smartcardleser "SCM Microsystems Inc. SPRx32 USB Smart Card Reader 0" verweigerte IOCTL EJECT: Die Anforderung wird nicht unterstützt. < End of report > könnt ihr etwas in Richtung Trojaner finden oder ist es ein falscher Alarm? Vielen Dank schon im voraus. |
|
13.07.2011, 20:43
| #2 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Search & Destroy\SDShred.exe' wurde ein Virus 'TR/Crypt.XPACK.Gen' gefunden.Zitat:
Zitat:
Dass TU sinnfrei bis kontraproduktiv ist wohl klar oder? Zitat:
 Deinstallieren und Windows-Firewall verwenden!
__________________ |
|
14.07.2011, 08:16
| #3 |
| | Search & Destroy\SDShred.exe' wurde ein Virus 'TR/Crypt.XPACK.Gen' gefunden. Hallo cosinus,
__________________vielen Dank für die schnelle Antwort. Erst mal schön das es nichts ernstes sein soll. Das ZA drauf ist, reine Gewohnheit, da das Programm vor 5 Jahren noch Stand der Technik war. ZA ist runter, verwende jeztzt Windows-Firewall. TU habe ich direkt von deren Homepage aktualisiert. Verwende ich weil es die Registry sauber hält und ich einfach Einstellungen vorhehmen kann. Gruß Uwe |
|
14.07.2011, 10:14
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Search & Destroy\SDShred.exe' wurde ein Virus 'TR/Crypt.XPACK.Gen' gefunden.Zitat:
CCleaner bietet außerdem noch eine Bereinigung der Registry an. Wir empfehlen dies auf keinen Fall. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
| Themen zu Search & Destroy\SDShred.exe' wurde ein Virus 'TR/Crypt.XPACK.Gen' gefunden. |
| 0x00000001, alternate, antivir, application/pdf, application/pdf:, avira, bho, bonjour, bookmark, canon, checkpoint, chronik, converter, desktop, error, fehler, firefox, flash player, helper, hijack, hijackthis, logfile, microsoft office word, mozilla, office 2007, olympia, olympus, plug-in, realtek, registry, remote access, safer networking, scan, security, security scan, security update, shell32.dll, shortcut, software, symantec, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen', tracker, trojan, trojaner, version=1.0, virus |
Linear-Darstellung
