|
Log-Analyse und Auswertung: Windows wird nach dem Booten blockiertWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
16.01.2012, 20:49 | #1 |
| Windows wird nach dem Booten blockiert Hallo, gestern Abend ist bei mir Windows blockiert worden! Es ging ein Fenster, dass sehr ähnlich der Windows XP Oberfläche war. Ich wurde aufgefordert ein kostenpflichtiges Uprgrade herunterzuladen. Weder der Task-Manager noch sonstige Befehle reagierten. Ich fuhr den PC herunter und startete ihn erneut, wieder kam die Anzeige, dass ich das Upgrade herunterladen solle. Nach wiederholtem Herunterfahren startete ich den PC erneut und wählte ein anderes Benutzerkonto aus. Hier funktionierte alles einwandfrei. Ich führte mehrere Virenscans mit Avira, Malwarebytes und OTL, von Oldtimer, durch. Alle zeigten mir an, dass auf meinem PC infizierte Dateien seien. Ich stellte diese erst alle unter Quarantäne und löschte sie anschliesend. Seit dem kann ich wieder ohne Probleme auf das normale Benutzerkonto zugreifen. Heute habe ich einen weiteren Scan mit Malwarebytes und Eset Online Scanner vollzogen, beide reagierten auf eine bzw. zwei infizierte Dateien. Im Anhang finden Sie die 2 log Dateien von OTL und die log Dateien von Malwarebytes und Eset von heute. Kann ich das Problem mit einer Neuinstallation von Windows XP beheben? Vielen Dank schon im voraus Itzi Bitzi OTL.Txt: Code:
ATTFilter OTL logfile created on: 16.01.2012 18:06:43 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Philipp\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 81,75% Memory free 5,09 Gb Paging File | 4,55 Gb Available in Paging File | 89,43% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,87 Gb Total Space | 66,80 Gb Free Space | 57,16% Space Free | Partition Type: NTFS Drive D: | 116,87 Gb Total Space | 116,04 Gb Free Space | 99,29% Space Free | Partition Type: NTFS Computer Name: J-A2C5850B7D6C4 | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.01.16 18:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Philipp\Desktop\OTL.exe PRC - [2012.01.10 15:06:00 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.05.10 01:41:12 | 000,049,208 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP Software Update\hpwuschd2.exe PRC - [2011.04.08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe PRC - [2011.04.08 11:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2008.11.28 02:28:34 | 000,446,571 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe PRC - [2008.11.28 02:28:34 | 000,237,665 | ---- | M] (IDT, Inc.) -- c:\Programme\IDT\5902XP_6033V_012208\WDM\stacsv.exe PRC - [2008.06.03 10:25:38 | 000,110,647 | ---- | M] (Hauppauge Computer Works) -- C:\Programme\WinTV\Ir.exe PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.02.02 17:26:44 | 000,283,136 | ---- | M] (AVM Berlin) -- C:\Programme\avmwlanstick\FRITZWLANMini.exe PRC - [2006.09.14 21:09:07 | 000,157,592 | ---- | M] (DT Soft Ltd.) -- C:\Programme\DAEMON Tools\daemon.exe PRC - [2004.03.04 16:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe PRC - [2003.11.12 04:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE ========== Modules (No Company Name) ========== MOD - [2012.01.11 13:53:42 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\62e34cfb5a8b233667c7c5a47a32ad93\System.Web.ni.dll MOD - [2012.01.10 20:56:38 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2012.01.10 15:05:59 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.12.31 17:07:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll MOD - [2011.12.01 18:42:25 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll MOD - [2011.12.01 18:41:42 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d86a3346c3d90ff12d0df9d7726f3ece\Accessibility.ni.dll MOD - [2011.12.01 17:36:29 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll MOD - [2011.12.01 17:36:25 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\71a2ae9ad561a62181cbd9fb11e9de7a\System.Windows.Forms.ni.dll MOD - [2011.12.01 17:36:16 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll MOD - [2011.12.01 17:35:30 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll MOD - [2011.12.01 17:35:25 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.10.07 16:22:13 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.08.17 17:52:02 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2009.08.13 10:04:47 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.08.13 10:04:47 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3343.28356__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.dll MOD - [2009.08.13 10:04:47 | 000,008,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3343.28356__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.dll MOD - [2009.08.13 10:04:47 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3343.28359__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.dll MOD - [2009.08.13 10:04:47 | 000,007,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3343.28356__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.dll MOD - [2009.08.13 10:04:46 | 001,728,512 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.08.13 10:04:46 | 000,692,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3343.28295__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.dll MOD - [2009.08.13 10:04:46 | 000,491,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3343.28338__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.08.13 10:04:46 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3343.28315__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll MOD - [2009.08.13 10:04:46 | 000,290,816 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3343.28200__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.08.13 10:04:46 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.08.13 10:04:46 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3343.28339__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:46 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3343.28229__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:46 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3343.28309__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.08.13 10:04:46 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3343.28213__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:46 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3343.28281__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.08.13 10:04:46 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2009.08.13 10:04:46 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3343.28228__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll MOD - [2009.08.13 10:04:46 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3343.28213__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2009.08.13 10:04:45 | 000,364,544 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:45 | 000,094,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3343.28289__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.08.13 10:04:45 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3343.28288__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.08.13 10:04:43 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3343.28265__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:43 | 000,798,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3343.28310__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:43 | 000,712,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3343.28215__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:43 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:43 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3343.28257__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:43 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3343.28301__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2009.08.13 10:04:43 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3343.28230__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:43 | 000,126,976 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:43 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.08.13 10:04:43 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3343.28236__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.08.13 10:04:43 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3343.28278__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.08.13 10:04:43 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3343.28279__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.08.13 10:04:42 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3343.28282__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:42 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2009.08.13 10:04:42 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3343.28263__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.08.13 10:04:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3343.28264__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.08.13 10:04:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.08.13 10:04:42 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.08.13 10:04:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2009.08.13 10:04:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2009.08.13 10:04:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.08.13 10:04:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.08.13 10:04:42 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.08.13 10:04:42 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009.08.13 10:04:41 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.08.13 10:04:41 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3309.28618__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2009.08.13 10:04:41 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2009.08.13 10:04:41 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2009.08.13 10:04:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3309.28644__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2009.08.13 10:04:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.08.13 10:04:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.08.13 10:04:41 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3309.28669__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2009.08.13 10:04:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3309.28630__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2009.08.13 10:04:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3309.28620__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2009.08.13 10:04:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2009.08.13 10:04:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3309.28611__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2009.08.13 10:04:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3309.28645__90ba9c70f846762e\DEM.OS.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3309.28630__90ba9c70f846762e\DEM.Graphics.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3309.28617__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.08.13 10:04:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.08.13 10:04:40 | 000,503,808 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3343.28368__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2009.08.13 10:04:40 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3309.28634__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3343.28347__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2009.08.13 10:04:40 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3309.28636__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3309.28624__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3309.28632__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3309.28627__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3309.28635__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2009.08.13 10:04:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3309.28612__90ba9c70f846762e\ResourceManagement.Foundation.Private.dll MOD - [2009.08.13 10:04:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2009.08.13 10:04:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3309.28626__90ba9c70f846762e\APM.Foundation.dll MOD - [2009.08.13 10:04:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.08.13 10:04:40 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2009.08.13 10:04:40 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2009.08.13 10:04:40 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3343.28197__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.08.13 10:04:39 | 001,142,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3343.28207__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.08.13 10:04:39 | 000,544,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3343.28321__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009.08.13 10:04:39 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3343.28221__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.08.13 10:04:39 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3343.28330__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.08.13 10:04:39 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3343.28198__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.08.13 10:04:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3343.28328__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2009.08.13 10:04:39 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3343.28199__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2009.08.13 10:04:39 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.08.13 10:04:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3309.28608__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2009.08.13 10:04:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3309.28614__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2009.08.13 10:04:39 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3309.28627__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2009.08.13 10:04:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3309.28626__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2009.08.13 10:04:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.08.13 10:04:38 | 000,081,920 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3343.28199__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.08.13 10:04:38 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3343.28198__90ba9c70f846762e\APM.Server.dll MOD - [2009.08.13 10:04:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3343.28197__90ba9c70f846762e\AEM.Server.dll MOD - [2009.08.13 10:04:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.08.13 10:04:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.08.13 10:04:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3343.28329__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.08.13 10:04:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.10.30 13:39:12 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2008.04.14 06:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.07.14 06:34:00 | 000,007,680 | ---- | M] () -- C:\Programme\DAEMON Tools\Plugins\Images\bw5mount.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.03 21:43:45 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2008.11.28 02:28:34 | 000,237,665 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\Programme\IDT\5902XP_6033V_012208\WDM\stacsv.exe -- (STacSV) SRV - [2008.06.02 14:55:26 | 000,823,296 | ---- | M] (Hauppauge Computer Works) [On_Demand | Stopped] -- C:\Programme\WinTV\HCWTVServer.exe -- (HauppaugeTVServer) SRV - [2006.05.10 10:59:04 | 000,353,912 | ---- | M] (Protection Technology (StarForce)) [Auto | Stopped] -- C:\WINDOWS\System32\sfrem01.exe -- (sfrem01) SF FrontLine Drivers Auto Removal (v1) SRV - [2003.11.12 04:48:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2003.06.19 22:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM) ========== Driver Services (SafeList) ========== DRV - [2011.12.08 16:33:39 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.14 19:04:29 | 000,611,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011.08.03 21:27:28 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.06 12:50:24 | 000,097,792 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ACEDRV05.sys -- (ACEDRV05) DRV - [2009.02.25 23:58:57 | 003,565,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008.11.28 02:28:34 | 001,392,498 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2008.08.07 12:14:56 | 000,111,360 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007.10.12 02:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdide.sys -- (amdide) DRV - [2007.02.06 14:27:02 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hcwPP2.sys -- (hcwPP2) DRV - [2007.01.26 01:00:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007.01.26 01:00:00 | 000,004,352 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject) DRV - [2006.05.10 09:59:04 | 000,052,224 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x) DRV - [2006.05.10 09:39:38 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2006.05.10 09:20:28 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/Acrobat,version=5.1: C:\Programme\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.10 15:06:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.17 17:39:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Mozilla\Extensions [2011.07.04 14:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Mozilla\Firefox\Profiles\2tryeyho.default\extensions [2011.07.04 14:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Mozilla\Firefox\Profiles\2tryeyho.default\extensions\chrome [2011.07.04 14:53:35 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Mozilla\Firefox\Profiles\2tryeyho.default\extensions\components [2011.11.28 16:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.10 15:06:00 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.01.10 15:05:53 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.10 15:05:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.01.10 15:05:53 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.10 15:05:53 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.10 15:05:53 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.10 15:05:53 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.28 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Programme\IMinent Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Programme\IMinent Toolbar\tbcore3.dll () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLANMini.exe (AVM Berlin) O4 - HKLM..\Run: [DAEMON Tools] C:\Programme\DAEMON Tools\daemon.exe (DT Soft Ltd.) O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\hpwuschd2.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKCU..\Run: [{C6D13E87-8775-11DE-B5D0-806D6172696F}] C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Microsoft\dllhsts.exe File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\AutoStart IR.lnk = C:\Programme\WinTV\Ir.exe (Hauppauge Computer Works) O4 - Startup: C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Java Plug-in 1.5.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} file://J:\berufsscout\swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 82.212.62.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F75BE0D2-C8C9-48C3-92B7-B8819AA1C61B}: DhcpNameServer = 78.42.43.62 82.212.62.62 O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.08.13 08:45:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{b491659a-23e1-11e0-94bb-002511250a74}\Shell - "" = AutoRun O33 - MountPoints2\{b491659a-23e1-11e0-94bb-002511250a74}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b491659a-23e1-11e0-94bb-002511250a74}\Shell\AutoRun\command - "" = K:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.01.16 18:05:34 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Philipp\Desktop\OTL.exe [2012.01.16 01:13:28 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Philipp\Recent [2012.01.15 23:35:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.01.15 23:35:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.01.15 23:35:42 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.01.15 23:35:42 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.01.15 22:35:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2012.01.14 10:18:37 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Philipp\Eigene Dateien\Dropbox [2012.01.14 10:17:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Dropbox [2012.01.14 10:17:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Dropbox [2012.01.13 21:07:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.01.05 17:53:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner [2012.01.05 17:53:47 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2012.01.05 15:35:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.01.05 15:35:32 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.01.16 18:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Philipp\Desktop\OTL.exe [2012.01.16 18:00:21 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.01.16 18:00:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.01.16 00:42:00 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.01.15 23:35:45 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.14 10:18:37 | 000,001,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\Desktop\Dropbox.lnk [2012.01.14 10:17:43 | 000,001,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\Dropbox.lnk [2012.01.10 20:56:57 | 000,519,686 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.01.10 20:56:57 | 000,495,958 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.01.10 20:56:57 | 000,101,490 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.01.10 20:56:57 | 000,084,442 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.01.07 10:48:45 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.01.06 21:47:00 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.03 20:13:51 | 000,000,173 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\msmathematics.qat.Philipp [2011.12.31 17:57:41 | 000,178,069 | ---- | M] () -- C:\Dokumente und Einstellungen\Philipp\Desktop\GE1_1MEB_Formelsammlung_v2(1).pdf [2011.12.31 17:07:36 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.01.15 23:35:45 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.01.14 10:18:37 | 000,001,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Desktop\Dropbox.lnk [2012.01.14 10:17:43 | 000,001,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Startmenü\Programme\Autostart\Dropbox.lnk [2011.12.31 17:57:41 | 000,178,069 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Desktop\GE1_1MEB_Formelsammlung_v2(1).pdf [2011.12.31 17:07:36 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2011.12.18 13:11:06 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Desktop\Microsoft Mathematics.lnk [2011.12.16 18:49:57 | 000,433,208 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2011.12.16 17:43:15 | 000,000,173 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\msmathematics.qat.Philipp [2011.10.31 21:28:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.09.27 18:23:14 | 002,428,456 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1606980848-484763869-725345543-1005-0.dat [2011.09.27 18:23:14 | 000,389,298 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2011.05.12 10:26:23 | 000,010,409 | ---- | C] () -- C:\WINDOWS\hpdj3840.ini [2011.01.19 16:35:20 | 000,097,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010.12.13 13:06:54 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.03.02 17:10:20 | 000,000,211 | ---- | C] () -- C:\WINDOWS\nanoPEG.ini [2010.02.11 16:41:30 | 000,000,528 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010.02.07 18:28:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.08.25 21:08:53 | 000,010,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.25 13:00:27 | 000,024,501 | R--- | C] () -- C:\WINDOWS\System32\MWhid.sys [2009.08.25 13:00:27 | 000,000,266 | R--- | C] () -- C:\WINDOWS\System32\megastore.ini [2009.08.25 13:00:25 | 002,990,080 | R--- | C] () -- C:\WINDOWS\System32\IPdlg.exe [2009.08.13 10:46:28 | 000,001,870 | ---- | C] () -- C:\WINDOWS\vtplus32.ini [2009.08.13 10:46:25 | 000,000,382 | ---- | C] () -- C:\WINDOWS\HCWBlast_sav.ini [2009.08.13 10:46:25 | 000,000,248 | ---- | C] () -- C:\WINDOWS\HCWBlast.ini [2009.08.13 10:35:50 | 000,025,859 | ---- | C] () -- C:\WINDOWS\Irremote.ini [2009.08.13 10:35:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll [2009.08.13 10:35:32 | 000,000,507 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.08.13 10:35:31 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\hcwChDB.dll [2009.08.13 10:35:13 | 000,005,615 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI [2009.08.13 10:34:08 | 000,066,048 | ---- | C] () -- C:\WINDOWS\System32\hcwXDS.dll [2009.08.13 10:05:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009.08.13 10:04:05 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009.08.13 08:47:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009.08.13 08:42:49 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009.08.12 19:33:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009.08.12 19:32:23 | 000,685,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009.02.25 21:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009.02.25 21:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009.01.26 18:55:37 | 000,182,995 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2008.10.21 18:40:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2008.10.21 18:40:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2008.06.11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008.06.11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008.06.11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008.06.11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008.06.11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008.06.11 08:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008.06.11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008.06.11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008.06.11 08:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2006.02.28 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006.02.28 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006.02.28 13:00:00 | 000,519,686 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006.02.28 13:00:00 | 000,495,958 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006.02.28 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006.02.28 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006.02.28 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006.02.28 13:00:00 | 000,101,490 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006.02.28 13:00:00 | 000,084,442 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006.02.28 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006.02.28 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006.02.28 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006.02.28 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006.02.28 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006.02.28 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006.02.28 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2004.09.05 07:59:50 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2004.09.05 07:58:04 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2004.03.03 08:50:56 | 000,004,460 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat [2004.02.11 19:39:07 | 000,000,316 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [1999.02.19 14:09:00 | 000,193,536 | ---- | C] () -- C:\WINDOWS\System32\LOADSERV.DLL ========== LOP Check ========== [2011.10.05 15:57:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco [2010.12.25 10:56:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Codemasters [2010.03.03 14:00:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2012.01.16 18:00:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Dropbox [2011.05.05 16:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Feuerwache [2010.03.02 17:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\InterTrust [2011.05.15 20:11:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\JavaEditor [2011.08.01 19:25:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\My Games [2011.10.07 16:22:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\OpenOffice.org [2011.04.20 16:06:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Sierra [2011.09.26 18:05:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Toolbar4 [2010.03.03 14:00:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Ulead Systems ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 16.01.2012 18:06:43 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Philipp\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 81,75% Memory free 5,09 Gb Paging File | 4,55 Gb Available in Paging File | 89,43% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 116,87 Gb Total Space | 66,80 Gb Free Space | 57,16% Space Free | Partition Type: NTFS Drive D: | 116,87 Gb Total Space | 116,04 Gb Free Space | 99,29% Space Free | Partition Type: NTFS Computer Name: J-A2C5850B7D6C4 | User Name: Philipp | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\mswt kart 2004\MSWorldTour.exe" = C:\Programme\mswt kart 2004\MSWorldTour.exe:*:Enabled:MSWorldTour "C:\Programme\Codemasters\F1 2010\F1_2010_game.exe" = C:\Programme\Codemasters\F1 2010\F1_2010_game.exe:*:Enabled:F1 2010 -- (Codemasters) "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google) "C:\Programme\Empire Interactive\FlatOut2\FlatOut2.exe" = C:\Programme\Empire Interactive\FlatOut2\FlatOut2.exe:*:Enabled:FlatOut2 -- () "C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center "{068502DA-6979-4D9A-BBE1-C3AD0FF11F19}" = Ulead FilmBrennerei 2 SE "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22 "{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26 "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22 "{3293C06B-003F-4027-8380-FFD79E38167D}" = Tony Hawk's American Wasteland "{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4324BC93-C82F-ED16-BA86-5E34B9E05303}" = ccc-core-static "{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010 "{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4D090F70-6F08-4B60-9357-A1DFD4458F09}" = Microsoft Mathematics "{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New "{4F0C7CCF-5666-474B-B02E-AC514A95EC93}" = NVIDIA GAME System Software 2.8.1 "{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall "{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing "{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins "{65FBA21B-7F80-4E4E-B275-0958D2648F94}_is1" = Java-Editor 9.19a, 2010.01.22 "{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}" = Need for Speed™ Most Wanted "{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility "{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch "{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield "{B151F020-1DEE-4716-944F-2759FC3C51DA}" = World Racing "{B1591C79-1C35-4E09-AA15-F7D6923AFB96}" = HP Deskjet 3840 "{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation "{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}" = FlatOut2 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CFE78643-3CDB-46EF-9677-795415937ABB}" = CorelDRAW ESSENTIALS "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game "{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding "{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU "{DF315348-721C-40B8-BAE2-58C6C7D935A2}" = Empire Earth II "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light "{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts "7-Zip" = 7-Zip 9.20 "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "All ATI Software" = ATI - Software Uninstall Utility "Apple Juice" = Apple Juice "ATI Display Driver" = ATI Display Driver "Avira AntiVir Desktop" = Avira Free Antivirus "CCleaner" = CCleaner "Crazy Cube" = Crazy Cube "Duplikator" = Duplikator "Fireball" = Fireball "Fox Jones" = Fox Jones - Version 1.00 "GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010 "gogo Fireman" = gogo Fireman "Handball Manager" = Handball Manager 2.0.1 "Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources "Hauppauge WinTV" = Hauppauge WinTV "Hauppauge WinTV Infrared Remote" = Hauppauge WinTV Infrared Remote "Hauppauge WinTV IR Blaster" = Hauppauge WinTV IR Blaster "Hauppauge WinTV Scheduler" = Hauppauge WinTV Scheduler "Hauppauge WinTV TV Services" = Hauppauge WinTV TV Services "Hauppauge WinTV2000" = Hauppauge WinTV2000 "Hauppauge WinTV-PVR 150 Drivers" = Hauppauge WinTV-PVR 150 Drivers "InstallShield_{578FA426-47C0-4A3F-98A4-01ACD26B7556}" = LEGO Star Wars II "InstallShield_{B151F020-1DEE-4716-944F-2759FC3C51DA}" = World Racing "Jungle Fun" = Jungle Fun "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU "Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de) "MS_Asteroids" = MS_Asteroids "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "nanoPEG-Editor 2.3 Hauppauge Edition_is1" = nanoPEG-Editor 2.3 Hauppauge Edition "NeroMultiInstaller!UninstallKey" = Nero Suite "Online Manuals for WinTV (English)" = Online Manuals for WinTV (English) "OpenAL" = OpenAL "Pencli Fun" = Pencli Fun "Virtual DJ Home Edition - Atomix Productions" = Virtual DJ Home Edition - Atomix Productions "VLC media player" = VLC media player 1.1.5 "VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German) "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XviD_is1" = XviD MPEG-4 Video Codec ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.10.2011 17:24:01 | Computer Name = J-A2C5850B7D6C4 | Source = Application Hang | ID = 1001 Description = Fehlerhafter Speicherbereich -1665931649. Error - 26.10.2011 13:42:17 | Computer Name = J-A2C5850B7D6C4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung acrord32.exe, Version 10.1.1.33, fehlgeschlagenes Modul acrord32.dll, Version 10.1.1.33, Fehleradresse 0x000218f8. Error - 08.11.2011 09:00:11 | Computer Name = J-A2C5850B7D6C4 | Source = SecurityCenter | ID = 1802 Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen. Error - 01.12.2011 11:08:16 | Computer Name = J-A2C5850B7D6C4 | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown Error - 03.12.2011 14:59:02 | Computer Name = J-A2C5850B7D6C4 | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0xd0617c] Bitte Avira informieren und die obige Datei übersenden! Error - 11.12.2011 17:08:10 | Computer Name = J-A2C5850B7D6C4 | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion IThread(ProtocolSrvConThread)::run() für die Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0xe13393] Bitte Avira informieren und die obige Datei übersenden! Error - 13.12.2011 15:28:12 | Computer Name = J-A2C5850B7D6C4 | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung acrord32.exe, Version 10.1.1.33, fehlgeschlagenes Modul acrord32.dll, Version 10.1.1.33, Fehleradresse 0x000218f8. Error - 14.12.2011 17:32:54 | Computer Name = J-A2C5850B7D6C4 | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0xd4614a] Bitte Avira informieren und die obige Datei übersenden! Error - 28.12.2011 05:08:31 | Computer Name = J-A2C5850B7D6C4 | Source = Avira Antivirus | ID = 4118 Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_InitEngine() für die Datei unknown. [ACCESS_VIOLATION Exception!! EIP = 0xd461bc] Bitte Avira informieren und die obige Datei übersenden! Error - 10.01.2012 18:04:47 | Computer Name = J-A2C5850B7D6C4 | Source = .NET Runtime Optimization Service | ID = 1103 Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown [ Cisco AnyConnect VPN Client Events ] Error - 15.01.2012 17:31:11 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 15.01.2012 17:31:11 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 361 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 15.01.2012 17:33:27 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 15.01.2012 17:33:27 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 15.01.2012 17:33:27 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 15.01.2012 17:33:27 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 361 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 15.01.2012 20:07:32 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CIPv4ChangeRouteHelper::FindBestRoute File: .\IPv4ChangeRouteHelper.cpp Line: 2423 Invoked Function: CIPv4RouteTable::FindMatchingRoute Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 15.01.2012 20:07:32 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CRouteMgr::UpdatePublicAddress File: .\RouteMgr.cpp Line: 2190 Invoked Function: CChangeRouteTable::FindBestRouteInterface Return Code: -33095647 (0xFE070021) Description: ROUTETABLE_ERROR_GETBESTROUTE_FAILED Error - 15.01.2012 20:07:32 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp Line: 7639 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE Error - 15.01.2012 20:07:32 | Computer Name = J-A2C5850B7D6C4 | Source = vpnagent | ID = 67108866 Description = Function: CMainThread::MainLoop File: .\MainThread.cpp Line: 361 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE [ System Events ] Error - 07.01.2012 14:02:47 | Computer Name = J-A2C5850B7D6C4 | Source = ati2mtag | ID = 49170 Description = MODE: GXO Execute BIOS Table Error Error - 07.01.2012 14:51:25 | Computer Name = J-A2C5850B7D6C4 | Source = ati2mtag | ID = 43034 Description = Unknown EDID version Error - 07.01.2012 14:51:31 | Computer Name = J-A2C5850B7D6C4 | Source = ati2mtag | ID = 43034 Description = Unknown EDID version Error - 07.01.2012 14:51:35 | Computer Name = J-A2C5850B7D6C4 | Source = ati2mtag | ID = 43034 Description = Unknown EDID version Error - 08.01.2012 04:57:20 | Computer Name = J-A2C5850B7D6C4 | Source = ati2mtag | ID = 43034 Description = Unknown EDID version Error - 15.01.2012 10:58:33 | Computer Name = J-A2C5850B7D6C4 | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 134.3.99.9 über die Netzwerkkarte mit der Netzwerkadresse 002511250A74 ist verloren gegangen. Error - 15.01.2012 13:49:57 | Computer Name = J-A2C5850B7D6C4 | Source = Dhcp | ID = 1000 Description = Die Lease dieses Computers zu der IP-Adresse 134.3.99.9 über die Netzwerkkarte mit der Netzwerkadresse 002511250A74 ist verloren gegangen. Error - 15.01.2012 20:07:39 | Computer Name = J-A2C5850B7D6C4 | Source = sr | ID = 1 Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung wurde angehalten. Error - 15.01.2012 20:08:03 | Computer Name = J-A2C5850B7D6C4 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: PCIIde Error - 15.01.2012 20:15:58 | Computer Name = J-A2C5850B7D6C4 | Source = DCOM | ID = 10010 Description = Der Server "{66B093B7-B5E3-4CFE-B32B-FEB55F172481}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.16.02 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Philipp :: J-A2C5850B7D6C4 [administrator] 16.01.2012 18:11:46 mbam-log-2012-01-16 (18-11-46).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 322173 Time elapsed: 56 minute(s), 40 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{C6D13E87-8775-11DE-B5D0-806D6172696F} (Backdoor.Agent) -> Data: C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Microsoft\dllhsts.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Code:
ATTFilter C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\16\5c5a2890-23d80e9c Java/Exploit.CVE-2011-3544.X trojan C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\25\4fbc9219-195ac5ec Win32/LockScreen.AIG trojan |
16.01.2012, 21:39 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows wird nach dem Booten blockiertZitat:
__________________ |
16.01.2012, 21:45 | #3 |
| Windows wird nach dem Booten blockiert Naja eine Bereinigung wäre vllt. nicht so stressig
__________________Was könnte ich da tun? |
16.01.2012, 21:46 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows wird nach dem Booten blockiertZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
16.01.2012, 21:51 | #5 |
| Windows wird nach dem Booten blockiert Mein Ziel ist es den Rechner komplett frei von diesen Dateien zu bekommen. Wie sollte ich jetzt vorgehen? |
16.01.2012, 21:58 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows wird nach dem Booten blockiert "komplett frei" hört sich an nach "100% sicher weg" Dann kannst du nur den Weg der Neuinstallation gehen Wenn du was anderes willst, musst du es nicht so beschreiben Eine Bereinigung kann erfolgreich sein, muss aber nicht, denn es gibt keine Möglichkeit die Nichtexistenz von Malware zu beweisen
__________________ --> Windows wird nach dem Booten blockiert |
16.01.2012, 22:07 | #7 |
| Windows wird nach dem Booten blockiert Ok, vielen Dank für die rasche Antwort! |
Themen zu Windows wird nach dem Booten blockiert |
0x00000001, 0xc0000001, 78.42.43.62, acedrv05.sys, antivir, askbar, avira, bho, blockiert, booten, branding, browser, down, error, failed, firefox, flash player, fontcache, format, google earth, home, homepage, iminent, iminent toolbar, infizierte dateien, ip-adresse, jungle, logfile, mozilla, object, plug-in, realtek, registry, rundll, security, software, stick, version=1.0, windows, windows xp, windows-sicherheitscenter |