50-€ Virus infiziert

ricu123 · 19.02.2012, 04:40

Hallo,
bin ebenfalls von dem Virus "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert". Ein schwarzer Bildschirm und ich muss 50€ zahlen um den Virus loszuwerden

Hab schonmal Malwarebytes und OTL wie HIER(http://www.trojaner-board.de/109693-...blockiert.html) durchgeführt: hier die Logs:

Malwarebytes:

Zitat:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.08

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Poppel :: ACER-A9CE03BBC6 [Administrator]

19.02.2012 04:04:42
mbam-log-2012-02-19 (04-04-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191845
Laufzeit: 6 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZUMIESEARCH_SERVICE (PUP.Zwangi) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Microsoft\torrent.exe (Trojan.VUPX.PL1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\0.06353048701918118.exe (Trojan.VUPX.PL1) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ORL.txt:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 19.02.2012 04:37:49 - Run 1
OTL by OldTimer - Version 3.2.33.0     Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free
2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.19 04:35:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\OTL.exe
PRC - [2011.08.25 15:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.30 20:06:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.09 17:42:06 | 000,342,016 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006.08.08 14:15:14 | 000,634,880 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2006.06.13 16:23:50 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006.06.07 20:18:12 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006.06.01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006.04.27 12:09:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2001.12.12 01:32:56 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.11 15:57:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22279648\mscorlib.dll
MOD - [2012.01.11 15:57:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_21750a87\system.drawing.dll
MOD - [2012.01.11 15:57:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cec5e857\system.xml.dll
MOD - [2012.01.11 15:57:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_278b595e\system.windows.forms.dll
MOD - [2012.01.11 15:57:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e1616a1\system.dll
MOD - [2012.01.11 15:57:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.11 15:57:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.28 12:57:54 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.08.25 14:58:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006.08.25 14:57:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006.08.25 14:57:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006.08.25 14:57:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006.08.25 14:57:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006.08.25 14:57:20 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.25 14:57:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2006.08.15 21:10:00 | 001,403,904 | ---- | M] () -- C:\WINDOWS\system32\UIVCL.dll
MOD - [2006.08.09 17:40:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\APISlice.dll
MOD - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2006.06.02 14:08:58 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2006.05.19 16:09:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006.04.27 12:10:38 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2006.04.27 12:10:38 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2006.04.27 12:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2006.04.27 12:10:38 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2006.03.30 00:05:20 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system\BisonCam.dll
MOD - [2006.03.16 12:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005.11.04 17:07:22 | 000,151,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2005.11.04 17:02:18 | 000,007,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2005.11.04 16:46:42 | 000,258,048 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll
MOD - [2005.11.04 16:35:44 | 000,090,112 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2005.11.04 16:31:46 | 000,708,608 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2005.11.04 16:31:16 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2005.11.04 16:28:56 | 000,008,704 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2005.11.04 15:43:18 | 000,327,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2005.11.04 15:42:12 | 000,393,216 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2005.11.04 15:23:16 | 000,421,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaEmail.esx
MOD - [2005.11.04 15:21:02 | 000,266,240 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2005.11.04 15:20:38 | 000,091,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2005.11.04 15:19:06 | 000,162,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2005.11.04 15:18:12 | 000,203,776 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2005.11.04 15:17:58 | 000,046,592 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2005.11.04 15:17:14 | 000,074,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2005.11.04 15:17:04 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2005.11.04 15:15:42 | 000,131,072 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2005.11.04 15:13:52 | 000,693,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2005.11.04 15:13:24 | 000,076,800 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2005.11.04 15:12:08 | 000,095,232 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2005.11.04 15:07:16 | 000,186,880 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2005.11.04 15:06:54 | 000,262,144 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2005.11.04 15:06:12 | 000,059,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2005.11.04 15:06:00 | 000,299,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2005.11.04 15:05:18 | 000,032,768 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
MOD - [2005.11.04 15:04:44 | 000,101,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2005.11.04 15:04:42 | 000,215,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.07.13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll
MOD - [2005.07.13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll
MOD - [2005.07.13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll
MOD - [2005.07.13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll
MOD - [2005.07.13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll
MOD - [2005.07.13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll
MOD - [2005.07.13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll
MOD - [2005.03.04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.03.30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.06.28 19:47:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:47:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.04 12:01:56 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.10.04 12:01:56 | 000,081,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.10.04 12:01:56 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.07.24 02:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.06.25 22:19:54 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.06.08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006.06.06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2006.06.02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006.06.02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006.06.02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006.05.17 18:32:38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.05.10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.07 05:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.03.04 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.04 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.06.16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005.03.31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005.03.31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005.03.31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005.03.31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005.03.31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
 
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Poppel\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C6B3C2-A7C9-4320-BE0A-DD7D6D0200AA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - StartUpReg: 557839895 - hkey= - key= -  File not found
MsConfig - StartUpReg: BisonBar - hkey= - key= - C:\WINDOWS\BUtilityBar\BisonBar.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: portwexexe.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: {D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.16 18:13:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Poppel\Recent
[2012.02.15 18:30:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\didi
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner
[2012.02.05 18:30:38 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.01.31 16:48:58 | 002,548,777 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:30:38 | 004,179,293 | ---- | C] (Lavalys, Inc.                                               ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.29 17:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\BilderLernwerkstatt Mathe
[2012.01.20 13:28:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Meine empfangenen Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.19 04:24:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.19 04:20:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.19 04:19:56 | 010,082,304 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb
[2012.02.19 04:19:52 | 007,117,824 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb
[2012.02.19 04:18:10 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012.02.19 04:18:08 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.02.19 04:17:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job
[2012.02.19 04:17:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.19 04:17:16 | 1542,107,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.19 04:03:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.19 04:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.02.16 18:51:32 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.16 18:50:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:13:02 | 001,281,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:03:44 | 000,009,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.15 22:48:16 | 000,000,153 | -H-- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 22:46:42 | 000,012,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.15 19:31:34 | 000,013,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.15 16:35:26 | 000,011,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.14 18:22:02 | 000,013,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:42 | 006,381,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:14 | 000,227,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:32:44 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.02.05 18:04:54 | 000,825,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:36 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:12 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:52 | 001,255,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:34 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:26 | 000,038,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:28:14 | 000,012,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 00:58:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012.01.31 16:49:18 | 002,548,777 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:31:00 | 004,179,293 | ---- | M] (Lavalys, Inc.                                               ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.24 18:24:16 | 000,010,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:30 | 000,010,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
 
========== Files Created - No Company Name ==========
 
[2012.02.19 04:37:46 | 000,013,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.19 04:37:46 | 000,011,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.19 04:37:46 | 000,009,289 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.19 04:03:14 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.19 04:02:09 | 000,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:09 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012.02.16 18:50:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:11:38 | 001,281,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:09:40 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.16 18:09:40 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 22:48:15 | 000,000,153 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 17:05:59 | 000,013,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:31 | 006,381,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:11 | 000,227,980 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:04:53 | 000,825,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:34 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:10 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:57 | 001,255,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:33 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:24 | 000,038,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:01:51 | 000,012,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 01:01:54 | 000,012,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.02 00:58:00 | 000,000,268 | -H-- | C] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:00 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012.01.24 18:07:39 | 000,010,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:28 | 000,010,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
[2011.07.11 23:11:09 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\winscp.rnd
[2011.03.11 06:36:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007.11.03 11:38:50 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.15 05:34:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2006.08.29 11:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006.12.15 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2009.05.17 07:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate
[2009.11.13 19:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.03.09 17:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera
[2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker
[2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer
[2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
[2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator
[2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate
[2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys
[2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
[2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org
[2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software
[2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks
[2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient
[2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job
[2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2004.09.13 12:09:24 | 000,000,000 | ---D | M] -- C:\I386
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOCS
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2004.09.13 12:13:22 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2004.09.13 12:13:26 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2004.09.13 12:14:16 | 000,000,000 | ---D | M] -- C:\ELEMENTS
[2004.09.13 12:20:38 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2004.09.13 12:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2004.09.13 12:32:24 | 000,000,000 | ---D | M] -- C:\Programme
[2006.08.25 14:21:04 | 000,000,000 | ---D | M] -- C:\BOOK
[2006.08.25 14:21:18 | 000,000,000 | ---D | M] -- C:\Sysinfo
[2006.08.29 10:59:16 | 000,000,000 | -HSD | M] -- C:\system volume information
[2006.08.29 11:21:18 | 000,000,000 | ---D | M] -- C:\My Music
[2006.12.15 05:37:44 | 000,000,000 | ---D | M] -- C:\Program Files
[2006.12.15 05:38:56 | 000,000,000 | ---D | M] -- C:\Acer
[2006.12.15 19:03:42 | 000,000,000 | -HSD | M] -- C:\Recycled
[2006.12.26 19:11:44 | 000,000,000 | ---D | M] -- C:\KPCMS
[2006.12.29 00:43:56 | 000,000,000 | ---D | M] -- C:\musik
[2008.01.15 17:55:36 | 000,000,000 | ---D | M] -- C:\Games
[2006.12.29 00:38:44 | 000,000,000 | R--D | M] -- C:\Eigene Musik
[2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\scripts
[2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\logs
[2008.11.02 20:56:28 | 000,000,000 | ---D | M] -- C:\Belkin
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2005.04.07 19:47:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=64322E8399B205B7281FF883737A9B03 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE
[2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-16 15:56:59

< End of report >

--- --- ---

[/QUOTE]

und die Extras.Txt:

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 19.02.2012 04:37:49 - Run 1
OTL by OldTimer - Version 3.2.33.0     Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free
2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\ART\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6945:TCP" = 6945:TCP:*:Enabled:League of Legends Launcher
"6945:UDP" = 6945:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6994:TCP" = 6994:TCP:*:Enabled:League of Legends Launcher
"6994:UDP" = 6994:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\Programme\EA GAMES\MOHAA\MOHAA.exe" = C:\Programme\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)
"C:\WINDOWS\System32\java.exe" = C:\WINDOWS\System32\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player Beta
"C:\Programme\AVG\AVG9\avgemc.exe" = C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe" = C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"\" = C:\WINDOWS\system\dwm.exe:*:Enabled:KL
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe:*:Enabled:xp2p
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe:*:Enabled:xp2p
"D:\Programme\EA GAMES\Battlefield 2\BF2.exe" = D:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
"D:\Programme\Wolfenstein - Enemy Territory\ET.exe" = D:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe:*:Enabled:BF2
"C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE" = C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires
"C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe:*:Enabled:NETDIS-WSDEVNTS-In-TCP-Java
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe:*:Disabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT -- ()
"C:\Programme\Wolfenstein - Enemy Territory\ET.exe" = C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK -- ()
"D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Riot Games\League of Legends\lol.launcher.exe" = D:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FC2DFF2-D86A-4775-8940-4081D60B4E1C}" = Philips Firmware Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe  1.4.97.1
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA396ABC-98AF-4F4A-B0F8-EB160DFF344B}" = Acer OrbiCam Utility Bar
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cb8abcef-9183-4de7-9b90-3443479441f2}_is1" = SampleDecks 1.9.0
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BBZ" = BBZ 4.12 30.10.2010
"BeobachtungZeugnis_is1" = BeobachtungZeugnis
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"hp deskjet 930c series_Driver" = hp deskjet 930c series
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3081
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.61.1250" = Opera 11.61
"PhotoFiltre" = PhotoFiltre
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 6.0" = RealPlayer Basic
"Success 1.0" = Success 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueImage" = Acronis*TrueImage
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"xp-AntiSpy" = xp-AntiSpy 3.96-2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2012 14:23:44 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3938
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7891
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7891
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11813
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11813
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29725031
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29725031
 
[ System Events ]
Error - 09.02.2012 13:13:25 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 09.02.2012 13:14:22 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 15.02.2012 11:10:54 | Computer Name = ACER-A9CE03BBC6 | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker hp deskjet 
930c series, Freigabename Drucker4.
 
Error - 16.02.2012 12:53:28 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.29 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 16.02.2012 21:22:04 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 18.02.2012 11:35:09 | Computer Name = ACER-A9CE03BBC6 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "USER-B13783889A",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B1C6B3C2-A7C-Transport zu sein
 scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 18.02.2012 14:23:35 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 18.02.2012 22:58:31 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 18.02.2012 23:17:35 | Computer Name = ACER-A9CE03BBC6 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 18.02.2012 23:19:54 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   abp480n5  adpu160m  agp440  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint  asc  asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
 
< End of report >

--- --- ---

[/QUOTE]

Vielen Dank!

50-€ Virus infiziert

Plagegeister aller Art und deren Bekämpfung: 50-€ Virus infiziert

50-€ Virus infiziert

Ähnliche Themen: 50-€ Virus infiziert