Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verschlüsselungs-Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.05.2012, 11:44   #1
nooqxy
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Hallo

Bei uns im Büro wurde das E-Mail geöffnet. Ich habe nun wie beschrieben den Scan gemacht (Ich hoffe, ich habe alles richtig gemacht).

Den hänge ich hier mal an. (Leider ist das text-file zu gross, deshalb quote ich das).

Code:
ATTFilter
OTL l䁯gfile created䀠on: µ/24/2012 11:´8:43 AM - Run(
聏TLPE by OldT⁩mer - Version 3.1Ȯ48.0     Folder = X:\Progrcms\OTLPE
MicrosoɦtࠠWindows XP Service†Qack 3 (Vࡥrsion = =.耱.2600) -†Type = SYSTEM
Internet Explorer (Version = 8.0.࠷001.1࠸702)
Locale: 00000807 | Country: Schw⁥iz | Lanouage: DES | Da⁴e Format: dd.M၍.yyyy
 
1,023.00 Mb Total Physican Memory | 785.00 Mb Available Physical䀠Meíory |(77.00% Memory fråe
90з.000ɍb Pagi䁮g File |0耸45.00 Mb AvailableĠѩn PagingဠFile ż 䀹3.0‰% Őagi聯g Fkle"free
PagiŮg file location(s): C:Üpagefie.sys 3536 3072 [biary data]
 
%SystemDrive5Р= C: | %SystemRoot% = C:\聗INDOWS | %PѲoɧramFileų% 䀽 Ń:ɜProgramme
Dréve C: |ࠠ39.0ķ Gb耠Ttam Spáce | 4.57 ⁇b FѲge spac䁥 | 11.70% Spacࡥ†Freg | Partition Ŕype: NTFS
Drive F: | 147.18 Gၢ Total Space | ±40.09†Gr Frѥå Spqce | 95Ȯ1<% space Free | Partition Ty䁰e: FÁT3䀲
ࠊDrive X: |†4耳6.59 Mb 联o|al Space | 0.00耠Mb Free Space | 0.00䀥 Space䀠Free | Partityon Tѹpe: CDFS
 
Computu⁲ Name: ⁒ࡅATOGO | User Ɏaom:ဠSYSTхMč
Bo聯t Oode䀺`N࡯rmal!| Scan Můde: Alm us䁥rs
ŠCompa} Name Whitelist:ꀠŏff | Skkp MigroၳoftဠFiles: Off | No Comtany Namg!WhiteၬisŴ: On | File Age = 3İ Days
Using ControlSet: ControlSet001
 
[color=#E=6717]========‽= Win32 Servѩces (Safe၌ist) ==========[/color]
 
SRVဠ- ⁛2012/05/11 p2:4䀹:35 } 002,257,6=6 | --н- | M] (A⁤obm Systems I䁮corporated) [On_DeၭanŤÝ -- C:\WINDOWS\system32\Masromed\Flash\FlaၳhPlayerUpdateService.exe -- (AdobeFlashPnayѵrUpdateS~c)
S⁒V†- [²016/05/10 0ƴ:17:05 聼 000,793Ĭ520 | ---- |0M] () [Auto] -- C:\Programme\NormanɜNvc\bin\Ůhs.exe --䀤(NHS耩
Sၒ⁖ - [2䀰12/05/19 11:42်57 | 䀱00,129,976 | ---- | M] (Mozilla Foundation) [OnßDemၡnd] -- C:\Programme\Mozilla Maintenance Smzvice\maintenenceserࡶ䁩ce.ࡥxe -- (MozillaMainteŮanѣɥ)
ÓRV -`[201Ȳ/05/03 07к16:0耰 | 000,286,760 | ---- |ĠM] )Normࡡn ASA)࠰[On_Demand] -- C:\Programme\Normѡn⁜Nvc\Binќn䁶聫oas.exe -- (࡮vcoasi
SRV - [2012į03/19 07:38:47 | ࠰0䠲,666,880 |䀠---- | M] (Teamviuwer GmbɈ) [Auto] -- C:\Programme\єeamViewer\Version7\TeamViewer_Service.exe ȭ- (TeamViewer7)
SRV - _2012/02/䀲6 18:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012/02/13 11:01:55 | 000,431,320 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA)
SRV - [2012/02/03 05:13:36 | 000,116,056 | ---- | M] () [On_Demand] -- C:\Programme\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves)
SRV - [2011/11/14 05:27:02 | 000,231,216 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\Ngs\Bin\Nnf.exe -- (NNFSVC)
SRV - [2011/10/24 05:59:21 | 000,076,232 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6)
SRV - [2011/10/19 07:07:18 | 000,100,936 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\npm\bin\nvoy.exe -- (NVOY)
SRV - [2011/09/30 09:32:08 | 000,090,144 | ---- | M] (Norman ASA) [Auto] -- C:\Programme\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC)
SRV - [2011/04/11 05:38:22 | 000,099,312 | ---- | M] (Norman ASA) [On_Demand] -- C:\Programme\Norman\Npm\Bin\scheduler.exe -- (Scheduler)
SRV - [2011/03/08 10:36:20 | 000,288,072 | ---- | M] (Norman ASA) [On_Demand] -- C:\Programme\Norman\Nse\Bin\NSESVC.EXE -- (nsesvc)
SRV - [2010/06/14 09:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/29 09:30:20 | 000,435,016 | ---- | M] (TuneUp Software) [On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010/02/25 12:40:18 | 001,047,880 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010/02/25 12:37:08 | 000,030,024 | ---- | M] (TuneUp Software) [Auto] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/17 06:24:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/29 11:54:44 | 000,102,400 | ---- | M] (PacketVideo) [Auto] -- C:\Programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -- (TwonkyMedia)
SRV - [2008/03/05 03:51:43 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005/11/13 19:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 10:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 06:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (upperdev)
DRV - File not found [Kernel | On_Demand] --  -- (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/02/15 06:15:43 | 000,047,040 | ---- | M] (Norman ASA) [File_System | Boot] -- C:\WINDOWS\system32\drivers\nvcw32mf.sys -- (NvcMFlt)
DRV - [2011/12/16 11:53:01 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2011/11/11 10:52:31 | 000,061,496 | ---- | M] (Norman ASA) [Kernel | Auto] -- C:\Programme\Norman\Ngs\Bin\nregsec.sys -- (nregsec)
DRV - [2011/11/11 10:48:19 | 000,091,136 | ---- | M] (Norman ASA) [Kernel | System] -- C:\Programme\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC)
DRV - [2011/07/12 07:36:43 | 000,026,744 | ---- | M] (Norman ASA) [Kernel | System] -- C:\Programme\Norman\Ngs\Bin\ngs.sys -- (NGS)
DRV - [2010/12/22 03:37:35 | 000,072,488 | ---- | M] (AVG) [File_System | System] -- C:\WINDOWS\system32\drivers\qtsmon.sys -- (qtsmon)
DRV - [2010/12/09 05:48:03 | 000,022,880 | ---- | M] (Norman ASA) [Kernel | Auto] -- C:\Programme\Norman\Nse\Bin\ndiskio.sys -- (Ndiskio)
DRV - [2010/02/25 04:18:08 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/08 14:28:40 | 000,026,760 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/05/20 10:25:24 | 000,143,360 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swumx80.sys -- (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80)
DRV - [2008/05/20 10:24:30 | 000,167,040 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swnc8u80.sys -- (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80)
DRV - [2007/03/26 08:18:00 | 000,020,352 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\swivspnt.sys -- (swivsp)
DRV - [2005/12/05 11:26:28 | 000,011,841 | R--- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hcw88rc5.sys -- (hcw88rc5)
DRV - [2005/09/23 06:56:28 | 003,966,976 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/12/06 12:55:20 | 000,126,720 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator.ATW_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Philipp_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx?ocid=iehp
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 AD 31 AA 74 47 CC 01  [binary data]
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/10/05 04:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/11 06:20:24 | 000,000,000 | ---D | M]
 
[2012/01/16 04:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/05/09 11:02:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/02/14 05:56:40 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/11 05:57:25 | 000,002,319 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012/02/14 05:56:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/02/14 05:56:40 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/14 05:56:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/14 05:56:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/14 05:56:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/01/11 04:24:13 | 000,001,390 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       activate.adobe.com
O1 - Hosts: 127.0.0.1       practivate.adobe.com
O1 - Hosts: 127.0.0.1       ereg.adobe.com
O1 - Hosts: 127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1       wip3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-3.adobe.com
O1 - Hosts: 127.0.0.1       3dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1       wwis-dubc1-vip60.adobe.com
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Philipp_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Philipp_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\VeraMaria.PC-VERAMARIA_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\VeraMaria.PC-VERAMARIA_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\VeraMaria_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\VeraMaria_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\VeraMaria_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TRUUpdater] C:\Programme\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\Administrator_ON_C..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\VeraMaria.PC-VERAMARIA_ON_C..\Run: [30E9B698] C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Lxfunnkarfc\D2714E4430E9B698EF66.exe ()
O4 - HKU\VeraMaria.PC-VERAMARIA_ON_C..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe (Nokia)
O4 - HKU\VeraMaria.PC-VERAMARIA_ON_C..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\VeraMaria_ON_C..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\VeraMaria\Startmenü\Programme\Autostart\Adobe Gamma.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.ATW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kilian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Philipp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\VeraMaria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\userinit.exe: Debugger - C:\WINDOWS\system32\packd.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/13 12:36:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433)
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8BC0DE40-9FFC-0D8C-412D-D17BE519FE58} - Browseranpassungen
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A2F07D19-C03F-7256-E4CE-DA3490ECEAFC} - Browser Customizations
ActiveX: {AC1B742B-F22F-4C34-D9FB-E02C2D3E27D2} - Microsoft Windows Media Player 6.4
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {D409E77B-05AD-A468-9124-B2F0A47FEF93} - Microsoft Windows Media Player 6.4
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/24 03:08:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Lxfunnkarfc
[2012/05/24 03:07:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/05/11 06:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012/05/11 06:20:00 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012/05/11 06:09:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/05/11 06:09:07 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012/05/11 06:09:04 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2012/05/11 06:05:29 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2012/05/11 03:43:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2012/05/11 03:43:30 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\WINDOWS\System32\drivers\teamviewervpn.sys
[2012/05/11 03:43:29 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2012/05/11 03:42:18 | 003,560,712 | ---- | C] (TeamViewer GmbH) -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\TeamViewer_Setup_de.exe
[2012/05/09 11:03:03 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012/05/09 11:03:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/24 04:24:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/05/24 04:23:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8A85BDAB-7CF0-44D2-8D77-EE6FD70C738D}.job
[2012/05/24 04:18:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cb0d1da972de22.job
[2012/05/24 03:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/24 03:27:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/24 03:26:09 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2012/05/24 03:25:56 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/24 03:25:37 | 000,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/24 03:25:29 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0d1da8cbf986.job
[2012/05/24 03:25:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/24 03:17:05 | 2929,607,680 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\VeraMaria.pst
[2012/05/24 03:08:20 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\3AA1658430E9B698EF87.exe
[2012/05/21 10:58:07 | 000,009,728 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/21 05:49:41 | 000,135,864 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\AnmeldungMietintressenten.jpg
[2012/05/13 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PC-VERAMARIA-VeraMaria.job
[2012/05/12 06:29:08 | 003,614,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 06:06:10 | 000,462,404 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/12 06:06:10 | 000,444,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 06:06:10 | 000,085,764 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/12 06:06:10 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/12 06:03:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/11 09:34:32 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/11 06:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012/05/11 06:09:57 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012/05/11 06:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/05/11 06:00:29 | 000,064,000 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/11 03:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2012/05/11 03:43:43 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012/05/11 03:42:25 | 003,560,712 | ---- | M] (TeamViewer GmbH) -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\TeamViewer_Setup_de.exe
[2012/05/11 02:49:34 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/11 02:49:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/10 04:55:14 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Briefvorlage B&S Immobilien.dot
[2012/05/09 04:00:49 | 000,001,136 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Verknüpfung mit Gebäudeversicherung.pdf.lnk
[2012/05/08 04:21:49 | 000,067,869 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Unbenannt.JPG
[2012/05/02 04:22:42 | 000,050,260 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Berechnung.JPG
[2012/04/26 12:38:10 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh325
[2012/04/26 12:37:48 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh324
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/24 03:27:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/24 03:09:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/24 03:09:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/24 03:09:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/24 03:09:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/24 03:09:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/24 03:09:02 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/24 03:08:20 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\3AA1658430E9B698EF87.exe
[2012/05/21 05:49:40 | 000,135,864 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\AnmeldungMietintressenten.jpg
[2012/05/11 06:09:57 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012/05/11 03:43:43 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012/05/09 04:44:32 | 000,045,568 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Briefvorlage B&S Immobilien.dot
[2012/05/09 04:00:49 | 000,001,136 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Verknüpfung mit Gebäudeversicherung.pdf.lnk
[2012/05/02 04:22:42 | 000,050,260 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Berechnung.JPG
[2012/02/16 05:49:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/08 03:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/22 03:37:24 | 000,000,105 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/12/06 07:53:03 | 000,064,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/10 06:25:43 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2010/07/20 05:54:43 | 000,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/06/18 05:30:24 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 08:27:09 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\$_hpcst$.hpc
[2010/05/12 08:15:57 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\kilian\Anwendungsdaten\$_hpcst$.hpc
[2009/04/03 04:05:35 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/11/05 04:43:55 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\$_hpcst$.hpc
[2008/02/08 15:53:40 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/11/03 04:24:52 | 000,068,608 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/27 02:43:39 | 000,001,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006/10/18 06:20:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/09/19 02:01:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/08/19 06:19:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/07/24 10:40:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/13 03:20:46 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/07/13 03:16:20 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/07/13 02:33:45 | 000,102,032 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2006/07/13 02:33:45 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/07/10 06:07:01 | 000,104,152 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/07/10 06:07:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/07/10 05:44:21 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/07/10 05:44:21 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/07/10 05:44:21 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/07/10 05:44:21 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/07/10 05:44:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/10 05:44:17 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/07/10 05:36:10 | 000,374,784 | ---- | C] () -- C:\WINDOWS\System32\3dg32.dll
[2006/07/10 05:36:10 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini
[2006/07/10 03:13:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/07 11:12:41 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/03/13 13:49:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/13 13:24:57 | 000,030,327 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006/03/13 13:24:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006/03/13 13:24:01 | 000,001,836 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2006/03/13 12:56:49 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2006/03/13 12:45:28 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/13 12:45:28 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/13 12:38:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/13 12:33:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/13 12:25:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/13 12:23:53 | 003,614,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/09 22:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/09 22:06:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/12/09 22:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/09 22:06:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/12/09 22:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/09 22:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/09 22:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/09 22:06:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/12/09 22:06:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/09 22:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/09 22:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,462,404 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,444,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,197,121 | ---- | C] () -- C:\WINDOWS\System32\packd.exe
[2004/08/04 08:00:00 | 000,085,764 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,072,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1601/02/13 04:28:18 | 000,620,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\nNOdVsTAyugGtT
[1601/02/13 04:28:18 | 000,479,232 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Lokale Einstellungen\Anwendungsdaten\pjEurGUasLAgQs
[1601/02/13 04:28:18 | 000,038,467 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\yLguVxTsLjuNGUsXLOuf
[1601/02/13 04:28:18 | 000,036,864 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\QdxsTjnQgxfsojrQdxsT
[1601/02/13 04:28:18 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\JjETetvgoysXGdN
[1601/02/13 04:28:18 | 000,004,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLqQOxVsaqoQUGXsLq
[1601/02/13 04:28:18 | 000,002,066 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\qElptQgEApeUGruyo
[1601/02/13 04:28:18 | 000,000,899 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\uyGgpxosrLdQlAauqGgp
 
========== LOP Check ==========
 
[2010/05/12 08:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kilian\Anwendungsdaten\PC Suite
[2010/05/12 08:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kilian\Anwendungsdaten\Sierra Wireless
[2008/02/08 15:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Teleca
[2011/07/20 06:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Babylon
[2011/11/11 09:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\BabylonToolbar
[2010/10/06 03:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/16 02:38:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\CoSoSys
[2011/07/20 06:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Efficient Diary
[2010/11/05 11:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\gtk-2.0
[2012/05/24 03:08:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Lxfunnkarfc
[2011/10/26 09:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Nokia
[2010/05/12 09:32:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\PC Suite
[2010/05/12 08:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Sierra Wireless
[2012/05/11 03:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\TeamViewer
[2010/05/12 08:32:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\TuneUp Software
[2011/11/30 17:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\WW
[2010/02/24 10:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\EasyTax
[2006/09/29 05:46:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Leadertech
[2009/09/23 06:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Nokia
[2010/05/10 04:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Opera
[2009/09/23 06:28:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\PC Suite
[2008/11/05 04:46:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Retriever
[2009/04/03 04:05:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Sierra Wireless
[2008/11/10 03:25:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Teleca
[2010/03/29 09:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\TuneUp Software
[2008/04/03 07:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Uniblue
[2010/12/22 03:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVGQTS
[2011/07/20 06:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2008/05/29 10:29:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2008/05/29 10:28:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2010/05/12 09:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010/02/24 08:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010/11/26 10:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2009/09/23 05:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic
[2008/12/18 09:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010/10/05 05:18:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2008/11/10 03:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2007/06/25 06:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010/03/29 09:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/11/29 11:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/24 03:21:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/05/24 04:23:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8A85BDAB-7CF0-44D2-8D77-EE6FD70C738D}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009/10/27 12:13:09 | 000,000,000 | ---D | M] -- C:\Adobe
[2008/10/15 02:53:55 | 000,000,000 | ---D | M] -- C:\Anwendungsdaten
[2012/05/22 10:49:38 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2012/05/24 03:20:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011/10/17 03:51:16 | 000,000,000 | ---D | M] -- C:\Eigene Bilder
[2008/11/05 07:41:07 | 000,000,000 | ---D | M] -- C:\MITs Backup Data
[2006/07/10 03:10:55 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2006/03/13 13:24:40 | 000,000,000 | ---D | M] -- C:\MyVideos
[2006/07/10 05:45:02 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/05/11 06:20:00 | 000,000,000 | R--D | M] -- C:\Programme
[2010/05/12 08:27:50 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/05/24 03:25:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2006/07/10 06:06:51 | 000,000,000 | ---D | M] -- C:\temp
[2012/05/24 03:07:54 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/16 02:53:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/16 02:53:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 08:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/16 02:53:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/16 02:53:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/04 08:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2005/04/07 14:47:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=64322E8399B205B7281FF883737A9B03 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/04 08:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/04 08:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/04 08:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 08:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/03/13 13:22:47 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006/03/13 13:22:47 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006/03/13 13:22:47 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
         
So wie ich das verstanden habe, erhalte ich dann, sofern möglich, eine fix.txt ?

Sollten noch Informationen fehlen oder weitere Aktionen fällig sein, teilt mir dies bitte mit.

Ich danke im voraus!

Alt 24.05.2012, 21:19   #2
markusg
/// Malware-holic
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



hi,
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
ATTFilter
:OTL
O4 - HKU\VeraMaria.PC-VERAMARIA_ON_C..\Run: [30E9B698] C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Lxfunnkarfc\D2714E4430E9B698EF66.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
:Files
C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Lxfunnkarfc
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]
         


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.
__________________

__________________

Alt 25.05.2012, 09:55   #3
nooqxy
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Bis auf den letzten Punkt hat alles geklappt wie von dir beschrieben... Nur die OTL.txt hat sich nicht geöffnet. Die OTL.txt auf c:/ ist noch die alte von gestern.

Dafür habe ich folgende Meldung, die evtl. etwas mit dieser Angelegenheit zu tun hat?



Kann ich den Rechner nun wieder ans Netzwerk anschliessen ohne Gefahr zu laufen, das Ding auf den Server sowie andere Stations zu übertragen oder muss ich erst noch weitere Aktionen tätigen?

Vielen Dank für deine Hilfe!
__________________
Miniaturansicht angehängter Grafiken
-meldung.jpg  

Alt 25.05.2012, 11:34   #4
markusg
/// Malware-holic
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



hi,
hänge den rechner ans netzwerk.
dann, kommst du an die infektionsquelle, warscheinlich ne mail.
an solchen mails mit rechnung, mahnung und sonstigen anhängen, von unbekannten absendern bin ich interessiert.
wenn du ein mail programm nutzt, dann mail markieren, rechtsklick, speichern unter, typ:
.eml einstellen.
dann bitte lesen:
makrusg - trojaner-board.de
und mir die soeben erstellte datei zukommen lassen.
wenn du deine mails über den browser abrufst, sag mir mal welchen anbieter du nutzt, dann geht das ein bisschen anders.
bitte warne freunde, bekannte, verwante etc vor dieser masche, und lasse ihnen ruhig diese mail adresse zukommen.
sie können dann dorthin solche verdächtigen mails senden.
diese helfen uns dann, angemessen auf neue bedrohungen zu reagieren, da diese schadsoftware auch updates erhält ist das wichtig.

2.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 25.05.2012, 15:02   #5
nooqxy
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Hallo Markus

In erster Linie muss ich dir einfach mal danken. Ich finde es absolute Weltklasse wie du dich hier unentgeltlich um die Probleme von den ganzen Leuten kümmerst. Erfahrungsgemäss wirst du wohl viel zu wenig Lob und Danke kriegen. Deshalb und !

Die E-Mail habe ich wie von dir beschrieben gepackt und versendet. Ich hoffe, es hilft weiter.

Combofix lief ohne weitere Probleme durch und spuckte folgenden Log aus:

Code:
ATTFilter
ComboFix 12-05-25.02 - VeraMaria 25.05.2012  17:16:49.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.41.1031.18.1023.490 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\VeraMaria.PC-VERAMARIA\Desktop\ComboFix.exe
AV: Norman Security Suite *Disabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Administrator\WINDOWS
c:\dokumente und einstellungen\All Users\Anwendungsdaten\TEMP
c:\dokumente und einstellungen\VeraMaria.PC-VERAMARIA\Recent\Thumbs.db
c:\dokumente und einstellungen\VeraMaria\WINDOWS
c:\windows\IsUn0407.exe
c:\windows\system32\3AA1658430E9B698EF87.exe
c:\windows\system32\winsh320
c:\windows\system32\winsh321
c:\windows\system32\winsh322
c:\windows\system32\winsh323
c:\windows\system32\winsh324
c:\windows\system32\winsh325
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-25 bis 2012-05-25  ))))))))))))))))))))))))))))))
.
.
2012-05-25 16:28 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2012-05-25 16:25 . 2012-05-25 16:25	--------	d-----w-	C:\_OTL
2012-05-24 07:26 . 2008-04-14 02:22	26624	----a-w-	c:\dokumente und einstellungen\LocalService\Anwendungsdaten\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2012-05-24 07:07 . 2012-05-24 07:07	--------	d--h--w-	c:\windows\PIF
2012-05-11 10:20 . 2012-05-11 10:20	159744	----a-w-	c:\programme\Internet Explorer\PLUGINS\npqtplugin7.dll
2012-05-11 10:20 . 2012-05-11 10:20	159744	----a-w-	c:\programme\Internet Explorer\PLUGINS\npqtplugin6.dll
2012-05-11 10:20 . 2012-05-11 10:20	159744	----a-w-	c:\programme\Internet Explorer\PLUGINS\npqtplugin5.dll
2012-05-11 10:20 . 2012-05-11 10:20	159744	----a-w-	c:\programme\Internet Explorer\PLUGINS\npqtplugin4.dll
2012-05-11 10:20 . 2012-05-11 10:20	159744	----a-w-	c:\programme\Internet Explorer\PLUGINS\npqtplugin3.dll
2012-05-11 10:20 . 2012-05-11 10:20	159744	----a-w-	c:\programme\Internet Explorer\PLUGINS\npqtplugin2.dll
2012-05-11 10:20 . 2012-05-11 10:20	159744	----a-w-	c:\programme\Internet Explorer\PLUGINS\npqtplugin.dll
2012-05-11 10:20 . 2012-05-11 10:20	--------	d-----w-	c:\programme\QuickTime
2012-05-11 10:09 . 2012-05-11 10:09	--------	d-----w-	c:\programme\iPod
2012-05-11 10:09 . 2012-05-11 10:09	--------	d-----w-	c:\programme\iTunes
2012-05-11 10:05 . 2012-05-11 10:05	--------	d-----w-	c:\programme\Bonjour
2012-05-11 07:43 . 2011-12-16 15:53	25088	----a-w-	c:\windows\system32\drivers\teamviewervpn.sys
2012-05-11 07:43 . 2012-05-11 07:43	--------	d-----w-	c:\programme\TeamViewer
2012-05-09 15:03 . 2012-05-09 15:03	--------	d-----w-	c:\programme\Mozilla Maintenance Service
2012-05-09 15:02 . 2012-05-09 15:02	157352	----a-w-	c:\programme\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-09 15:02 . 2012-05-09 15:02	129976	----a-w-	c:\programme\Mozilla Firefox\maintenanceservice.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-11 06:49 . 2012-04-05 06:18	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-11 06:49 . 2011-05-18 06:47	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-11 13:51 . 2004-08-04 00:50	2029056	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:51 . 2004-08-04 12:00	2150912	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-04-11 13:51 . 2004-08-04 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-03-01 11:00 . 2004-08-04 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2012-03-01 11:00 . 2004-08-04 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-01 11:00 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2012-02-29 14:09 . 2004-08-04 12:00	177664	----a-w-	c:\windows\system32\wintrust.dll
2012-02-29 14:09 . 2004-08-04 12:00	148480	----a-w-	c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 12:00	385024	----a-w-	c:\windows\system32\html.iec
2012-05-09 15:02 . 2011-08-08 07:17	97208	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-04 68856]
"PC Suite Tray"="c:\programme\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"Nokia.PCSync"="c:\programme\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664]
"H/PC Connection Agent"="c:\programme\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer" [X]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14854144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"nwiz"="nwiz.exe" [2005-12-10 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\programme\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"Microsoft Works Update Detection"="c:\programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-24 28672]
"Acrobat Assistant 7.0"="c:\programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"HP Software Update"="c:\programme\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 49152]
"HP Component Manager"="c:\programme\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"Adobe Photo Downloader"="c:\programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 144384]
"TRUUpdater"="c:\programme\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" [2008-06-12 525592]
"WatcherHelper"="c:\programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe" [2008-07-25 124184]
"Norman ZANDA"="c:\programme\Norman\Npm\Bin\ZLH.EXE" [2012-02-14 348560]
"AdobeCS4ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AdobeAAMUpdater-1.0"="c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\dokumente und einstellungen\VeraMaria\Startmenü\Programme\Autostart\
Adobe Gamma.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-10 110592]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
Adobe Acrobat - Schnellstart.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2006-7-11 25214]
Adobe Gamma Loader.lnk - c:\programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [2006-7-10 110592]
HP Digital Imaging Monitor.lnk - c:\programme\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\userinit.exe]
"Debugger"=c:\windows\system32\packd.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Programme\\Sierra Wireless Inc\\3G Watcher\\SwiApiMux.exe"=
"c:\\Programme\\Sierra Wireless Inc\\3G Watcher\\TRUUpdater.exe"= c:\\Programme\\Sierra Wireless Inc\\WebUpdater\\TRUUpdater.exe
"c:\\Programme\\Sierra Wireless Inc\\WebUpdater\\SwiApiMux.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\programme\Microsoft ActiveSync\rapimgr.exe"= c:\programme\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\programme\Microsoft ActiveSync\wcescomm.exe"= c:\programme\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\programme\Microsoft ActiveSync\WCESMgr.exe"= c:\programme\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Programme\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Programme\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Programme\\Gemeinsame Dateien\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [31.08.2009 14:15 47040]
R1 NGS;Norman General Security Driver;c:\programme\Norman\Ngs\Bin\ngs.sys [20.08.2010 08:52 26744]
R1 qtsmon;qtsmon;c:\windows\system32\drivers\qtsmon.sys [22.12.2010 09:37 72488]
R2 Ndiskio;Ndiskio;c:\programme\Norman\Nse\Bin\ndiskio.sys [16.10.2009 10:01 22880]
R2 NHS;Norman Hash Server;c:\programme\Norman\nvc\bin\nhs.exe [14.05.2012 15:42 793520]
R2 NNFSVC;Norman Network Filtering service;c:\programme\Norman\Ngs\Bin\nnf.exe [20.08.2010 08:52 231216]
R2 nregsec;Norman Registry Security driver;c:\programme\Norman\Ngs\Bin\nregsec.sys [20.08.2010 08:52 61496]
R2 NVOY;Norman Resource Provider;c:\programme\Norman\Npm\Bin\nvoy.exe [31.08.2009 14:16 100936]
R2 TeamViewer7;TeamViewer 7;c:\programme\TeamViewer\Version7\TeamViewer_Service.exe [11.05.2012 09:43 2666880]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [25.02.2010 18:40 1047880]
R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [13.03.2006 18:56 11841]
R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [13.03.2006 18:56 141889]
R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [13.03.2006 18:56 493632]
R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [13.03.2006 18:56 23104]
R3 nsesvc;Norman Scanner Engine Service;c:\programme\Norman\Nse\Bin\nsesvc.exe [09.12.2010 13:04 288072]
R3 nvcoas;Norman Virus Control on-access component;c:\programme\Norman\nvc\bin\nvcoas.exe [14.05.2012 15:42 286760]
R3 Scheduler;Norman Scheduler Service;c:\programme\Norman\Npm\Bin\scheduler.exe [31.08.2009 14:16 99312]
R3 swivsp;AC8xx Virtual Serial Port;c:\windows\system32\drivers\swivspnt.sys [26.03.2007 14:18 20352]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [11.05.2012 09:43 25088]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25.02.2010 10:18 10064]
S1 NPROSEC;Norman Security driver;c:\programme\Norman\Ngs\Bin\nprosec.sys [05.10.2011 08:14 91136]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [24.02.2010 14:13 135664]
S2 NPROSECSVC;Norman Security service;c:\programme\Norman\Ngs\Bin\nprosec.exe [05.10.2011 08:14 90144]
S2 TwonkyMedia;TwonkyMedia;c:\programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05.04.2012 08:18 257696]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [24.02.2010 14:13 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\programme\Mozilla Maintenance Service\maintenanceservice.exe [09.05.2012 17:03 129976]
S3 SwitchBoard;SwitchBoard;c:\programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe [19.02.2010 13:37 517096]
S3 SWNC8U80;Sierra Wireless MUX NDIS Driver (UMTS80);c:\windows\system32\drivers\swnc8u80.sys [20.05.2008 16:24 167040]
S3 SWUMX80;Sierra Wireless USB MUX Driver (UMTS80);c:\windows\system32\drivers\swumx80.sys [20.05.2008 16:25 143360]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 06:49]
.
2012-05-14 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-VERAMARIA-VeraMaria.job
- c:\programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-10-05 01:44]
.
2011-11-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-05-24 c:\windows\Tasks\Google Software Updater.job
- c:\programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-31 07:34]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0d1da8cbf986.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-24 12:13]
.
2012-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cb0d1da972de22.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-24 12:13]
.
2012-05-25 c:\windows\Tasks\User_Feed_Synchronization-{8A85BDAB-7CF0-44D2-8D77-EE6FD70C738D}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.ch/
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = *.local
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: In vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 62.2.24.162 62.2.17.61 62.2.24.158
FF - ProfilePath - c:\dokumente und einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Mozilla\Firefox\Profiles\letrxio1.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&ss=1&affID=100365&mntrId=30e9b698000000000000001485c3fafa
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&ss=1&affID=100365&mntrId=30e9b698000000000000001485c3fafa&q=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-Adobe PhotoDeluxe Home Edition 4.0 - c:\windows\IsUn0407.exe
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-Canon Camera WIA Driver PowerShot A200 - c:\windows\IsUn0407.exe
AddRemove-Canon PhotoStitch 3.1 - c:\windows\IsUn0407.exe
AddRemove-Mein Heim - c:\windows\IsUn0407.exe
AddRemove-PhotoRecord - c:\windows\IsUn0407.exe
AddRemove-RemoteCapture - c:\windows\IsUn0407.exe
AddRemove-ZoomBrowserEXDeInstall - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-05-25 17:27
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-25  17:32:35
ComboFix-quarantined-files.txt  2012-05-25 15:32
.
Vor Suchlauf: 6'644'543'488 Bytes frei
Nach Suchlauf: 6'827'778'048 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 875AA064F1102467C22F9AA5680161FC
         
Nun habe ich jedoch folgendes Problem: Nach Start von Windows erscheint der Anmeldescreen . Nach Eingabe des Passworts ertönt kurz die Start-Melodie von Windows, danach meldet er sich direkt wieder ab, die Shutdown-Melodie von Windows erklingt und ich lande wieder auf dem Anmeldescreen.
Habe es mehrmals versucht, auch mit Neustart, immer das gleiche Resultat. Ich hoffe, ich habe nichts falsch gemacht


Alt 25.05.2012, 17:07   #6
markusg
/// Malware-holic
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



misst.
kannst du noch mal ein neues otl log erstellen über die cd?
__________________
--> Verschlüsselungs-Trojaner

Alt 29.05.2012, 11:01   #7
nooqxy
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Klar, soeben erledigt:

OTL.txt
Code:
ATTFilter
OTL logfile created on: 5/29/2012 3:45:58 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 788.00 Mb Available Physical Memory | 77.00% Memory free
907.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 6.57 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive F: | 147.18 Gb Total Space | 140.09 Gb Free Space | 95.18% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Win32 Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NHS) -- C:\Programme\Norman\Nvc\bin\nhs.exe ()
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (nvcoas) -- C:\Programme\Norman\Nvc\Bin\nvcoas.exe (Norman ASA)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Norman ZANDA) -- C:\Programme\Norman\Npm\Bin\Zanda.exe (Norman ASA)
SRV - (Norman NJeeves) -- C:\Programme\Norman\Npm\Bin\Njeeves.exe ()
SRV - (NNFSVC) -- C:\Programme\Norman\Ngs\Bin\Nnf.exe (Norman ASA)
SRV - (eLoggerSvc6) -- C:\Programme\Norman\Npm\Bin\Elogsvc.exe (Norman ASA)
SRV - (NVOY) -- C:\Programme\Norman\npm\bin\nvoy.exe (Norman ASA)
SRV - (NPROSECSVC) -- C:\Programme\Norman\Ngs\Bin\Nprosec.exe (Norman ASA)
SRV - (Scheduler) -- C:\Programme\Norman\Npm\Bin\scheduler.exe (Norman ASA)
SRV - (nsesvc) -- C:\Programme\Norman\Nse\Bin\NSESVC.EXE (Norman ASA)
SRV - (ServiceLayer) -- C:\Programme\Nokia\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
SRV - (SwitchBoard) -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TwonkyMedia) -- C:\Programme\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe (PacketVideo)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (upperdev) --  File not found
DRV - (SWUMX20) Sierra Wireless USB MUX Driver (UMTS20) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) --  File not found
DRV - (NvcMFlt) -- C:\WINDOWS\system32\drivers\nvcw32mf.sys (Norman ASA)
DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (nregsec) -- C:\Programme\Norman\Ngs\Bin\nregsec.sys (Norman ASA)
DRV - (NPROSEC) -- C:\Programme\Norman\Ngs\Bin\nprosec.sys (Norman ASA)
DRV - (NGS) -- C:\Programme\Norman\Ngs\Bin\ngs.sys (Norman ASA)
DRV - (qtsmon) -- C:\WINDOWS\system32\drivers\qtsmon.sys (AVG)
DRV - (Ndiskio) -- C:\Programme\Norman\Nse\Bin\ndiskio.sys (Norman ASA)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWUMX80) Sierra Wireless USB MUX Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swumx80.sys (Sierra Wireless Inc.)
DRV - (SWNC8U80) Sierra Wireless MUX NDIS Driver (UMTS80) -- C:\WINDOWS\system32\drivers\swnc8u80.sys (Sierra Wireless Inc.)
DRV - (swivsp) -- C:\WINDOWS\system32\drivers\swivspnt.sys (Sierra Wireless Inc.)
DRV - (hcw88rc5) -- C:\WINDOWS\system32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator.ATW_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\kilian_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Philipp_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 AD 31 AA 74 47 CC 01  [binary data]
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\VeraMaria.PC-VERAMARIA_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKU\VeraMaria_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/10/05 04:35:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/05/11 06:20:24 | 000,000,000 | ---D | M]
 
[2012/01/16 04:23:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/05/09 11:02:57 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/02/14 05:56:40 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/11 05:57:25 | 000,002,319 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012/02/14 05:56:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/02/14 05:56:40 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/14 05:56:40 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/14 05:56:40 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/14 05:56:40 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/05/25 11:27:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Snapform Viewer PlugIn for IE) - {00AF1458-D967-4C0E-B736-D6D010521EF5} - C:\Programme\SnapFormViewer\Viewer\bin\lib\SFVPlugInIE_x86.dll (Ringler Informatik AG)
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Philipp_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Philipp_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\VeraMaria.PC-VERAMARIA_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\VeraMaria.PC-VERAMARIA_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\VeraMaria_ON_C\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\VeraMaria_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\VeraMaria_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Microsoft Works Update Detection] C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkUFind.exe (Microsoft® Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NokiaMServer] C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [Norman ZANDA] C:\Programme\Norman\Npm\Bin\ZLH.EXE (Norman ASA)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TRUUpdater] C:\Programme\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe (Sierra Wireless, Inc.)
O4 - HKLM..\Run: [WatcherHelper] C:\Programme\Sierra Wireless Inc\3G Watcher\WaHelper.exe (Sierra Wireless Inc.)
O4 - HKU\Administrator_ON_C..\Run: [updateMgr] C:\Programme\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - HKU\VeraMaria.PC-VERAMARIA_ON_C..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 7\PcSync2.exe (Nokia)
O4 - HKU\VeraMaria.PC-VERAMARIA_ON_C..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKU\VeraMaria_ON_C..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator.ATW_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\kilian_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Philipp_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\VeraMaria.PC-VERAMARIA_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\VeraMaria_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O27 - HKLM IFEO\userinit.exe: Debugger - C:\WINDOWS\system32\packd.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/13 12:36:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/05/25 20:54:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/05/25 12:28:29 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/05/25 12:25:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/05/25 11:06:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/05/25 11:04:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/05/25 11:04:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/05/25 11:04:10 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/05/25 11:04:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/05/25 11:04:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/05/25 11:03:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/25 11:03:37 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Startmenü\Programme\Verwaltung
[2012/05/25 10:44:57 | 004,526,981 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\ComboFix.exe
[2012/05/24 03:07:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/05/11 06:20:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012/05/11 06:20:00 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012/05/11 06:09:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/05/11 06:09:07 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012/05/11 06:09:04 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2012/05/11 06:05:29 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2012/05/11 03:43:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2012/05/11 03:43:30 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- C:\WINDOWS\System32\drivers\teamviewervpn.sys
[2012/05/11 03:43:29 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2012/05/11 03:42:18 | 003,560,712 | ---- | C] (TeamViewer GmbH) -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\TeamViewer_Setup_de.exe
[2012/05/09 11:03:03 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2012/05/09 11:03:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
 
========== Files - Modified Within 30 Days ==========
 
[2012/05/25 13:40:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/25 13:40:45 | 000,000,441 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2012/05/25 13:40:29 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0d1da8cbf986.job
[2012/05/25 13:38:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/05/25 13:38:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8A85BDAB-7CF0-44D2-8D77-EE6FD70C738D}.job
[2012/05/25 12:18:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cb0d1da972de22.job
[2012/05/25 11:27:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/05/25 11:06:55 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/05/25 11:02:54 | 2929,607,680 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\VeraMaria.pst
[2012/05/25 07:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities
[2012/05/25 07:32:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia PC Suite
[2012/05/25 06:37:25 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/05/25 06:32:27 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat - Schnellstart.lnk
[2012/05/25 06:31:34 | 000,043,573 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/05/25 06:31:30 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/05/25 05:41:34 | 004,526,981 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\ComboFix.exe
[2012/05/24 04:24:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/05/24 03:27:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/21 10:58:07 | 000,009,728 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/21 05:49:41 | 000,135,864 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\AnmeldungMietintressenten.jpg
[2012/05/13 20:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PC-VERAMARIA-VeraMaria.job
[2012/05/12 06:29:08 | 003,614,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/12 06:06:10 | 000,462,404 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/12 06:06:10 | 000,444,016 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/12 06:06:10 | 000,085,764 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/12 06:06:10 | 000,072,274 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/12 06:03:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/11 06:20:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012/05/11 06:09:57 | 000,001,528 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012/05/11 06:09:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/05/11 06:00:29 | 000,064,000 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/05/11 03:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2012/05/11 03:43:43 | 000,000,793 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012/05/11 03:42:25 | 003,560,712 | ---- | M] (TeamViewer GmbH) -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\TeamViewer_Setup_de.exe
[2012/05/11 02:49:34 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/11 02:49:34 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/10 04:55:14 | 000,045,568 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Briefvorlage B&S Immobilien.dot
[2012/05/09 04:00:49 | 000,001,136 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Verknüpfung mit Gebäudeversicherung.pdf.lnk
[2012/05/08 04:21:49 | 000,067,869 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Unbenannt.JPG
[2012/05/02 04:22:42 | 000,050,260 | ---- | M] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Berechnung.JPG
 
========== Files Created - No Company Name ==========
 
[2012/05/25 11:06:55 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/05/25 11:06:50 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2012/05/25 11:04:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/05/25 11:04:10 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/05/25 11:04:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/05/25 11:04:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/05/25 11:04:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/05/24 03:27:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/21 05:49:40 | 000,135,864 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\AnmeldungMietintressenten.jpg
[2012/05/11 06:09:57 | 000,001,528 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012/05/11 03:43:43 | 000,000,793 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012/05/09 04:44:32 | 000,045,568 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Briefvorlage B&S Immobilien.dot
[2012/05/09 04:00:49 | 000,001,136 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Verknüpfung mit Gebäudeversicherung.pdf.lnk
[2012/05/02 04:22:42 | 000,050,260 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Desktop\Berechnung.JPG
[2012/02/16 05:49:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/08 03:17:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/12/22 03:37:24 | 000,000,105 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/12/06 07:53:03 | 000,064,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/10 06:25:43 | 000,032,608 | ---- | C] () -- C:\WINDOWS\king-uninstall.exe
[2010/07/20 05:54:43 | 000,000,155 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/06/18 05:30:24 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/12 08:27:09 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\$_hpcst$.hpc
[2010/05/12 08:15:57 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\kilian\Anwendungsdaten\$_hpcst$.hpc
[2009/04/03 04:05:35 | 000,026,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2008/11/05 04:43:55 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\$_hpcst$.hpc
[2008/02/08 15:53:40 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Philipp\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/11/03 04:24:52 | 000,068,608 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/10/27 02:43:39 | 000,001,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006/10/18 06:20:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI
[2006/09/19 02:01:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/08/19 06:19:48 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/07/24 10:40:50 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/07/13 03:20:46 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/07/13 03:16:20 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2006/07/13 02:33:45 | 000,102,032 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2006/07/13 02:33:45 | 000,017,218 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/07/10 06:07:01 | 000,104,152 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/07/10 06:07:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/07/10 05:44:21 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\Dc50ip32.dll
[2006/07/10 05:44:21 | 000,065,864 | ---- | C] () -- C:\WINDOWS\System32\Digita.sys
[2006/07/10 05:44:21 | 000,007,808 | ---- | C] () -- C:\WINDOWS\System32\dc240u.sys
[2006/07/10 05:44:21 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\ImgLibLead.dll
[2006/07/10 05:44:17 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2006/07/10 05:44:17 | 000,048,640 | ---- | C] () -- C:\WINDOWS\catalogSubInstaller.exe
[2006/07/10 05:36:10 | 000,374,784 | ---- | C] () -- C:\WINDOWS\System32\3dg32.dll
[2006/07/10 05:36:10 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini
[2006/07/10 03:13:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/07/07 11:12:41 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2006/03/13 13:49:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/13 13:24:57 | 000,030,327 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2006/03/13 13:24:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dmcrypto.dll
[2006/03/13 13:24:01 | 000,001,836 | ---- | C] () -- C:\WINDOWS\HCWPNP.INI
[2006/03/13 12:56:49 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\hcwxds.dll
[2006/03/13 12:45:28 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/03/13 12:45:28 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/03/13 12:38:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/03/13 12:33:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/03/13 12:25:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/03/13 12:23:53 | 003,614,984 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/09 22:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/09 22:06:00 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2005/12/09 22:06:00 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/09 22:06:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2005/12/09 22:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/09 22:06:00 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/09 22:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/09 22:06:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2005/12/09 22:06:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2005/12/09 22:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/09 22:06:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,462,404 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 08:00:00 | 000,444,016 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,085,764 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 08:00:00 | 000,072,274 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/02/20 11:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1601/02/13 04:28:18 | 000,620,460 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\nNOdVsTAyugGtT
[1601/02/13 04:28:18 | 000,479,232 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Lokale Einstellungen\Anwendungsdaten\pjEurGUasLAgQs
[1601/02/13 04:28:18 | 000,038,467 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\yLguVxTsLjuNGUsXLOuf
[1601/02/13 04:28:18 | 000,036,864 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\QdxsTjnQgxfsojrQdxsT
[1601/02/13 04:28:18 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\JjETetvgoysXGdN
[1601/02/13 04:28:18 | 000,004,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLqQOxVsaqoQUGXsLq
[1601/02/13 04:28:18 | 000,002,066 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\qElptQgEApeUGruyo
[1601/02/13 04:28:18 | 000,000,899 | ---- | C] () -- C:\Dokumente und Einstellungen\VeraMaria\uyGgpxosrLdQlAauqGgp
 
========== LOP Check ==========
 
[2010/05/12 08:16:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kilian\Anwendungsdaten\PC Suite
[2010/05/12 08:15:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\kilian\Anwendungsdaten\Sierra Wireless
[2008/02/08 15:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Philipp\Anwendungsdaten\Teleca
[2011/07/20 06:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Babylon
[2011/11/11 09:19:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\BabylonToolbar
[2010/10/06 03:39:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/09/16 02:38:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\CoSoSys
[2011/07/20 06:07:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Efficient Diary
[2010/11/05 11:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\gtk-2.0
[2011/10/26 09:24:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Nokia
[2010/05/12 09:32:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\PC Suite
[2010/05/12 08:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\Sierra Wireless
[2012/05/11 03:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\TeamViewer
[2010/05/12 08:32:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\TuneUp Software
[2011/11/30 17:14:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria.PC-VERAMARIA\Anwendungsdaten\WW
[2010/02/24 10:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\EasyTax
[2006/09/29 05:46:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Leadertech
[2009/09/23 06:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Nokia
[2010/05/10 04:21:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Opera
[2009/09/23 06:28:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\PC Suite
[2008/11/05 04:46:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Retriever
[2009/04/03 04:05:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Sierra Wireless
[2008/11/10 03:25:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Teleca
[2010/03/29 09:30:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\TuneUp Software
[2008/04/03 07:17:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\VeraMaria\Anwendungsdaten\Uniblue
[2010/12/22 03:37:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVGQTS
[2011/07/20 06:05:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2008/05/29 10:29:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2008/05/29 10:28:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2010/05/12 09:34:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010/02/24 08:37:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010/11/26 10:45:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2009/09/23 05:02:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaMusic
[2008/12/18 09:47:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2010/10/05 05:18:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2008/11/10 03:25:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2010/03/29 09:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010/11/29 11:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/05/24 03:21:21 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2012/05/25 13:38:00 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8A85BDAB-7CF0-44D2-8D77-EE6FD70C738D}.job
 
========== Purity Check ==========
 
 
< End of report >
         
Extras.txt
Code:
ATTFilter
OTL Extras logfile created on: 5/29/2012 3:45:58 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 788.00 Mb Available Physical Memory | 77.00% Memory free
907.00 Mb Paging File | 846.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39.07 Gb Total Space | 6.57 Gb Free Space | 16.82% Space Free | Partition Type: NTFS
Drive F: | 147.18 Gb Total Space | 140.09 Gb Free Space | 95.18% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe" = C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe:*:Enabled:TwonkyMedia -- (PacketVideo)
"C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe" = C:\Programme\Nokia\Nokia Home Media Server\Media Server\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer -- ()
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe" = C:\Programme\Sierra Wireless Inc\3G Watcher\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Programme\Sierra Wireless Inc\3G Watcher\TRUUpdater.exe" = C:\Programme\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe:*:Enabled:TRUUpdater -- (Sierra Wireless, Inc.)
"C:\Programme\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe" = C:\Programme\Sierra Wireless Inc\WebUpdater\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\TeamViewer\Version7\TeamViewer.exe" = C:\Programme\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0143CF89-5CF2-4F2D-80D5-BFAE64E1BA00}" = MITs Wizard 3.0 for Device
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03528A01-7E5E-4C5F-94DF-1D8012E969EF}" = Nokia Map Loader
"{03CAB33F-D1C2-48C6-8766-DAE84DFC25FE}" = Microsoft Sync Framework Services v1.0 (x86)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EEB3C40-2A8C-4045-B3F9-13C4A5C490C0}" = Nokia Home Media Server
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Foto 7.0
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3BE11C5A-7959-418B-90AC-1D85DE8B6E15}" = 5500
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{407B9B5C-DAC5-4F44-A756-B57CAB4E6A8B}" = Google Earth
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{42B74521-4706-412A-9A27-AED12B83E886}" = Nokia Ovi Application Installer
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4AE48A64-6C6A-4E5A-95FA-55F5131DECF9}" = Nokia Ovi One Touch Access
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5DE8F9B6-DAEA-4990-AB2A-F797577D88B5}" = 5500Tour
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6442DEDF-AC2F-4CBA-85DE-42E459C5006C}" = Nokia Ovi Content Copier
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6A588FD3-104A-4517-91B1-D85AD27FA487}" = Nokia Ovi Suite
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82388E38-FDFD-4D36-9D35-EA720F9467D6}" = Nokia Ovi System Utilities
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8F651796-EC48-4A33-87D9-6866D3022052}" = Nokia Connectivity Cable Driver
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91190407-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8BD5A60-E843-46DC-8271-ABF20756BE0F}" = Microsoft Sync Framework Runtime v1.0 (x86)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB182223-13B2-444B-A8F1-2F6EC29B6496}" = ImmoTop®
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{AFDFC350-C142-4790-BE12-8357AECD028F}" = SyncToy 2.0 (x86)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B08A973F-5D0C-4A09-A219-F00289BB85C0}" = 5500_Help
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B4DBD782-CA1F-40FE-845D-3ABD5B206BC3}" = Sierra Wireless 3G Watcher
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C4BEEB8C-B9D2-4CD9-A2AA-1F3A1F57DF21}" = Works Suite-Betriebssystem-Pack
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D043E0F8-5EFA-4102-A863-08F39D9DF2F4}" = Nokia Software Updater
"{D1760DA4-A5FA-4FF1-A46A-031AB4A41345}" = 5500Trb
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E4423F16-0E98-4855-BFF4-3EF016C55D67}" = Nokia_Multimedia_Common_Components_2_5
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EB938616-16BB-491E-A5A0-CA4AB4167BB4}" = Nokia Photos
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.1.0 Professional - English, Français, Deutsch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"EasyTax 2009 AG 1.0" = EasyTax 2009 AG 1.0
"Efficient Diary_is1" = Efficient Diary 1.96
"E-Finance Java" = E-Finance Java
"Google Updater" = Google Updater
"Hauppauge German Help Files and Resources" = Hauppauge German Help Files and Resources
"HP Photo & Imaging" = HP Image Zone 4.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Kazoo Player" = Kazoo Player
"king.com" = king.com (remove only)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia Ovi Application Installer" = Nokia Ovi Application Installer 6.85.3011
"Nokia Ovi Content Copier" = Nokia Ovi Content Copier 6.85.3011
"Nokia Ovi One Touch Access" = Nokia Ovi One Touch Access 6.85.3011
"Nokia Ovi System Utilities" = Nokia Ovi System Utilities 6.85.3013
"NVIDIA Drivers" = NVIDIA Drivers
"Retriever_is1" = Retriever 1.1.4.0
"Snapform Viewer 1.6.02" = Snapform Viewer 1.6.02
"TeamViewer 7" = TeamViewer 7
"TuneUp Utilities" = TuneUp Utilities
"TwonkyvisionUPnPTwonkyMedia" = TwonkyMedia
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile®-Gerätehandbuch
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003-Setup-Start
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Yahoo! Companion" = Yahoo! Toolbar
 
< End of report >
         

Alt 12.06.2012, 19:32   #8
nooqxy
 
Verschlüsselungs-Trojaner - Standard

Verschlüsselungs-Trojaner



Dürfte ich mal nachfragen wies aussieht?

Antwort

Themen zu Verschlüsselungs-Trojaner
babylon toolbar, babylontoolbar, bho, bonjour, computer, desktop, disabletaskmgr, downloader, e-mail, einstellungen, error, firefox, format, google earth, helper, home, homepage, langs, mozilla, msvcrt, norman, realtek, registry, rundll, scan, security, security update, server, sierra, software, usb, version=1.0, windows, windows xp



Ähnliche Themen: Verschlüsselungs-Trojaner


  1. SUISA-Trojaner (Verschlüsselungs-Trojaner) befall auf HP-Pro-Laptop Win7 64Bit
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (19)
  2. windows verschlüsselungs trojaner-sofortiger TRojaner hinweis
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (9)
  3. Live Security Platinum-Trojaner, Verschlüsselungs-Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (1)
  4. verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 14.07.2012 (1)
  5. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  6. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 14.06.2012 (6)
  7. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2012 (4)
  8. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (1)
  9. Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  10. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (6)
  11. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  12. verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  13. Verschlüsselungs-Trojaner auf XP
    Log-Analyse und Auswertung - 07.06.2012 (9)
  14. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 03.06.2012 (1)
  15. Verschlüsselungs trojaner
    Plagegeister aller Art und deren Bekämpfung - 01.06.2012 (1)
  16. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 29.05.2012 (15)
  17. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.04.2012 (1)

Zum Thema Verschlüsselungs-Trojaner - Hallo Bei uns im Büro wurde das E-Mail geöffnet. Ich habe nun wie beschrieben den Scan gemacht (Ich hoffe, ich habe alles richtig gemacht). Den hänge ich hier mal an. - Verschlüsselungs-Trojaner...
Archiv
Du betrachtest: Verschlüsselungs-Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.