| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Suche mit google wird nicht auf das ergebnis geleitet, sondern auf "newsfudge.com"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2012, 21:15
| #1 |
 |  Suche mit google wird nicht auf das ergebnis geleitet, sondern auf "newsfudge.com" Hallo zusammen, habe mir wohl irgenetwas eingefangen. Bei jedweder Suche mit google werde ich nicht auf das ergebnis geleitet, sondern immer über "get-answer-fast.com" weiter auf "newsfudge.com"???... Hier die Ergebnisse von defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:46 on 12/06/2012 (goliver) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- und die Ergebnisse von OTL: OTL.txt:OTL Logfile: Code:Alles kopierenAlles auswählenLarusso Modus OTL logfile created on: 12.06.2012 21:50:05 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\Familie Gall\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,77% Memory free 2,21 Gb Paging File | 1,80 Gb Available in Paging File | 81,67% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 37,25 Gb Total Space | 4,60 Gb Free Space | 12,34% Space Free | Partition Type: NTFS Computer Name: *** | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.12 21:49:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe PRC - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.07.01 08:15:21 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.26 15:26:12 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe PRC - [2011.05.01 20:03:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.12.26 12:02:58 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe PRC - [2010.03.25 02:32:30 | 002,499,584 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe PRC - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe PRC - [2010.03.11 09:36:32 | 000,390,272 | ---- | M] (Bytemobile, Inc.) -- C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\bmctl.exe PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\System Update\SUService.exe PRC - [2008.11.24 12:30:00 | 002,417,152 | ---- | M] (Mirko Böer) -- C:\Programme\SSK\sskfree.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.14 06:53:04 | 000,082,944 | ---- | M] (IBM Corporation) -- C:\WINDOWS\system32\tp4mon.exe PRC - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe PRC - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe PRC - [2006.05.30 16:05:42 | 000,086,016 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe PRC - [2005.07.05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ========== Modules (No Company Name) ========== MOD - [2012.05.12 10:26:18 | 000,248,832 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\5d23fa61070c93e175863732c53c9248\VMC.WindowsService.Core.ni.dll MOD - [2012.05.12 10:26:17 | 000,715,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WwanWrapper\bd59cdb875a517740f3d6a5d201ea23a\VMC.WwanWrapper.ni.dll MOD - [2012.05.12 10:26:16 | 000,329,728 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CancelAutoPlay\d37adaabae988ed23d2e124fd4595643\CancelAutoPlay.ni.dll MOD - [2012.05.12 10:26:16 | 000,050,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\e2caef21bcabe7efbf779c1de9cccfae\VMC.ConnectionServices.TrafficOptimiser.ni.dll MOD - [2012.05.12 10:26:15 | 000,247,296 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.CsUtil\f27e9efe35217fcf1ae82315347f6481\VMC.CsUtil.ni.dll MOD - [2012.05.12 10:26:15 | 000,101,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.Shell32\3c52bf0be60b0285a764a9ddcc76542b\Interop.Shell32.ni.dll MOD - [2012.05.12 10:26:14 | 001,552,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\d31c7dbf1562da8259ce3e8e21bd4393\VMC.ConnectionServices.ni.dll MOD - [2012.05.12 10:26:08 | 000,675,840 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Xm#\a13051052429de47b2441d903a09e620\VMC.BaseServices.XmlSerializers.ni.dll MOD - [2012.05.12 10:26:08 | 000,031,232 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Ou#\6a6035dd2afe8102e294ca4d588df7c0\VMC.BaseServices.OutlookConnector.ni.dll MOD - [2012.05.12 10:26:06 | 000,492,544 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Da#\a2283409519e2b0d6c4832b206530472\VMC.BaseServices.DataAccessor.ni.dll MOD - [2012.05.12 10:26:06 | 000,218,624 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\456ee3dedf7fefeac2449ce08248e9fa\Interop.FNCClient11Lib.ni.dll MOD - [2012.05.12 10:26:01 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll MOD - [2012.05.12 10:25:59 | 000,070,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.WindowsService.#\2d7f6f8c523fcbbfbc2c04825f60e111\VMC.WindowsService.Messaging.ni.dll MOD - [2012.05.12 10:25:58 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\dff877744c0f7f8752eb356f27edfa59\System.ServiceProcess.ni.dll MOD - [2012.05.12 10:25:49 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll MOD - [2012.05.12 10:25:33 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\92d58f840f549f9bd880783d43db7e3c\System.Runtime.Remoting.ni.dll MOD - [2012.05.12 10:25:32 | 000,497,152 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.ConnectionServi#\d54ef3ab151152f521ac454acb649534\VMC.ConnectionServicesInterface.ni.dll MOD - [2012.05.12 10:25:31 | 000,946,688 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.BaseServices.Pl#\e3549c0c028b5460873cccca9d2a88d6\VMC.BaseServices.Platform.ni.dll MOD - [2012.05.12 10:25:29 | 000,357,888 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\VMC.UI.CommonDialogs\73db5c3d4931f196ea64af4d93959b9f\VMC.UI.CommonDialogs.ni.dll MOD - [2012.05.12 10:25:26 | 000,679,936 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\129b15861e200613ff78ae15581f9093\System.Security.ni.dll MOD - [2012.05.12 10:25:20 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll MOD - [2012.05.12 10:25:19 | 004,332,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\MobileConnect\820460598a90ea6ee44a46dd1346cc2e\MobileConnect.ni.exe MOD - [2012.05.12 09:29:12 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll MOD - [2012.05.12 09:29:00 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\32b169d0703541a18c987bd2dbf9fbd9\System.Windows.Forms.ni.dll MOD - [2012.05.12 09:27:33 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7765146be2fa459c20856ff822f90d1e\System.Drawing.ni.dll MOD - [2012.05.11 23:35:10 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\12c6fe8d4dd78f9bddf847d3b2821c03\System.Data.ni.dll MOD - [2012.05.11 23:22:02 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll MOD - [2012.05.11 23:21:24 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll MOD - [2012.05.11 23:20:13 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2012.05.11 23:20:04 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll MOD - [2010.06.17 16:27:02 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2010.04.21 11:09:54 | 000,315,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.04.21 11:09:49 | 000,434,176 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010.04.21 11:09:48 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe MOD - [2007.04.02 18:19:22 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll MOD - [2005.11.30 21:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll MOD - [2005.07.05 15:57:12 | 000,077,824 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe MOD - [2003.07.04 00:49:30 | 000,024,576 | ---- | M] () -- C:\Programme\Lenovo\PkgMgr\HOTKEY_2\tphk_2k.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.01.23 06:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.10.24 22:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.07.01 08:15:21 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.05.01 20:03:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.12.26 12:02:58 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.12.26 12:02:54 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2010.06.14 16:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.03.25 02:32:16 | 000,009,216 | ---- | M] (Vodafone) [Auto | Running] -- C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe -- (VMCService) SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.06.12 11:55:48 | 000,028,672 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\System Update\SUService.exe -- (SUService) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.03.04 11:34:12 | 001,122,304 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\Scheduler\tvtsched.exe -- (TVT Scheduler) SRV - [2007.09.26 18:34:46 | 000,644,408 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service) SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2006.10.26 11:33:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\UDSTDrv.sys -- (UDSTDrv) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2011.07.01 08:15:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 08:15:23 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.06.17 16:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.06.17 16:26:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2010.03.11 09:36:26 | 000,024,192 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpipBM.sys -- (tcpipBM) DRV - [2010.03.11 09:36:24 | 000,013,184 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\BMLoad.sys -- (BMLoad) DRV - [2010.03.01 18:35:22 | 000,080,000 | ---- | M] (Vodafone) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vodafone_K3805-z_dc_enum.sys -- (vodafone_K3805-z_dc_enum) DRV - [2010.02.26 15:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.02.26 15:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.02.26 15:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.02.26 15:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009.11.11 14:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2009.04.09 13:38:32 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2) DRV - [2009.04.09 13:38:32 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort) DRV - [2009.04.09 13:38:32 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem) DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.04.10 23:46:53 | 001,966,312 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000) DRV - [2007.02.19 07:56:46 | 000,021,376 | ---- | M] (Lenovo (United States) Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd) DRV - [2006.08.29 00:12:00 | 000,990,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2006.08.29 00:11:00 | 000,247,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH) DRV - [2006.08.29 00:10:00 | 000,728,576 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2006.08.02 10:45:32 | 000,114,560 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910) DRV - [2001.08.17 12:48:14 | 000,011,520 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TwoTrack.sys -- (TwoTrack) DRV - [2000.07.24 01:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BRPAR.SYS -- (BrPar) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/ IE - HKLM\..\SearchScopes,DefaultScope = {6BD63EF5-F376-4104-B390-F6E1E3BEDAAC} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: "URL" = hxxp://startsear.ch/?q={searchTerms} IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/?search={searchTerms}&loc=search_box_im2_test_v2 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: ff-bmboc@bytemobile.com:4.2.2 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\programme\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ff-bmboc@bytemobile.com: C:\Programme\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.10.25 10:22:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.11.16 11:19:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.06.26 15:27:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.11.16 11:19:07 | 000,000,000 | ---D | M] [2011.03.12 10:54:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2011.01.09 13:35:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2011.04.18 19:54:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\hl3ndia3.default\extensions [2011.04.18 19:54:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\hl3ndia3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.04.18 19:54:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\hl3ndia3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.06.26 15:27:20 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2010.04.20 19:53:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010.11.16 11:19:04 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAMME\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION [2010.10.25 10:22:38 | 000,000,000 | ---D | M] (Bytemobile Optimization Client) -- C:\PROGRAMME\VODAFONE\VODAFONE MOBILE CONNECT\OPTIMIZATION CLIENT\ADDON O1 HOSTS File: ([2001.08.23 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [MobileConnect] C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone) O4 - HKLM..\Run: [TkBellExe] C:\programme\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrackPointSrv] C:\WINDOWS\System32\tp4mon.exe (IBM Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [SuperSpamKiller] C:\Programme\SSK\sskfree.exe (Mirko Böer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA) O16 - DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} hxxp://www.kps-virtualplanner.de/vp45_vme_qa/Core/Player/2020PlayerAX_Win32.cab (20-20 3D Viewer) O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} hxxp://www.globus-fotoservice.de/ips-opdata/objects/jordan.cab (JordanUploader Class) O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} hxxp://ua.foto.com/ImageUploader6.cab (Uploader Control) O16 - DPF: {48580E34-E37A-454A-8EC4-FC7598B01D77} hxxp://chkr-web.ifolor.net/app_support/3/ActiveX/IfolorUploader_chkr.cab (IfolorUploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FAB2BB9D-91E9-457E-9D42-75A7FCCBBC00} hxxp://www.magic-kinder.com/totalimmersion/plugin/DFusionHomeWebPlugIn.Installer.exe (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D85D1EC-DBEA-4C7F-9C1D-D851C2F47A2D}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll () O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll () O24 - Desktop Components:0 () - file:///C:/DOKUME~1/FAMILI~1/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.04.20 09:50:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{39dcc600-9fb6-11df-af21-0013ce8de71d}\Shell - "" = AutoRun O33 - MountPoints2\{39dcc600-9fb6-11df-af21-0013ce8de71d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{39dcc600-9fb6-11df-af21-0013ce8de71d}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{585c45c0-137f-11e1-b1b2-0013ce8de71d}\Shell - "" = AutoRun O33 - MountPoints2\{585c45c0-137f-11e1-b1b2-0013ce8de71d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{585c45c0-137f-11e1-b1b2-0013ce8de71d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta O33 - MountPoints2\{801533b0-bf57-11e0-b112-0013ce8de71d}\Shell - "" = AutoRun O33 - MountPoints2\{801533b0-bf57-11e0-b112-0013ce8de71d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{801533b0-bf57-11e0-b112-0013ce8de71d}\Shell\AutoRun\command - "" = E:\TING.EXE O33 - MountPoints2\{dde9c3c3-cb1b-11df-af5e-0013ce8de71d}\Shell - "" = AutoRun O33 - MountPoints2\{dde9c3c3-cb1b-11df-af5e-0013ce8de71d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dde9c3c3-cb1b-11df-af5e-0013ce8de71d}\Shell\AutoRun\command - "" = E:\PhotoViewer.exe O33 - MountPoints2\{fe9d6da0-e73d-11e0-b154-0013ce8de71d}\Shell - "" = AutoRun O33 - MountPoints2\{fe9d6da0-e73d-11e0-b154-0013ce8de71d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fe9d6da0-e73d-11e0-b154-0013ce8de71d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.hta O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.12 21:49:20 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen/***\Desktop\OTL.exe [2012.05.15 20:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in [2011.12.21 18:01:05 | 050,442,288 | ---- | C] (Acresso Software Inc. ) -- C:\Programme\Brava7Reader.exe [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.12 21:49:57 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-1957994488-839522115-1003.job [2012.06.12 21:49:56 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-1957994488-839522115-1003.job [2012.06.12 21:49:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe [2012.06.12 21:46:55 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.06.12 21:39:00 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012.06.12 21:00:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2012.06.12 18:50:26 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012.06.12 18:50:22 | 000,000,328 | ---- | M] () -- C:\WINDOWS\tasks\Jqissvvoup.job [2012.06.12 18:50:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.12 18:50:17 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys [2012.06.11 20:02:25 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.07 13:21:07 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2012.06.03 18:57:03 | 000,045,843 | ---- | M] () -- C:\WINDOWS\CSTBox.INI [2012.06.01 19:15:50 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Outlook.lnk [2012.05.22 22:07:39 | 000,163,840 | RHS- | M] () -- C:\WINDOWS\System32\win32splh.dll [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.12 21:46:55 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.05.22 22:07:39 | 000,163,840 | RHS- | C] () -- C:\WINDOWS\System32\win32splh.dll [2012.05.22 22:07:39 | 000,000,328 | ---- | C] () -- C:\WINDOWS\tasks\Jqissvvoup.job [2012.05.03 17:11:04 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2012.05.03 17:11:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2012.02.16 21:10:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.28 11:31:42 | 000,000,579 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\cookies.ini [2011.05.13 12:55:56 | 000,045,843 | ---- | C] () -- C:\WINDOWS\CSTBox.INI [2011.04.10 10:23:38 | 000,000,720 | ---- | C] () -- C:\WINDOWS\wiso.ini [2011.03.12 10:54:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2011.02.08 12:36:53 | 000,000,523 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\prefsdb.dat [2010.12.17 21:16:57 | 000,000,235 | ---- | C] () -- C:\WINDOWS\cncscore.ini [2010.12.07 20:30:04 | 000,000,516 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2010.12.02 20:03:40 | 000,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini [2010.10.25 10:32:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}.ini [2010.10.25 10:20:09 | 000,000,220 | ---- | C] () -- C:\WINDOWS\{79A64F98-1796-4FA2-B5FF-C90F83D8BACD}.ini [2010.09.28 18:33:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini [2010.08.21 16:55:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2010.08.03 11:49:03 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2010.08.01 20:00:13 | 000,046,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.06.20 17:43:39 | 000,000,036 | -H-- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\swk.ini [2010.06.19 10:38:33 | 000,005,090 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\drctchbl.xvi [2010.06.19 10:38:27 | 000,005,005 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xqkcebzs.dik ========== LOP Check ========== [2012.03.22 21:50:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2011.07.16 22:10:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2011.02.23 12:51:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alawar Stargaze [2011.07.29 20:37:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery [2011.06.18 11:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games [2011.04.10 10:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2011.09.07 19:02:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cadsoft [2010.05.12 22:20:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.12.26 22:28:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Casual Arts [2012.03.19 10:53:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular [2011.02.18 22:36:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Exorcist DS [2011.02.04 11:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flood Light Games [2010.12.29 21:25:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Floodlight Games [2010.08.03 11:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FloodLightGames [2011.04.10 19:01:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN [2011.02.05 12:20:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gogii [2011.03.16 11:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Green Clover Games [2010.08.11 21:07:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM [2010.08.11 21:02:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail [2010.06.06 15:54:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2011.02.08 09:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium [2010.12.22 19:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Licenses [2011.07.29 20:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2011.03.14 22:38:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo [2010.11.06 15:52:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia [2010.10.20 20:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache [2010.08.04 14:14:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Novatel Wireless [2010.04.20 21:05:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache [2010.11.07 20:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2011.04.08 21:19:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst [2010.12.23 22:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft [2012.02.05 20:20:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanAppDataDir [2010.12.07 20:30:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SSScanWizard [2011.05.11 21:39:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2011.11.18 23:31:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp [2011.01.09 13:36:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TomTom [2010.11.04 21:41:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2011.04.14 20:53:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Venus DS [2010.10.28 20:07:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone [2011.11.27 23:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VTech [2010.07.28 21:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.02.20 10:36:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\2monkeys [2011.07.16 22:10:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ACD Systems [2010.12.29 21:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Aerohills [2011.12.14 12:20:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon [2010.08.04 22:34:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Artogon [2011.04.13 21:25:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\avidemux [2011.01.01 22:57:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Big Fish Games [2011.03.15 22:04:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Boomzap [2011.04.10 10:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Buhl Data Service [2010.05.12 22:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canneverbe Limited [2012.06.03 18:56:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Canon [2011.02.18 15:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\casanova [2010.12.26 22:28:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Casual Arts [2010.12.03 17:28:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\cerasus.media [2011.01.10 13:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Clickteam [2010.11.22 12:02:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft [2012.03.19 10:54:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\elsterformular [2010.12.22 19:22:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Engelmann Media [2011.05.02 19:59:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ERS Game Studios [2011.02.25 12:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Fabulous Finds [2011.02.04 11:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Flood Light Games [2010.12.29 21:25:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Floodlight Games [2010.08.03 11:48:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FloodLightGames [2012.05.03 17:11:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FreePDF [2011.02.16 12:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Freeze Tag [2011.03.02 09:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Friday's games [2011.03.25 21:46:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Frogwares [2011.04.29 21:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GameMill Entertainment [2011.04.27 16:47:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\GARMIN [2011.03.16 11:05:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Green Clover Games [2012.05.13 19:29:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0 [2011.12.21 18:18:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IGC [2011.02.25 12:02:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InImages [2011.07.29 20:58:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MAGIX [2011.04.08 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mystery of Mortlake Mansion [2010.11.16 12:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia [2010.11.06 16:07:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Nokia Ovi Suite [2010.04.21 21:46:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org [2010.04.20 19:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Opera [2010.11.17 18:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PC Suite [2011.02.08 12:37:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\perfect future studio [2011.04.08 21:19:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PlayFirst [2011.02.05 00:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Playrix Entertainment [2010.12.07 20:30:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft [2011.02.28 21:22:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skunk Studios [2011.03.18 23:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TikisLab [2011.01.09 13:35:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TomTom [2010.11.04 21:42:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software [2011.03.02 20:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\VendelGAMES [2010.08.04 13:12:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Vodafone [2011.01.15 12:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Vodafone Mobile Connect [2012.06.12 21:00:00 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job [2012.06.12 18:50:22 | 000,000,328 | ---- | M] () -- C:\WINDOWS\Tasks\Jqissvvoup.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EBCF5924 @Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:40EE25BB @Alternate Data Stream - 142 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:386B39C3 @Alternate Data Stream - 141 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:609CAC7C @Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:864881BF @Alternate Data Stream - 140 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:79875988 @Alternate Data Stream - 139 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:59465B40 @Alternate Data Stream - 138 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:CAC06C34 @Alternate Data Stream - 138 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8B4B9596 @Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4A448DB2 @Alternate Data Stream - 137 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:2AE74FF9 @Alternate Data Stream - 136 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:488F7244 @Alternate Data Stream - 135 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F8F070C2 @Alternate Data Stream - 133 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C0893153 @Alternate Data Stream - 132 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:596E2371 @Alternate Data Stream - 130 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B3196E8D @Alternate Data Stream - 126 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8F6FBE7F @Alternate Data Stream - 122 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:4DDE401B @Alternate Data Stream - 119 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:29F0CA7D < End of report > ...und Extras.txt:OTL Logfile: Code:
ATTFilter
Code:Alles kopierenAlles auswählenLarusso Modus
OTL Extras logfile created on: 12.06.2012 21:50:05 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 76,77% Memory free
2,21 Gb Paging File | 1,80 Gb Available in Paging File | 81,67% Paging File free
Paging file location(s): C:\pagefile.sys 372 744 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 37,25 Gb Total Space | 4,60 Gb Free Space | 12,34% Space Free | Partition Type: NTFS
Computer Name: *** | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" = C:\Programme\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite 2 -- (Nokia)
"C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Programme\Gemeinsame Dateien\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Programme\Microsoft LifeCam\LifeCam.exe" = C:\Programme\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Programme\Microsoft LifeCam\LifeExp.exe" = C:\Programme\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe" = C:\Programme\VTech\DownloadManager\System\AgentMonitor.exe:*:Disabled:Vtech local server -- ()
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B224158-8E54-4D70-B298-E2C9C9DF7437}" = DesignPro Ordner Software
"{0B381C46-0E05-4929-BD29-19CCA52A7F46}" = Brother HL-2030
"{143FB15C-0C48-41E3-9C30-F56FB69BF3D7}" = Canon CanoScan Toolbox 4.5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45DF6D99-666D-41FA-8D62-0E183B6240F3}" = PC Connectivity Solution
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{749A1EDD-16C2-4C63-B013-D38F0F953973}" = OviMPlatform
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
"{7D542452-84EB-47C0-97BA-735C523AB555}" = Garmin Training Center
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8112C6B3-91E1-4560-8AB9-876DADFA37C5}" = Ovi Desktop Sync Engine
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.4.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8675339C-128C-44DD-83BF-0A5D6ABD8297}" = System Update
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8D37EF28-C603-41DE-843F-300C5EF8FD82}" = BILD-Steuer 2012
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0000-0000-0000000FF1CE}" = Microsoft Office PowerPoint 2007
"{90120000-0018-0000-0000-0000000FF1CE}_POWERPOINT_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_POWERPOINT_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{90120000-001A-0000-0000-0000000FF1CE}_OUTLOOK_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_OUTLOOK_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_WORD_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_EXCEL_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OUTLOOK_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_POWERPOINT_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_WORD_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_EXCEL_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOK_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_POWERPOINT_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_WORD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_EXCEL_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOK_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_POWERPOINT_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_WORD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_EXCEL_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OUTLOOK_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_POWERPOINT_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_WORD_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_EXCEL_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OUTLOOK_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_POWERPOINT_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_WORD_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91252C0A-59F9-42F9-9181-B9CC74F592C0}" = Vodafone Mobile Connect
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B0414A3B-3AE3-47B8-8FC0-2129781FF425}" = t@x 2011
"{B8B4446F-87E1-4423-A47A-16832C24A199}" = Nokia Ovi Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C89AF1D9-A501-4AA5-9E44-9753D0F92347}" = Kidizoom® Pro & Plus
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}" = MSXML 6.0 Parser
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE5B5B24-EEFC-4C8B-BF8B-256D705BAD89}" = Nokia Ovi Suite Software Updater
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Ashampoo Snap 3_is1" = Ashampoo Snap 3.50
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = ThinkPad Integrated 56K Modem
"ElsterFormular 13.1.1.8479p" = ElsterFormular
"EXCEL" = Microsoft Office Excel 2007
"FreePDF_XP" = FreePDF (Remove only)
"ie8" = Windows Internet Explorer 8
"InstallShield_{0B224158-8E54-4D70-B298-E2C9C9DF7437}" = DesignPro Ordner Software
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mr7910_1ffef370f39864f3aaa62219d434ae06b02b70ab" = Windows-Treiberpaket - (mr7910) Image 08/08/2006 1.4.0.0
"Nokia Ovi Suite" = Nokia Ovi Suite
"OUTLOOK" = Microsoft Office Outlook 2007
"Power Management Driver" = ThinkPad Power Management Driver
"POWERPOINT" = Microsoft Office PowerPoint 2007
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SuperSpamKiller" = SuperSpamKiller 2.20
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TomTom HOME" = TomTom HOME 2.8.3.2499
"VTechDownloadManager" = VTech Download Manager
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WORD" = Microsoft Office Word 2007
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2012 12:43:31 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 02.06.2012 12:44:20 | Computer Name = *** | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 03.06.2012 05:27:15 | Computer Name = *** | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 03.06.2012 06:53:35 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 03.06.2012 06:53:35 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 07.06.2012 06:38:51 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 07.06.2012 06:38:51 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
Error - 07.06.2012 12:30:11 | Computer Name = *** | Source = VMCService | ID = 0
Description = GetProcessOwner
Error - 11.06.2012 14:02:57 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053
Error - 11.06.2012 14:02:57 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10053 (Eine bestehende Verbindung wurde
softwaregesteuert durch den Hostcomputer abgebrochen.)
[ OSession Events ]
Error - 20.08.2010 14:17:55 | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1020
seconds with 420 seconds of active time. This session ended with a crash.
Error - 23.08.2010 02:54:29 | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 330
seconds with 60 seconds of active time. This session ended with a crash.
Error - 24.08.2010 12:02:32 | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 287
seconds with 60 seconds of active time. This session ended with a crash.
Error - 30.08.2010 05:29:34 | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 93
seconds with 60 seconds of active time. This session ended with a crash.
Error - 03.09.2010 12:52:39 | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1298
seconds with 300 seconds of active time. This session ended with a crash.
Error - 05.11.2010 13:32:27 | Computer Name = CHANGEME | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 143
seconds with 60 seconds of active time. This session ended with a crash.
Error - 13.02.2011 16:47:23 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 373
seconds with 120 seconds of active time. This session ended with a crash.
Error - 18.07.2011 07:56:25 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 216
seconds with 60 seconds of active time. This session ended with a crash.
Error - 18.11.2011 17:12:50 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27
seconds with 0 seconds of active time. This session ended with a crash.
Error - 02.04.2012 07:31:58 | Computer Name = *** | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 157
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 10.06.2012 12:46:03 | Computer Name = *** | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 10.06.2012 12:46:03 | Computer Name = *** | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 10.06.2012 12:46:03 | Computer Name = *** | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 10.06.2012 12:47:28 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-S USB BOX" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 11.06.2012 14:02:31 | Computer Name = *** | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 11.06.2012 14:02:31 | Computer Name = *** | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 11.06.2012 14:02:31 | Computer Name = *** | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 11.06.2012 14:02:31 | Computer Name = *** | Source = Cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
Error - 11.06.2012 14:03:55 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-S USB BOX" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 12.06.2012 12:51:52 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DVB-S USB BOX" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
[ TuneUp Events ]
Error - 23.12.2010 17:39:55 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-23 22:39:55', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\xnnltqf.exe','1140',0)
Error - 23.12.2010 17:39:55 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-23 22:39:55', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\xnnltqf.exe','2464',0)
Error - 23.12.2010 17:40:15 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-23 22:40:15', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\escape from frankensteins castle.exe','2168',0)
Error - 23.12.2010 17:40:15 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-23 22:40:15', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\escape from frankensteins castle.exe','2760',0)
Error - 29.12.2010 15:45:18 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-29 20:45:18', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\xnnltqf.exe','4848',0)
Error - 29.12.2010 15:45:23 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-29 20:45:23', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\escape from frankensteins castle.exe','4772',0)
Error - 29.12.2010 15:45:23 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-29 20:45:23', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\escape from frankensteins castle.exe','5300',0)
Error - 30.12.2010 17:18:57 | Computer Name = *** | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-12-30 22:18:57', '\device\harddiskvolume1\programme\escape
from frankenstein's castle\escape from frankensteins castle.exe','6392',0)
< End of report >
So, hier nun noch die Gmer.txt : GMER Logfile: Code:
ATTFilter
Code:Alles kopierenAlles auswählenLarusso Modus
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-13 21:34:29
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK4026GAX_RoHS rev.PA107E
Running: mmh45g4g.exe; Driver: C:\DOKUME~1\FAMILI~1\LOKALE~1\Temp\awtiikog.sys
---- System - GMER 1.0.15 ----
SSDT B9F023E4 ZwClose
SSDT B9F0239E ZwCreateKey
SSDT B9F023EE ZwCreateSection
SSDT B9F02394 ZwCreateThread
SSDT B9F023A3 ZwDeleteKey
SSDT B9F023AD ZwDeleteValueKey
SSDT B9F023DF ZwDuplicateObject
SSDT B9F023B2 ZwLoadKey
SSDT B9F02380 ZwOpenProcess
SSDT B9F02385 ZwOpenThread
SSDT B9F023BC ZwReplaceKey
SSDT B9F023B7 ZwRestoreKey
SSDT B9F023F3 ZwSetContextThread
SSDT B9F023A8 ZwSetValueKey
SSDT B9F0238F ZwTerminateProcess
---- User code sections - GMER 1.0.15 ----
.text C:\programme\real\realplayer\update\realsched.exe[3172] kernel32.dll!SetUnhandledExceptionFilter 7C844935 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a572ff1
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a572ff1@c8979f0a366d 0x06 0xC5 0x3A 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a572ff1@001e3a9545f4 0x98 0xB0 0xE3 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a572ff1@ac7289bf3037 0x6D 0x71 0xE8 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a572ff1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a572ff1@c8979f0a366d 0x06 0xC5 0x3A 0xC2 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a572ff1@001e3a9545f4 0x98 0xB0 0xE3 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000a3a572ff1@ac7289bf3037 0x6D 0x71 0xE8 0xA4 ...
---- EOF - GMER 1.0.15 ----
...ich hoffe ihr könnt mir mit diesen Dateien helfen! Gruß, goliver |
|
15.06.2012, 19:24
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Suche mit google wird nicht auf das ergebnis geleitet, sondern auf "newsfudge.com" Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
