| |
| |||||||
Log-Analyse und Auswertung: GVU TROJANER mit WebcamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
19.07.2012, 18:48
| #9 |
| |  GVU TROJANER mit WebcamCode:
ATTFilter OTL logfile created on: 10.07.2012 11:08:37 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 502,42 Mb Total Physical Memory | 326,98 Mb Available Physical Memory | 65,08% Memory free 1,20 Gb Paging File | 1,09 Gb Available in Paging File | 90,63% Paging File free Paging file location(s): C:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme Drive C: | 93,15 Gb Total Space | 11,40 Gb Free Space | 12,24% Space Free | Partition Type: NTFS Computer Name: D_ZU_DEM_F | User Name:***| Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\WINXP\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found SRV - (Akamai) -- c:\programme\gemeinsame dateien\akamai/netsession_win_80c2ffa.dll () SRV - (SkypeUpdate) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (MidiSyn) -- system32\drivers\MidiSyn.sys File not found DRV - (lbrtfdc) -- File not found DRV - (InCDRm) -- system32\drivers\InCDRm.sys File not found DRV - (InCDPass) -- system32\drivers\InCDPass.sys File not found DRV - (InCDFs) -- system32\drivers\InCDFs.sys File not found DRV - (i2omgmt) -- File not found DRV - (hwusbdev) -- system32\DRIVERS\ewusbdev.sys File not found DRV - (hwdatacard) -- system32\DRIVERS\ewusbmdm.sys File not found DRV - (Changer) -- File not found DRV - (avipbb) -- C:\WINXP\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINXP\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\WINXP\system32\drivers\avkmgr.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINXP\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINXP\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (PAC7302) -- C:\WINXP\system32\drivers\PAC7302.SYS (PixArt Imaging Inc.) DRV - (w29n51) Intel(R) -- C:\WINXP\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (tifm21) -- C:\WINXP\system32\drivers\tifm21.sys (Texas Instruments) DRV - (FWLANUSB) -- C:\WINXP\system32\drivers\fwlanusb.sys (AVM GmbH) DRV - (ApfiltrService) -- C:\WINXP\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (AgereSoftModem) -- C:\WINXP\system32\drivers\AGRSM.sys (Agere Systems) DRV - (senfilt) -- C:\WINXP\system32\drivers\senfilt.sys (Sensaura) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 2F FA 8F C1 75 CA 01 [binary data] IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - SOFTWARE\Classes\CLSID\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\InprocServer32 File not found IE - HKCU\..\SearchScopes,DefaultScope = {F7C3C8BC-C804-4222-BE6D-F4DDC110EE15} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKCU\..\SearchScopes\{F7C3C8BC-C804-4222-BE6D-F4DDC110EE15}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE" FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.8 FF - prefs.js..extensions.enabledItems: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=efd21f7f-3c89-4ca7-80cc-6ec4a2af9a55&apn_ptnrs=%5EABT&apn_sauid=8BDEAF07-8806-4954-AA63-71BBC6A923EC&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINXP\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINXP\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINXP\system32\01001.053 [2012.06.25 15:23:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.03.26 14:10:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.13 23:11:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINXP\system32\01001.053 [2012.06.25 15:23:34 | 000,000,000 | ---D | M] [2010.01.03 14:45:54 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions [2012.06.08 14:00:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\extensions [2011.09.15 15:57:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.26 13:39:02 | 000,000,000 | ---D | M] (Winload Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2012.01.13 16:51:15 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.11.24 21:25:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.11 09:38:07 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.02.01 15:29:48 | 000,000,881 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\searchplugins\conduit.xml [2011.05.29 01:14:20 | 000,002,289 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\ldjw1dw1.default\searchplugins\ecosia.xml [2012.07.05 14:19:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.10.16 17:31:04 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.11.24 21:48:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} [2011.11.24 21:47:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.06.25 15:23:34 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\WINXP\SYSTEM32\01001.053 [2011.11.24 21:47:17 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2010.07.18 12:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.07.18 12:44:14 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.11.24 22:03:27 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml [2010.07.18 12:44:14 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2010.07.18 12:44:14 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2010.07.18 12:44:14 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINXP\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Reader Link Helper) - {1D6A5EE5-2D25-4D81-A94F-F8E694A1BADF} - C:\WINXP\system32\AcroIEHelpe140.dll File not found O2 - BHO: (Adobe PDF Reader Link Helper) - {20C28584-8F10-4D92-987C-0A1008E2435A} - C:\WINXP\system32\AcroIEHelpe150.dll File not found O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll File not found O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVD0.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Programme\Winload\prxtbWin0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVD0.dll File not found O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM) O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PAC7302_Monitor] C:\WINXP\PixArt\Pac7302\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINXP\system32\userinit.exe) - C:\WINXP\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINXP\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.12.05 16:56:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{01bae920-aaea-11df-af39-000e35f53e44}\Shell - "" = AutoRun O33 - MountPoints2\{01bae920-aaea-11df-af39-000e35f53e44}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{01bae920-aaea-11df-af39-000e35f53e44}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{01bae923-aaea-11df-af39-000e35f53e44}\Shell - "" = AutoRun O33 - MountPoints2\{01bae923-aaea-11df-af39-000e35f53e44}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{01bae923-aaea-11df-af39-000e35f53e44}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{261ca09d-999f-11e0-b02d-000e35f53e44}\Shell - "" = AutoRun O33 - MountPoints2\{261ca09d-999f-11e0-b02d-000e35f53e44}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{261ca09d-999f-11e0-b02d-000e35f53e44}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{261ca0a1-999f-11e0-b02d-000e35f53e44}\Shell - "" = AutoRun O33 - MountPoints2\{261ca0a1-999f-11e0-b02d-000e35f53e44}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{261ca0a1-999f-11e0-b02d-000e35f53e44}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{2c6d4c72-5a35-11df-ae6c-000e35f53e44}\Shell - "" = AutoRun O33 - MountPoints2\{2c6d4c72-5a35-11df-ae6c-000e35f53e44}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2c6d4c72-5a35-11df-ae6c-000e35f53e44}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{7641cff7-b0d9-11e0-b030-000e35f53e44}\Shell\AutoRun\command - "" = F:\Windows\bin\ReaderLibrarySetup.exe O33 - MountPoints2\{8d94b661-b6b7-11e0-b031-000e35f53e44}\Shell - "" = AutoRun O33 - MountPoints2\{8d94b661-b6b7-11e0-b031-000e35f53e44}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8d94b661-b6b7-11e0-b031-000e35f53e44}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 360 Days ========== [2012.07.04 20:14:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2012.07.04 20:14:44 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2012.07.04 12:57:32 | 000,000,000 | -HSD | C] -- C:\WINXP\CSC [2012.07.03 21:19:03 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.07.03 14:28:24 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent [2012.07.03 12:59:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.02 12:30:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Lorn - Ask The Dust (2012) [2012.06.25 15:23:34 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01001.053 [2012.06.24 19:59:44 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01001.051 [2012.06.24 13:33:56 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01001.050 [2012.06.20 11:32:33 | 000,000,000 | ---D | C] -- C:\WINXP\System32\UAs [2012.06.20 00:17:12 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01048 [2012.06.17 13:05:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe [2012.06.16 01:49:26 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01044 [2012.06.14 16:43:21 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01043 [2012.06.13 10:35:39 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01042 [2012.06.12 11:30:02 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01041 [2012.06.12 10:18:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\AskToolbar [2012.06.11 23:31:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira [2012.06.11 23:23:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2012.06.11 23:21:53 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com [2012.06.11 23:19:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\ssmdrv.sys [2012.06.11 23:19:44 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\avipbb.sys [2012.06.11 23:19:44 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINXP\System32\drivers\avkmgr.sys [2012.06.11 23:19:16 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2012.06.11 23:19:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2012.06.09 11:50:56 | 000,000,000 | ---D | C] -- C:\WINXP\System32\01040 [2012.06.09 10:30:54 | 000,000,000 | ---D | C] -- C:\WINXP\System32\xmldm [2012.06.09 10:30:53 | 000,000,000 | ---D | C] -- C:\WINXP\System32\kock [2012.06.05 12:45:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype [2012.06.05 12:45:45 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype [2012.04.04 14:13:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Facebook [2012.03.17 12:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Dokumente [2012.01.21 17:47:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CyberLink [2012.01.21 17:43:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Youcam [2012.01.21 17:40:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\CyberLink YouCam [2012.01.21 17:37:48 | 000,000,000 | ---D | C] -- C:\Programme\CyberLink [2012.01.21 15:32:23 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder [2012.01.18 11:47:06 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Eigene Videos [2012.01.13 17:07:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\My Videos [2012.01.13 16:51:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers [2012.01.13 16:49:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft [2012.01.07 17:11:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\EP D [2012.01.04 13:11:08 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl [2011.12.21 10:59:29 | 000,000,000 | ---D | C] -- C:\WINXP\Sun [2011.12.20 13:35:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\DivX Movies [2011.12.16 12:30:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FILSHtray [2011.12.16 12:30:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\FILSH_Media_GmbH [2011.12.07 16:30:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Dfacto Ordner [2011.12.02 21:13:53 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.11.25 14:59:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com [2011.11.24 22:03:15 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com [2011.11.24 21:56:52 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader [2011.11.24 21:49:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun [2011.11.24 21:49:12 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2011.11.24 21:48:01 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javacpl.cpl [2011.11.24 21:48:00 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\deployJava1.dll [2011.11.24 21:48:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaws.exe [2011.11.24 21:47:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaw.exe [2011.11.24 21:47:59 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINXP\System32\java.exe [2011.11.24 21:46:48 | 000,000,000 | ---D | C] -- C:\Programme\Java [2011.11.24 21:45:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun [2011.11.24 21:13:35 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mstee.sys [2011.11.24 21:13:25 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ndisip.sys [2011.11.24 21:13:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ipsink.ax [2011.11.24 21:13:21 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ipsink.ax [2011.11.24 21:13:21 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\streamip.sys [2011.11.24 21:13:17 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\slip.sys [2011.11.24 21:13:11 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wstcodec.sys [2011.11.24 21:13:04 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\nabtsfec.sys [2011.11.24 21:12:57 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ccdecode.sys [2011.11.24 21:12:33 | 000,000,000 | ---D | C] -- C:\WINXP\PixArt [2011.11.24 21:12:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\vidcap.ax [2011.11.24 21:12:28 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\vidcap.ax [2011.11.24 21:12:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\vfwwdm32.dll [2011.11.24 21:12:27 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\vfwwdm32.dll [2011.11.24 21:12:26 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\kswdmcap.ax [2011.11.24 21:12:26 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\kswdmcap.ax [2011.11.24 21:12:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\kstvtune.ax [2011.11.24 21:12:26 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\kstvtune.ax [2011.11.24 21:12:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ksxbar.ax [2011.11.24 21:12:26 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ksxbar.ax [2011.11.24 20:24:13 | 000,457,856 | ---- | C] (PixArt Imaging Inc.) -- C:\WINXP\System32\drivers\PAC7302.SYS [2011.11.24 20:24:12 | 000,006,656 | ---- | C] (PixArt Imaging Inc.) -- C:\WINXP\System32\CoInst.dll [2011.11.24 20:24:09 | 000,129,024 | ---- | C] (PixArt Imaging Incorporation) -- C:\WINXP\System32\SP7302.AX [2011.11.24 20:24:08 | 000,000,000 | ---D | C] -- C:\Programme\Trust [2011.11.24 20:24:07 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\WINXP\AMCap.exe [2011.11.24 20:24:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Trust [2011.11.24 20:23:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InstallShield [2011.11.13 15:40:38 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\mdimon.dll [2011.11.13 15:40:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office [2011.11.13 15:39:20 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER [2011.11.13 15:38:49 | 000,000,000 | ---D | C] -- C:\WINXP\SHELLNEW [2011.11.13 15:38:44 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET [2011.11.13 15:34:24 | 000,000,000 | RH-D | C] -- C:\MSOCache [2011.11.04 04:06:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai [2011.10.16 17:30:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype [2011.10.16 17:29:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype [2011.10.14 14:54:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office [2011.10.14 14:53:41 | 000,000,000 | ---D | C] -- C:\Programme\MSECache [2011.09.23 22:22:25 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\set1 Project [2011.09.20 18:51:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton [2011.09.20 18:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Ableton [2011.09.20 18:51:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ableton [2011.09.20 18:49:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ableton [2011.09.20 18:49:35 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINXP\System32\ReWire.dll [2011.09.20 18:49:35 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\WINXP\System32\REX Shared Library.dll [2011.09.20 18:45:18 | 000,000,000 | ---D | C] -- C:\Programme\Ableton [2011.09.18 21:45:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\a-s80188 [2011.09.15 23:26:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik [2011.09.10 13:37:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\InterActual [2011.09.10 13:37:40 | 000,000,000 | ---D | C] -- C:\Program Files [2011.07.19 18:04:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\kinoma [3 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] ========== Files - Modified Within 360 Days ========== [2012.07.10 11:04:00 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.07.10 10:52:28 | 000,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl [2012.07.10 10:44:19 | 000,001,324 | ---- | M] () -- C:\WINXP\System32\d3d9caps.dat [2012.07.10 10:04:52 | 000,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat [2012.07.09 23:42:08 | 000,000,228 | ---- | M] () -- C:\WINXP\tasks\Scheduled Update for Ask Toolbar.job [2012.07.09 23:39:17 | 000,000,434 | -H-- | M] () -- C:\WINXP\tasks\User_Feed_Synchronization-{0198E7F4-9741-4894-9748-952895806446}.job [2012.07.04 00:38:27 | 004,503,728 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\l_u0_0.pad [2012.07.03 18:19:18 | 277,448,704 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\kav_rescue_10.iso [2012.07.03 10:07:34 | 000,000,116 | ---- | M] () -- C:\WINXP\NeroDigital.ini [2012.07.02 11:51:16 | 000,001,600 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ctfmon.lnk [2012.06.25 22:10:11 | 000,000,032 | ---- | M] () -- C:\WINXP\System32\blckdom.res [2012.06.11 23:23:38 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wucltui.dll [2012.06.02 15:19:38 | 000,329,240 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wucltui.dll [2012.06.02 15:19:38 | 000,219,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wuaucpl.cpl [2012.06.02 15:19:38 | 000,210,968 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wuweb.dll [2012.06.02 15:19:38 | 000,015,896 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wuapi.dll.mui [2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\cdm.dll [2012.06.02 15:19:34 | 000,097,304 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\cdm.dll [2012.06.02 15:19:34 | 000,053,784 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wuauclt.exe [2012.06.02 15:19:34 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wups2.dll [2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wups.dll [2012.06.02 15:19:34 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wups.dll [2012.06.02 15:19:28 | 000,023,576 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wucltui.dll.mui [2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wuapi.dll [2012.06.02 15:19:24 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wuapi.dll [2012.06.02 15:19:18 | 001,933,848 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wuaueng.dll [2012.06.02 15:18:58 | 000,275,696 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\mucltui.dll [2012.06.02 15:18:58 | 000,018,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\mucltui.dll.mui [2012.05.22 11:31:11 | 000,099,840 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\WINXP\System32\drivers\avipbb.sys [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\WINXP\System32\drivers\avgntflt.sys [2012.04.21 08:04:22 | 000,435,594 | ---- | M] () -- C:\WINXP\System32\perfh009.dat [2012.04.21 08:04:21 | 000,452,480 | ---- | M] () -- C:\WINXP\System32\perfh007.dat [2012.04.21 08:04:21 | 000,081,498 | ---- | M] () -- C:\WINXP\System32\perfc007.dat [2012.04.21 08:04:21 | 000,068,490 | ---- | M] () -- C:\WINXP\System32\perfc009.dat [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINXP\System32\drivers\avkmgr.sys [2012.02.16 23:55:57 | 000,921,632 | ---- | M] () -- C:\PA7302.DAT [2012.01.15 14:08:06 | 003,572,896 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT [2012.01.11 09:34:03 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINXP\System32\FlashPlayerCPLApp.cpl [2011.12.02 22:02:14 | 000,023,392 | ---- | M] () -- C:\WINXP\System32\nscompat.tlb [2011.12.02 22:02:14 | 000,016,832 | ---- | M] () -- C:\WINXP\System32\amcompat.tlb [2011.11.25 23:57:03 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\winsrv.dll [2011.11.25 23:57:03 | 000,293,888 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\winsrv.dll [2011.11.24 21:47:14 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaws.exe [2011.11.24 21:47:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javaw.exe [2011.11.24 21:47:13 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\java.exe [2011.11.24 21:47:13 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\javacpl.cpl [2011.11.24 21:47:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINXP\System32\deployJava1.dll [2011.11.23 16:39:21 | 001,868,672 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\win32k.sys [2011.11.23 16:39:21 | 001,868,672 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\win32k.sys [2011.11.20 08:12:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\packager.exe [2011.11.20 08:12:19 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\packager.exe [2011.11.13 15:40:41 | 000,000,394 | ---- | M] () -- C:\WINXP\ODBC.INI [2011.11.05 15:12:24 | 011,083,776 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ieframe.dll [2011.11.04 21:12:26 | 001,214,464 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\urlmon.dll [2011.11.04 21:12:26 | 000,919,552 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\wininet.dll [2011.11.04 21:12:26 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\mstime.dll [2011.11.04 21:12:26 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mstime.dll [2011.11.04 21:12:26 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\occache.dll [2011.11.04 21:12:26 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\url.dll [2011.11.04 21:12:26 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\url.dll [2011.11.04 21:12:25 | 005,978,624 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mshtml.dll [2011.11.04 21:12:25 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\msfeeds.dll [2011.11.04 21:12:25 | 000,602,112 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\msfeeds.dll [2011.11.04 21:12:25 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mshtmled.dll [2011.11.04 21:12:25 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\msfeedsbs.dll [2011.11.04 21:12:25 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\msfeedsbs.dll [2011.11.04 21:12:24 | 002,001,408 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\iertutil.dll [2011.11.04 21:12:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\inetcpl.cpl [2011.11.04 21:12:24 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\inetcpl.cpl [2011.11.04 21:12:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\iepeers.dll [2011.11.04 21:12:24 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\iepeers.dll [2011.11.04 21:12:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\licmgr10.dll [2011.11.04 21:12:24 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\licmgr10.dll [2011.11.04 21:12:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\jsproxy.dll [2011.11.04 21:12:24 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\jsproxy.dll [2011.11.04 21:12:22 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\iedvtool.dll [2011.11.04 21:12:22 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\iedkcs32.dll [2011.11.04 21:12:22 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\iedkcs32.dll [2011.11.03 17:27:26 | 001,297,920 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\quartz.dll [2011.11.03 17:27:26 | 000,387,072 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\qdvd.dll [2011.11.01 18:07:05 | 001,288,704 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ole32.dll [2011.10.28 07:31:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\csrsrv.dll [2011.10.28 07:31:46 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\csrsrv.dll [2011.10.26 12:49:08 | 002,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\ntoskrnl.exe [2011.10.26 12:49:08 | 002,195,072 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntoskrnl.exe [2011.10.26 12:49:08 | 002,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\ntkrnlpa.exe [2011.10.26 12:49:08 | 002,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntkrnlpa.exe [2011.10.26 12:49:05 | 002,151,424 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntkrnlmp.exe [2011.10.26 12:49:05 | 002,029,568 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ntkrpamp.exe [2011.10.25 19:07:50 | 000,000,151 | ---- | M] () -- C:\WINXP\PhotoSnapViewer.INI [2011.10.25 14:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\ie4uinit.exe [2011.10.25 14:01:19 | 000,174,080 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\ie4uinit.exe [2011.10.25 14:01:01 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\html.iec [2011.10.25 13:18:47 | 000,000,017 | ---- | M] () -- C:\WINXP\Missing.ini [2011.10.18 13:13:23 | 000,186,880 | ---- | M] () -- C:\WINXP\System32\dllcache\encdec.dll [2011.10.14 16:47:27 | 000,178,176 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\winmm.dll [2011.10.14 16:47:27 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\mciseq.dll [2011.10.14 16:47:27 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\mciseq.dll [2011.10.10 16:21:13 | 000,692,736 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\inetcomm.dll [2011.09.28 09:06:43 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\crypt32.dll [2011.09.26 12:41:54 | 000,614,912 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\uiautomationcore.dll [2011.09.26 12:41:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\oleaccrc.dll [2011.09.26 12:41:54 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\oleaccrc.dll [2011.09.26 12:41:20 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\oleacc.dll [2011.09.10 13:39:03 | 000,000,000 | ---- | M] () -- C:\WINXP\iPlayer.INI [2011.08.17 15:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\dllcache\afd.sys [2011.08.12 14:51:24 | 000,026,488 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\spupdsvc.exe [2011.08.12 14:51:24 | 000,018,808 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\spmsg.dll [3 C:\WINXP\System32\*.tmp files -> C:\WINXP\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.10 11:04:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable [2012.07.03 18:43:56 | 277,448,704 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\kav_rescue_10.iso [2012.07.02 11:51:15 | 000,001,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\ctfmon.lnk [2012.07.02 11:51:11 | 004,503,728 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\l_u0_0.pad [2012.06.11 23:23:38 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2012.06.11 23:22:50 | 000,000,228 | ---- | C] () -- C:\WINXP\tasks\Scheduled Update for Ask Toolbar.job [2012.06.09 10:31:14 | 000,000,032 | ---- | C] () -- C:\WINXP\System32\blckdom.res [2012.03.07 09:18:25 | 000,002,333 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader 9.lnk [2012.02.16 23:55:56 | 000,921,632 | ---- | C] () -- C:\PA7302.DAT [2011.12.02 22:02:14 | 000,023,392 | ---- | C] () -- C:\WINXP\System32\nscompat.tlb [2011.12.02 22:02:14 | 000,016,832 | ---- | C] () -- C:\WINXP\System32\amcompat.tlb [2011.12.02 22:01:55 | 000,000,764 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Windows Media Player.lnk [2011.11.24 20:24:10 | 000,000,566 | ---- | C] () -- C:\WINXP\System32\SP7302.INI [2011.11.13 15:40:41 | 000,000,394 | ---- | C] () -- C:\WINXP\ODBC.INI [2011.10.25 19:07:49 | 000,000,151 | ---- | C] () -- C:\WINXP\PhotoSnapViewer.INI [2011.10.14 14:54:31 | 000,002,034 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Word Viewer 2003.lnk [2011.09.10 13:39:03 | 000,000,000 | ---- | C] () -- C:\WINXP\iPlayer.INI [2011.05.30 17:08:17 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\d [2010.08.04 14:53:40 | 000,004,110 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\xqkcebzs.dik [2009.12.07 15:47:18 | 000,099,840 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== LOP Check ========== [2011.09.20 18:51:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton [2010.08.04 15:02:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound [2010.10.05 19:53:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2011.09.20 18:51:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Ableton [2012.07.03 01:48:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Audacity [2012.01.13 16:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft [2012.01.13 16:51:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.11.25 14:59:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com [2010.11.06 00:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LowRateVoip [2010.08.08 20:14:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\NCH Swift Sound [2010.12.30 21:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PriceGong [2010.08.04 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Recordpad [2009.12.20 06:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Uniblue [2012.07.09 23:42:08 | 000,000,228 | ---- | M] () -- C:\WINXP\Tasks\Scheduled Update for Ask Toolbar.job [2012.07.09 23:39:17 | 000,000,434 | -H-- | M] () -- C:\WINXP\Tasks\User_Feed_Synchronization-{0198E7F4-9741-4894-9748-952895806446}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 10.07.2012 11:08:37 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
502,42 Mb Total Physical Memory | 326,98 Mb Available Physical Memory | 65,08% Memory free
1,20 Gb Paging File | 1,09 Gb Available in Paging File | 90,63% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 11,40 Gb Free Space | 12,24% Space Free | Partition Type: NTFS
Computer Name: D_ZU_DEM_F | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\LowRateVoip.com\LowRateVoip\LowRateVoip.exe" = C:\Programme\LowRateVoip.com\LowRateVoip\LowRateVoip.exe:*:Enabled:LowRateVoip
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth
"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:netsession_win -- (Akamai Technologies, Inc)
"C:\WINXP\system32\dpvsetup.exe" = C:\WINXP\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINXP\system32\java.exe" = C:\WINXP\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\David Blawitzki\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Phone\Skype.exe" = C:\Dokumente und Einstellungen\David Blawitzki\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC11667-B4DD-4984-AD0B-B2D4E40AB573}" = 15354 Webcam Live
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6419476A-6230-4646-A2FE-C8860737F2A2}" = Scratch Live 2.1.1 (21122)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"facemoods" = Facemoods Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"iPlayer_1.0" = iPlayer Mass Storage Driver V3.1
"Live 8.0.1" = Live 8.0.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 17:00:22 | Computer Name = D_ZU_DEM_F | Source = Bonjour Service | ID = 100
Description =
Error - 02.07.2012 17:00:22 | Computer Name = D_ZU_DEM_F | Source = Bonjour Service | ID = 100
Description =
Error - 02.07.2012 17:00:22 | Computer Name = D_ZU_DEM_F | Source = Bonjour Service | ID = 100
Description =
Error - 02.07.2012 17:05:05 | Computer Name = D_ZU_DEM_F | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 02.07.2012 17:54:48 | Computer Name = D_ZU_DEM_F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rescue2usb.exe, Version 1.0.0.7, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.07.2012 17:59:08 | Computer Name = D_ZU_DEM_F | Source = Google Update | ID = 20
Description =
Error - 03.07.2012 07:06:11 | Computer Name = D_ZU_DEM_F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SoftwareUpdate.exe, Version 2.1.1.116, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 03.07.2012 10:34:02 | Computer Name = D_ZU_DEM_F | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 03.07.2012 13:02:41 | Computer Name = D_ZU_DEM_F | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 04.07.2012 02:20:12 | Computer Name = D_ZU_DEM_F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.0.3.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 09.07.2012 17:42:53 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:42:54 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:42:56 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:42:58 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:46:31 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 09.07.2012 17:47:24 | Computer Name = D_ZU_DEM_F | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr Fips intelppm ssmdrv
Error - 09.07.2012 20:54:50 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 10.07.2012 04:05:29 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 10.07.2012 04:06:35 | Computer Name = D_ZU_DEM_F | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr Fips intelppm ssmdrv
Error - 10.07.2012 04:52:46 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 10.07.2012 11:08:37 - Run 2
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Dokumente und Einstellungen\***\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
502,42 Mb Total Physical Memory | 326,98 Mb Available Physical Memory | 65,08% Memory free
1,20 Gb Paging File | 1,09 Gb Available in Paging File | 90,63% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Programme
Drive C: | 93,15 Gb Total Space | 11,40 Gb Free Space | 12,24% Space Free | Partition Type: NTFS
Computer Name: D_ZU_DEM_F | User Name: *** | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 360 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\LowRateVoip.com\LowRateVoip\LowRateVoip.exe" = C:\Programme\LowRateVoip.com\LowRateVoip\LowRateVoip.exe:*:Enabled:LowRateVoip
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth
"C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe:*:Enabled:netsession_win -- (Akamai Technologies, Inc)
"C:\WINXP\system32\dpvsetup.exe" = C:\WINXP\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Programme\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINXP\system32\java.exe" = C:\WINXP\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Dokumente und Einstellungen\David Blawitzki\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Phone\Skype.exe" = C:\Dokumente und Einstellungen\David Blawitzki\Anwendungsdaten\U3\1101310EB3018F4C\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AC11667-B4DD-4984-AD0B-B2D4E40AB573}" = 15354 Webcam Live
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6419476A-6230-4646-A2FE-C8860737F2A2}" = Scratch Live 2.1.1 (21122)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = TIPCI
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Akamai" = Akamai NetSession Interface Service
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"facemoods" = Facemoods Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{AD7914E1-6453-4440-AEC7-02C72AD6FE5F}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterActual Player" = InterActual Player
"iPlayer_1.0" = iPlayer Mass Storage Driver V3.1
"Live 8.0.1" = Live 8.0.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Winload Toolbar" = Winload Toolbar
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Akamai" = Akamai NetSession Interface
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.07.2012 17:00:22 | Computer Name = D_ZU_DEM_F | Source = Bonjour Service | ID = 100
Description =
Error - 02.07.2012 17:00:22 | Computer Name = D_ZU_DEM_F | Source = Bonjour Service | ID = 100
Description =
Error - 02.07.2012 17:00:22 | Computer Name = D_ZU_DEM_F | Source = Bonjour Service | ID = 100
Description =
Error - 02.07.2012 17:05:05 | Computer Name = D_ZU_DEM_F | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 02.07.2012 17:54:48 | Computer Name = D_ZU_DEM_F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung rescue2usb.exe, Version 1.0.0.7, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.07.2012 17:59:08 | Computer Name = D_ZU_DEM_F | Source = Google Update | ID = 20
Description =
Error - 03.07.2012 07:06:11 | Computer Name = D_ZU_DEM_F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung SoftwareUpdate.exe, Version 2.1.1.116, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 03.07.2012 10:34:02 | Computer Name = D_ZU_DEM_F | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 03.07.2012 13:02:41 | Computer Name = D_ZU_DEM_F | Source = Avira Antivirus | ID = 4122
Description = Die Datei AvShadow konnte nicht geladen werden. Fehlercode: 0x3e5
Error - 04.07.2012 02:20:12 | Computer Name = D_ZU_DEM_F | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung vlc.exe, Version 1.0.3.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 09.07.2012 17:42:53 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:42:54 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:42:56 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:42:58 | Computer Name = D_ZU_DEM_F | Source = Cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
Error - 09.07.2012 17:46:31 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 09.07.2012 17:47:24 | Computer Name = D_ZU_DEM_F | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr Fips intelppm ssmdrv
Error - 09.07.2012 20:54:50 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 10.07.2012 04:05:29 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 10.07.2012 04:06:35 | Computer Name = D_ZU_DEM_F | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
avipbb avkmgr Fips intelppm ssmdrv
Error - 10.07.2012 04:52:46 | Computer Name = D_ZU_DEM_F | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
< End of report >
Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:04 on 10/07/2012 (***)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
|
| Themen zu GVU TROJANER mit Webcam |
| administrator, aktiv, angemeldet, anhang, anweisung, beseitigen, eingefangen, gen, gesucht, internet, kaspersky, laptop, modus, neue, nichts, problem, profil, reagiert, rescue, seite, taskmanager, trojaner, w-lan, webcam, zugang |
Baum-Darstellung