| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sparkassen 40 TAN TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.08.2010, 17:48
| #1 |
| |  Sparkassen 40 TAN Trojaner Hallo, ich habe den 40TAN Trojaner der Sparkasse. Konto ist bereits gesperrt. Ich habe mehrere externe Festplatten am PC und diese sind teilweise noch partioniert. Reicht es eigentlich nur die System-Partition zu formatieren? Was mache ich mit den ganzen persönlichen Daten (Fotos, Office-Daten, Videos, etc.) Kann ich diese extern sichern oder könnte auch da ein Virus drin sein? Hier die OTL Ergebnisse: AN DIESER STELLE SCHONMAL VIELEN DANK FüR DIE TOLLE UNTERSTÜTZUNG!!!!! OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.08.2010 18:16:09 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 83,24 Gb Total Space | 4,69 Gb Free Space | 5,63% Space Free | Partition Type: NTFS
Drive D: | 97,58 Gb Total Space | 81,07 Gb Free Space | 83,08% Space Free | Partition Type: NTFS
Drive E: | 97,74 Gb Total Space | 51,67 Gb Free Space | 52,86% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 292,97 Gb Total Space | 72,07 Gb Free Space | 24,60% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 23,61 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 270,43 Gb Total Space | 116,76 Gb Free Space | 43,18% Space Free | Partition Type: NTFS
Drive L: | 97,66 Gb Total Space | 1,63 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive N: | 97,66 Gb Total Space | 26,06 Gb Free Space | 26,68% Space Free | Partition Type: NTFS
Drive Z: | 19,52 Gb Total Space | 11,14 Gb Free Space | 57,07% Space Free | Partition Type: FAT32
Computer Name: PROC-PC
Current User Name: Oliver
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe (OldTimer Tools)
PRC - D:\Internet\Programme\Browser\Avant\Avant Browser\ybrowser.exe (Avant Force)
PRC - D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe (Avant Force)
PRC - C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
PRC - C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - D:\Programme\Microsoft\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - D:\Internet\Security\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
PRC - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\AAV\aavus.exe ()
PRC - C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
PRC - D:\Programme\System\Tuning\TuneUp-Trial\MemOptimizer.exe (TuneUp Software GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Brmfrmps.exe (Brother Industries, Ltd.)
PRC - C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
PRC - C:\WINDOWS\system32\brss01a.exe (brother Industries Ltd)
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll (Microsoft Corporation)
MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\framedyn.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (FsUsbExService) -- C:\WINDOWS\system32\FsUsbExService.Exe (Teruten)
SRV - (dgdersvc) -- C:\WINDOWS\system32\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (getPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service) -- D:\Programme\Microsoft\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SRV - (NMIndexingService) -- C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe (Nero AG)
SRV - (WLSetupSvc) -- C:\Programme\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Programme\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Programme\Gemeinsame Dateien\AAV\aavus.exe ()
SRV - (srvcPVR) -- C:\Programme\Sceneo\Bonavista\Services\PVR\pvrservice.exe (Buhl Data Service GmbH)
SRV - (PSI_SVC_2) -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (UPnPService) -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Programme\Home Cinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (FirebirdServerMAGIXInstance) -- D:\Programme\Multimedia\Video\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (brmfrmps) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)
SRV - (Brother XP spl Service) -- C:\WINDOWS\system32\brsvc01a.exe (brother Industries Ltd)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
========== Driver Services (SafeList) ==========
DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys ()
DRV - (dgderdrv) -- C:\WINDOWS\system32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (sscemdm) -- C:\WINDOWS\system32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\WINDOWS\system32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\WINDOWS\system32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (nmwcdnsu) -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys (Nokia)
DRV - (nmwcdnsuc) -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys (Nokia)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (srescan) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys (Zone Labs, LLC)
DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH)
DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)
DRV - (xfilt) -- C:\WINDOWS\system32\DRIVERS\xfilt.sys (VIA Technologies,Inc)
DRV - (videX32) -- C:\WINDOWS\system32\DRIVERS\videX32.sys (VIA Technologies, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.)
DRV - (X10Hid) -- C:\WINDOWS\system32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (XUIF) -- C:\WINDOWS\system32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (MSTAPE) -- C:\WINDOWS\system32\drivers\mstape.sys (Microsoft Corporation)
DRV - (AVCSTRM) -- C:\WINDOWS\system32\drivers\avcstrm.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (BrSerIf) -- C:\WINDOWS\system32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\WINDOWS\system32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrScnUsb) -- C:\WINDOWS\system32\drivers\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation)
DRV - (phil2vid) Philips VGA-Kamera (USB) -- C:\WINDOWS\system32\drivers\philcam2.sys (Microsoft Corporation)
DRV - (ENUM1394) -- C:\WINDOWS\system32\drivers\enum1394.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/?pc=AVBR
IE - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.de/
IE - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://de.yahoo.com/"
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: D:\Programme\Multimedia\Handy\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.31 14:12:38 | 000,000,000 | ---D | M]
[2009.06.01 12:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions
[2009.06.01 12:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Extensions\mozswing@mozswing.org
[2007.01.25 19:32:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla\Firefox\Profiles\3s06528p.default\extensions
O1 HOSTS File: ([2010.08.02 20:27:49 | 000,416,860 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 14390 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Internet\Downloads\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [GrooveMonitor] D:\Programme\Microsoft\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] D:\Programme\Multimedia\Video\Quick Time\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Internet\Security\ZoneAlarm\zlclient.exe (Zone Labs, LLC)
O4 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007..\Run: [{F1227F20-4350-B24C-31A6-3C4B7AD0B072}] C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ebkara\faes.exe File not found
O4 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007..\Run: [SpybotSD TeaTimer] D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007..\Run: [TuneUp MemOptimizer] D:\Programme\System\Tuning\TuneUp-Trial\MemOptimizer.exe (TuneUp Software GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Download by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Windows Live Search - C:\Programme\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - D:\Internet\Downloads\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - D:\Programme\Microsoft\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programme\Microsoft\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Multimedia\PDA\ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\Programme\Multimedia\PDA\ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Programme\System\Tuning\Spy\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {051D0E35-F4E3-4C8D-B411-AB0875F4C683} hxxp://install.anark.com/client/version4/windows-ie/en/AMClient.cab (Anark Client 4.0 ActiveX Control)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?LinkID=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1281438820190 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1281438801831 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} hxxp://static.pe.meinvz.net/photouploader/ImageUploader5.cab?nocache=1208983189 (Image Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader.cab (IPSUploader Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Programme\Microsoft\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2006.09.29 13:36:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Zone Labs, LLC)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - Windows Messenger 5.1
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} - BearShare
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)
========== Files/Folders - Created Within 30 Days ==========
[2010.08.14 17:57:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe
[2010.08.11 10:00:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010.08.11 00:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010.08.11 00:08:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\microsoft
[2010.08.11 00:00:43 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.08.10 13:14:47 | 000,015,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wuapi.dll.mui
[2010.08.09 23:19:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Avira
[2010.07.29 17:31:33 | 000,123,648 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdm.sys
[2010.07.29 17:31:33 | 000,098,560 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscebus.sys
[2010.07.29 17:31:33 | 000,014,848 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscemdfl.sys
[2010.07.29 17:31:33 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecmnt.sys
[2010.07.29 17:31:33 | 000,012,416 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscecm.sys
[2010.07.29 17:31:33 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewhnt.sys
[2010.07.29 17:31:33 | 000,012,288 | ---- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\sscewh.sys
[2010.07.23 10:52:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\SelfMV
[2010.07.23 10:19:15 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Oliver\Recent
[2010.07.18 11:49:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.08.14 18:16:54 | 121,772,064 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010.08.14 18:14:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\tasks\Auf Updates für Windows Live Toolbar prüfen.job
[2010.08.14 17:57:06 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Oliver\Eigene Dateien\OTL-Trojaner.exe
[2010.08.14 17:31:37 | 000,001,212 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1327998448-2116585525-2031262003-1007UA.job
[2010.08.14 17:12:50 | 000,358,383 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.08.14 17:12:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.14 17:10:39 | 000,196,128 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.08.14 17:10:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.14 17:09:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.13 23:57:03 | 018,087,936 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\NTUSER.DAT
[2010.08.13 23:57:02 | 001,439,972 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010.08.13 08:29:00 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1327998448-2116585525-2031262003-1007Core.job
[2010.08.11 14:45:05 | 000,002,455 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Word.lnk
[2010.08.11 09:07:20 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.08.11 08:59:49 | 000,427,000 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.08.11 01:36:52 | 001,079,388 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.11 01:36:52 | 000,479,960 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.08.11 01:36:52 | 000,457,050 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.11 01:36:52 | 000,094,160 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.08.11 01:36:52 | 000,078,164 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.11 01:11:48 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.08.11 00:13:22 | 000,000,693 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.08.09 19:14:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.08.08 18:36:10 | 000,082,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.07 17:39:46 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Oliver\ntuser.ini
[2010.08.07 16:30:16 | 000,002,461 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Excel.lnk
[2010.08.06 17:17:46 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2010.08.06 14:55:16 | 000,002,828 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010.08.06 14:55:06 | 000,000,088 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\85E23DA753.sys
[2010.08.02 20:27:49 | 000,416,860 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.01 21:59:22 | 000,002,301 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\PAINT 11.lnk
[2010.08.01 21:04:11 | 000,000,982 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avant Browser [Private Mode].lnk
[2010.08.01 21:04:11 | 000,000,826 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avant Browser.lnk
[2010.08.01 21:03:07 | 000,002,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\DRAW 11.lnk
[2010.07.31 12:34:45 | 000,002,383 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Google Chrome.lnk
[2010.07.30 09:27:16 | 000,002,559 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Desktop\Outlook.lnk
[2010.07.23 00:01:09 | 000,000,038 | ---- | M] () -- C:\WINDOWS\AviSplitter.INI
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.01 21:04:11 | 000,000,982 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avant Browser [Private Mode].lnk
[2010.07.04 19:42:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.07.04 19:42:38 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.05.25 08:45:24 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010.05.25 08:45:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010.05.25 08:45:24 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010.05.25 08:45:24 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.02.25 20:24:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010.01.18 15:06:07 | 000,004,757 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009.04.23 11:51:09 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.04.23 11:41:10 | 002,067,140 | R--- | C] () -- C:\WINDOWS\System32\avcodec.dll
[2008.11.26 18:05:55 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2008.11.18 10:53:03 | 000,021,904 | ---- | C] () -- C:\WINDOWS\System32\imsinstall_loc0407.dll
[2008.11.18 10:53:03 | 000,017,808 | ---- | C] () -- C:\WINDOWS\System32\imslsp_install_loc0407.dll
[2008.11.18 10:52:45 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008.11.17 13:55:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008.10.14 10:14:17 | 000,066,992 | ---- | C] () -- C:\WINDOWS\System32\Smart.dll
[2008.10.14 10:14:17 | 000,016,637 | ---- | C] () -- C:\WINDOWS\System32\Vantage.dll
[2008.10.07 14:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.08.04 12:57:30 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008.03.06 13:03:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MusicEditor.INI
[2008.03.02 03:05:11 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\146A437136.sys
[2008.02.29 16:17:18 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.02.27 21:05:53 | 000,000,873 | ---- | C] () -- C:\WINDOWS\uninst.ini
[2007.12.12 13:37:38 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2007.10.26 09:35:24 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.26 18:36:10 | 000,000,182 | ---- | C] () -- C:\WINDOWS\VideodeLuxe.INI
[2007.07.04 13:51:41 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll
[2007.06.02 20:22:43 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[2007.05.30 11:34:22 | 000,000,317 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5.INI
[2007.05.17 14:15:22 | 000,000,255 | ---- | C] () -- C:\WINDOWS\tm.ini
[2007.01.22 21:15:14 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007.01.22 21:15:14 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007.01.22 21:15:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2007.01.22 21:14:09 | 000,001,384 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007.01.22 21:14:09 | 000,000,148 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007.01.14 20:05:33 | 000,639,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006.12.31 13:52:31 | 000,000,470 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2006.12.31 13:52:31 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006.12.31 13:52:30 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2006.10.31 14:16:45 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\midas.dll
[2006.10.31 14:16:45 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\UnzDll.dll
[2006.10.27 18:23:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\DMX4ALL.dll
[2006.10.23 11:14:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\CoInstaller7x.dll
[2006.10.23 11:13:03 | 000,295,018 | ---- | C] () -- C:\WINDOWS\System32\Install7x.dll
[2006.10.17 12:28:07 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2006.10.17 12:19:47 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.10.17 12:19:46 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2006.10.16 13:39:55 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.10.16 13:07:13 | 000,000,187 | ---- | C] () -- C:\WINDOWS\WISO.INI
[2006.10.13 17:05:18 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.13 17:05:18 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.13 17:05:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.13 17:05:17 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.10 17:08:56 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006.10.09 14:01:38 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006.10.09 13:55:55 | 000,010,956 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006.10.09 13:55:55 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\EC23ACB85A.sys
[2006.10.09 12:42:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.09.29 14:24:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006.09.29 14:05:58 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006.09.29 13:11:58 | 000,001,256 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006.09.20 08:34:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Buhl.ini
[2005.08.05 14:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005.07.01 13:14:48 | 000,000,966 | ---- | C] () -- C:\WINDOWS\System32\Generic.ini
[2005.07.01 10:38:06 | 000,000,232 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2005.07.01 10:37:46 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[2004.09.28 23:54:30 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004.06.02 05:54:32 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\K8062D.dll
========== LOP Check ==========
[2006.10.23 15:32:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BullGuard
[2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Sonavis
[2008.05.21 15:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2007.01.30 09:24:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2008.01.23 22:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus
[2006.10.16 13:07:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fun communications
[2010.07.04 12:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.01.18 15:22:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2008.03.07 18:34:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2008.11.17 19:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2008.03.02 02:25:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2009.05.02 00:10:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2010.07.04 12:18:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2008.09.02 13:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008.06.04 09:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Resolume 2.4
[2010.07.04 19:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2008.11.06 14:04:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony
[2010.08.09 14:16:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2007.08.26 05:31:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007.05.11 19:07:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\X10 Settings
[2006.10.23 15:32:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BullGuard
[2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Sonavis
[2006.10.23 12:38:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2007.05.17 14:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\AAV
[2008.03.06 13:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Audacity
[2007.01.30 10:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Autodesk
[2008.11.17 12:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Azureus
[2008.11.04 12:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Bookmarks
[2007.01.25 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DataDesign
[2009.06.29 18:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\EasyView
[2007.11.23 16:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant
[2010.01.14 13:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire
[2008.04.18 16:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\MAGIX
[2007.02.27 23:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Neo-Modus.com
[2009.05.02 00:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Nokia
[2010.06.06 21:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Orbit
[2008.02.18 13:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Palettes
[2008.09.02 13:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PC Suite
[2008.11.06 14:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Publish Providers
[2010.07.04 19:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Samsung
[2007.01.22 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\ScanSoft
[2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sonavis
[2008.11.06 14:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sony
[2007.12.03 20:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Template
[2007.08.26 05:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TuneUp Software
[2007.12.18 19:23:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TVcentral-Core
[2010.08.08 03:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ucez
[2007.12.18 19:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\VMedia
[2009.04.11 00:40:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\WEB.DE
[2010.08.06 17:17:46 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2010.08.14 18:14:00 | 000,000,248 | ---- | M] () -- C:\WINDOWS\Tasks\Auf Updates für Windows Live Toolbar prüfen.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2007.05.17 14:15:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\AAV
[2008.01.27 19:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Adobe
[2010.01.28 11:16:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\AdobeUM
[2009.11.19 11:58:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ahead
[2007.06.26 22:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Apple Computer
[2008.03.06 13:03:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Audacity
[2007.01.30 10:09:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Autodesk
[2008.09.02 21:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Avant Profiles
[2010.08.09 23:19:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Avira
[2008.11.17 12:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Azureus
[2008.11.04 12:30:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Bookmarks
[2006.12.31 13:55:23 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Brother
[2009.07.18 11:40:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Corel
[2010.01.30 10:33:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\CyberLink
[2007.01.25 09:08:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DataDesign
[2010.01.14 13:37:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\DivX
[2010.07.21 21:37:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\dvdcss
[2009.06.29 18:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\EasyView
[2007.01.17 01:11:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Google
[2007.11.23 16:35:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant
[2006.10.23 14:39:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Help
[2006.09.29 13:48:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Identities
[2008.03.07 18:29:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\InstallShield
[2007.07.04 13:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ipswitch
[2010.01.14 13:01:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire
[2006.10.16 16:42:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Macromedia
[2008.04.18 16:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\MAGIX
[2008.03.07 18:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Media Player Classic
[2009.07.07 11:35:27 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft
[2009.06.01 12:32:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Mozilla
[2007.02.27 23:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Neo-Modus.com
[2010.01.18 16:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Nero
[2009.05.19 19:46:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\NeroDigital™
[2009.05.02 00:18:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Nokia
[2010.06.06 21:01:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Orbit
[2008.02.18 13:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Palettes
[2008.09.02 13:41:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\PC Suite
[2008.11.06 14:09:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Publish Providers
[2007.04.12 15:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Real
[2010.07.04 19:31:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Samsung
[2007.01.22 21:23:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\ScanSoft
[2010.08.11 09:50:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Skype
[2010.08.11 09:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\skypePM
[2006.10.23 12:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sonavis
[2008.11.06 14:08:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sony
[2006.10.09 11:21:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Sun
[2007.12.03 20:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Template
[2007.08.26 05:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TuneUp Software
[2007.12.18 19:23:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\TVcentral-Core
[2010.08.08 03:04:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Ucez
[2010.08.08 20:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\vlc
[2007.12.18 19:36:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\VMedia
[2009.04.11 00:40:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\WEB.DE
[2008.11.26 15:47:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
[2007.12.07 11:18:50 | 023,813,608 | ---- | M] ( ) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Adobe\Acrobat\7.0\Updater\AdbeRdr709_de_DE.exe
[2007.11.23 16:40:53 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\021ACF16-B511-480C-8452-A9B5B44B16F4\AutoRunCE.exe
[2007.11.23 16:40:53 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\021ACF16-B511-480C-8452-A9B5B44B16F4\1\module.exe
[2007.11.23 16:40:51 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\0CAE36B9-2F53-4D1B-8F5B-CAAF207A9DD8\AutoRunCE.exe
[2007.11.23 16:40:52 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\0CAE36B9-2F53-4D1B-8F5B-CAAF207A9DD8\1\module.exe
[2007.11.23 16:40:36 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\35AA2005-6AA6-4DD0-8574-3F0B68965F6B\AutoRunCE.exe
[2007.11.23 16:40:36 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\35AA2005-6AA6-4DD0-8574-3F0B68965F6B\1\module.exe
[2007.11.23 16:40:42 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\41A38A3C-3AC1-4FB9-B954-86EBE46596F7\AutoRunCE.exe
[2007.11.23 16:40:43 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\41A38A3C-3AC1-4FB9-B954-86EBE46596F7\1\module.exe
[2007.11.23 16:40:33 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\5BFA70DD-3788-4B4B-89EF-385680506BF0\AutoRunCE.exe
[2007.11.23 16:40:33 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\5BFA70DD-3788-4B4B-89EF-385680506BF0\1\module.exe
[2007.11.23 16:40:57 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\7207E74E-7780-4C0C-A5E4-88B4DF03E648\AutoRunCE.exe
[2007.11.23 16:40:58 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\7207E74E-7780-4C0C-A5E4-88B4DF03E648\1\module.exe
[2007.11.23 16:40:26 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\75D73B55-1C14-4EE3-B645-13AC7C8BC51D\AutoRunCE.exe
[2007.11.23 16:40:31 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\75D73B55-1C14-4EE3-B645-13AC7C8BC51D\1\module.exe
[2007.11.23 16:40:48 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\83BF4069-2F63-47C8-9DF2-FE9DABAC2988\AutoRunCE.exe
[2007.11.23 16:40:49 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\83BF4069-2F63-47C8-9DF2-FE9DABAC2988\1\module.exe
[2007.11.23 16:40:39 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\844DBF3E-6170-441B-B095-C5F2AF5400F2\AutoRunCE.exe
[2007.11.23 16:40:39 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\844DBF3E-6170-441B-B095-C5F2AF5400F2\1\module.exe
[2007.11.23 16:40:56 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B02F9D0E-74A3-4FF4-BA55-30AA3FD3CA02\AutoRunCE.exe
[2007.11.23 16:40:57 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B02F9D0E-74A3-4FF4-BA55-30AA3FD3CA02\1\module.exe
[2007.11.23 16:40:45 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B3785413-4608-4294-B928-F4513A5D5954\AutoRunCE.exe
[2007.11.23 16:40:47 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B3785413-4608-4294-B928-F4513A5D5954\1\module.exe
[2007.11.23 16:40:40 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B4F53095-A2D7-4D68-AF6D-C87023E8CC50\AutoRunCE.exe
[2007.11.23 16:40:41 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B4F53095-A2D7-4D68-AF6D-C87023E8CC50\1\module.exe
[2007.11.23 16:40:34 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B522CE8E-FD00-45D1-8320-85CA07663468\AutoRunCE.exe
[2007.11.23 16:40:35 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\B522CE8E-FD00-45D1-8320-85CA07663468\1\module.exe
[2007.11.23 16:40:54 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\C1A59315-E86C-4DD9-9C88-1A9B205B8DAF\AutoRunCE.exe
[2007.11.23 16:40:55 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\C1A59315-E86C-4DD9-9C88-1A9B205B8DAF\1\module.exe
[2007.11.23 16:40:50 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\D3AAE88B-490F-443A-92AE-6A87B426BFB4\AutoRunCE.exe
[2007.11.23 16:40:50 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\D3AAE88B-490F-443A-92AE-6A87B426BFB4\1\module.exe
[2007.11.23 16:40:37 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\DD76F126-F74D-4A9C-BB3D-0128DC139B4D\AutoRunCE.exe
[2007.11.23 16:40:38 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\DD76F126-F74D-4A9C-BB3D-0128DC139B4D\1\module.exe
[2007.11.23 16:40:44 | 000,009,728 | ---- | M] (Elektrobit Automotive GmbH) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\F3F0FE29-ACDE-45DE-8AB3-55F1AD9FA569\AutoRunCE.exe
[2007.11.23 16:40:45 | 000,060,928 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\GoPal Assistant\Library\F3F0FE29-ACDE-45DE-8AB3-55F1AD9FA569\1\module.exe
[2009.06.01 12:32:47 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\crashreporter.exe
[2009.06.01 12:32:48 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\updater.exe
[2009.06.01 12:32:48 | 000,014,848 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpcshell.exe
[2009.06.01 12:32:48 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.06.01 12:32:48 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpidl.exe
[2009.06.01 12:32:48 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.06.01 12:32:48 | 000,014,336 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xpt_link.exe
[2009.06.01 12:32:48 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.06.01 12:32:48 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\LimeWire\browser\xulrunner\xulrunner.exe
[2006.10.16 16:43:16 | 000,839,680 | ---- | M] (Macromedia, Inc.) -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Macromedia\Authorware Web Player\NP32ASW\webplr08\webplr.exe
[2009.07.08 14:43:36 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{BE6F412F-C276-4FD8-B3E1-F996CC172776}\_16496df1.exe
[2009.07.08 14:43:36 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{BE6F412F-C276-4FD8-B3E1-F996CC172776}\_2cd672ae.exe
[2009.07.08 14:43:36 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{BE6F412F-C276-4FD8-B3E1-F996CC172776}\_69525f90.exe
[2009.04.12 16:22:32 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}\_18be6784.exe
[2009.04.12 16:22:32 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}\_294823.exe
[2009.04.12 16:22:32 | 000,003,262 | R--- | M] () -- C:\Dokumente und Einstellungen\Oliver\Anwendungsdaten\Microsoft\Installer\{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}\_4ae13d6c.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
< MD5 for: ATAPI.SYS >
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\atapi.sys
[2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2006.03.24 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\eventlog.dll
[2006.03.24 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2006.03.24 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >
[2006.07.06 06:59:42 | 000,246,784 | ---- | M] (Intel Corporation) MD5=019CF5F31C67030841233C545A0E217A -- C:\WINDOWS\I386\IASTOR.SYS
< MD5 for: NETLOGON.DLL >
[2006.03.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\netlogon.dll
[2006.03.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2006.03.24 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\9a1182b50c9ecbd8bedf4c560755eafc\sp2qfe\netlogon.dll
[2009.02.06 20:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\SoftwareDistribution\Download\c73c85abcd9580c46805ff94bb133fb8\sp2qfe\netlogon.dll
< MD5 for: NVATABUS.SYS >
[2005.01.20 09:45:30 | 000,088,960 | ---- | M] (NVIDIA Corporation) MD5=A1F88223528AADBB6374132BECBBDCC1 -- C:\WINDOWS\I386\NVATABUS.SYS
< MD5 for: SCECLI.DLL >
[2006.03.24 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\scecli.dll
[2006.03.24 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2006.03.24 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\dllcache\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\system32\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
< MD5 for: USERINIT.EXE >
[2006.03.24 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\userinit.exe
[2006.03.24 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2006.03.24 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: VIAMRAID.SYS >
[2006.03.31 02:18:30 | 000,100,992 | ---- | M] (VIA Technologies inc,.ltd) MD5=9F3F276C7300ED211129757A411B605F -- C:\WINDOWS\I386\VIAMRAID.SYS
< MD5 for: WINLOGON.EXE >
[2006.03.24 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\backup\winlogon.exe
[2006.03.24 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2006.03.24 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.03.24 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.03.24 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2007.01.14 20:05:33 | 000,639,224 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2006.09.29 15:22:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006.09.29 15:22:35 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006.09.29 15:22:34 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2010.05.04 19:14:10 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010.05.04 19:14:10 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010.05.04 19:14:14 | 000,192,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
Extra.txt OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.08.2010 18:16:09 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Oliver\Eigene Dateien
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 58,00% Memory free
3,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 83,24 Gb Total Space | 4,69 Gb Free Space | 5,63% Space Free | Partition Type: NTFS
Drive D: | 97,58 Gb Total Space | 81,07 Gb Free Space | 83,08% Space Free | Partition Type: NTFS
Drive E: | 97,74 Gb Total Space | 51,67 Gb Free Space | 52,86% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
Drive G: | 292,97 Gb Total Space | 72,07 Gb Free Space | 24,60% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 23,61 Gb Free Space | 13,66% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive K: | 270,43 Gb Total Space | 116,76 Gb Free Space | 43,18% Space Free | Partition Type: NTFS
Drive L: | 97,66 Gb Total Space | 1,63 Gb Free Space | 1,67% Space Free | Partition Type: NTFS
Drive N: | 97,66 Gb Total Space | 26,06 Gb Free Space | 26,68% Space Free | Partition Type: NTFS
Drive Z: | 19,52 Gb Total Space | 11,14 Gb Free Space | 57,07% Space Free | Partition Type: FAT32
Computer Name: PROC-PC
Current User Name: Oliver
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe (Avant Force)
.url [@ = InternetShortcut] -- D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe (Avant Force)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Programme\Microsoft\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force)
htmlfile [opennew] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force)
htmlfile [print] -- "D:\Programme\Microsoft\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force)
https [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force)
InternetShortcut [open] -- "D:\Internet\Programme\Browser\Avant\Avant Browser\avant.exe" "%1" (Avant Force)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\Multimedia\Video\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotobuch 2008\dm Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [dm Fotowelt] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotobuch 2008\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm Fotowelt.exe] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotowelt\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [dm-Fotowelt] -- "D:\Programme\Multimedia\Foto\DM-Foto\Fotobuch 2008\dm Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CeWe Fotobuch.exe] -- "D:\Programme\Multimedia\Foto\DM-Foto\Mein CeWe Fotobuch\Mein CeWe Fotobuch.exe" "%1" ()
Directory [OneNote.Open] -- D:\PROGRA~1\MICROS~1\MICROS~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\Multimedia\Video\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"94:TCP" = 94:TCP:*:Enabled:VRS Recording System Web Control Panel
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe" = D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)
"D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe" = D:\Programme\Multimedia\PDA\ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe" = D:\Programme\Multimedia\PDA\ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\livecall.exe" = C:\Programme\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"D:\Internet\Downloads\LimeWire\LimeWire.exe" = D:\Internet\Downloads\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"D:\Programme\Microsoft\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Programme\Microsoft\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Programme\Microsoft\Microsoft Office\Office12\GROOVE.EXE" = D:\Programme\Microsoft\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"D:\Programme\Microsoft\Microsoft Office\Office12\ONENOTE.EXE" = D:\Programme\Microsoft\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"D:\Internet\Downloads\Orbitdownloader\orbitdm.exe" = D:\Internet\Downloads\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"D:\Internet\Downloads\Orbitdownloader\orbitnet.exe" = D:\Internet\Downloads\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{08E4F3CE-A34E-4667-8DE9-147249FAE468}" = Mein Geld Professional
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
"{1394842A-A6B5-45EE-9EF5-2854E8DD8740}" = Samsung PC Studio
"{190B4E60-FE37-4B8C-A661-172997347A90}" = Sony Media Manager 2.2
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7F3E8C-956E-445C-BECE-4947D164A0BF}" = Sony Vegas 7.0
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{247A11CA-F5CE-4DD6-85E2-64850E64E064}" = USB2.0 CARD READER
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2792F12C-3515-4D69-8083-B557AF35F06F}" = LightScribe 1.4.89.1
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EC502F7-CBB0-44F8-8F5D-C9A6FC1E5A2A}" = LightScribe System Software
"{2f6a2b22-ab3b-44b6-b583-d8bc8017946b}" = Nero 9 Trial
"{3248F0A8-6813-11D6-A77B-00B0D0150080}" = J2SE Runtime Environment 5.0 Update 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{44A27085-0616-4181-A0C3-81C7ECA17F73}" = CorelDRAW Graphics Suite X4
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4C73B683-B15D-4B94-AC7A-520B70C4FFE9}" = Sceneo Bonavista
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2701.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{580EC579-E476-469F-9EBF-F82D696FC67A}" = iClone SE
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92F88A83-588F-436B-8AF8-293CF4E25B93}" = NetObjects Fusion 11.0
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D1C26BD-E792-4159-9D16-07EA222D8EF0}" = Windows Messenger 5.1
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9e9fdde6-2c26-492a-85a0-05646b3f2795}" = NeroLiveGadget
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0 Professional
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7088B71-86FC-4F5E-B295-68FAB7B6C85B}" = Steuer-Spar-Erklärung 2007
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BBE67B86-FCD7-4D3C-8B00-063DEAD8E30C}" = Steuer-Spar-Erklärung 2008
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE6F412F-C276-4FD8-B3E1-F996CC172776}" = WD Spindown or Stop Utility for External Drive, v1.00
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C097ACF1-CB6C-4C5A-B46E-027C7855156E}" = ArrayCalc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8BB4912-12D9-42AE-B571-E580D8CD1B5B}" = TuneUp Utilities 2007
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CE83500A-D08A-45AA-B6C0-25D7F8E11653}" = Data LifeSaver
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0CC1431-915D-4454-A045-232155BFD498}" = TVsweeper
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow 3.0
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 5.0
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DB4868DE-7A32-4CFA-90D5-D2F262EA79D4}" = USB Developer's uStudio
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{DCD22647-6D31-479D-8F97-16D0AA934D9E}" = PC Connectivity Solution
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E22E7B0A-3AE7-4D8A-9C9A-C57336300054}" = EASE Focus
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E40CE517-0D42-4198-96B4-C8232B257EB5}" = Data Lifeguard Diagnostic for Windows
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN-Karte
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F35D3C6B-609A-4090-8531-C9F4FD889045}" = ChamSys MagicQ PC
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{F79A208D-D929-11D9-9D77-000129760D75}" = MagicDirector 1.2
"{F7B25385-8FFA-4B09-AE05-BF73A72A8EDE}" = NetObjects Fusion 8
"{FAF88B432344413595BB2DED98385684}" = DivX User Guide
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"1F811665-E818-4956-9173-35CD47C9DCE0" = Otto
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"895796011BF8712107F83ADBED4F62C65CB79C70" = Windows-Treiberpaket - Das (Siudi) USB (05/30/2008 1.4.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Windows-Treiberpaket - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Autodesk Express Viewer" = Autodesk Express Viewer
"AvantBrowser" = Avant Browser (remove only)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Windows-Treiberpaket - Nokia Modem (05/22/2008 3.8)
"CamSpy_is1" = CamSpy V.3.6.4
"CDex" = CDex extraction audio
"Clarke Tech Editor Studio_is1" = Clarke Tech Editor Studio 3.07
"Click'N Design 3D for AfterBurner(tm) (V5)" = Click'N Design 3D for AfterBurner(tm) (V5)
"DC++" = DC++ 0.706
"DF CrcSfv_is1" = DF CrcSfv 1.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Fotowelt" = dm Fotowelt
"dm-DIGI-Foto" = dm-DIGI-Foto
"dm-Fotowelt" = dm-Fotowelt
"DVD Decrypter" = DVD Decrypter (Remove Only)
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Google Calendar Sync" = Google Calendar Sync
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{1C63DD23-6554-4A1F-8D0D-B5A6B49D8015}" = Corel Graphics Suite 11
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"LimeWire" = LimeWire 5.1.3
"MAGIX Foto Manager 2008 D" = MAGIX Foto Manager 2008 5.0.0.255 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"MAGIX PC Visit D" = MAGIX PC Visit
"MAGIX Video deLuxe 2006 D" = MAGIX Video deLuxe 2006 (D)
"MAGIX Video deluxe 2008 PLUS D" = MAGIX Video deluxe 2008 PLUS 7.5.1.4 (D)
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6 6.0.23.0 (D)
"MakeMKV" = MakeMKV v1.4.12_beta
"Medion GoPal Assistant" = Medion GoPal Assistant 3.00.0545
"Mein CeWe Fotobuch" = Mein CeWe Fotobuch
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myDMX_is1" = myDMX
"navigating.de POI-Warner GoPal Edition" = navigating.de POI-Warner GoPal Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealPlayer 6.0" = RealPlayer
"Resolume 2.41_is1" = Resolume 2.41
"SopCast" = SopCast 3.0.3
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"ST6UNST #1" = TGeb V5.4
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.0.5
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 1.0
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR Archivierer
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"X10Hardware" = X10 Hardware(TM)
"ZoneAlarm" = ZoneAlarm
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1327998448-2116585525-2031262003-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 13.08.2010 12:13:43 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 13.08.2010 12:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 13:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 14:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 15:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 16:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 17:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 14.08.2010 11:10:42 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 14.08.2010 11:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 14.08.2010 12:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
[ Application Events ]
Error - 13.08.2010 12:13:43 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 13.08.2010 12:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 13:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 14:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 15:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 16:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 13.08.2010 17:31:38 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 14.08.2010 11:10:42 | Computer Name = PROC-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 14.08.2010 11:31:37 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
Error - 14.08.2010 12:31:36 | Computer Name = PROC-PC | Source = Google Update | ID = 20
Description =
[ OSession Events ]
Error - 30.06.2009 11:44:52 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 184
seconds with 0 seconds of active time. This session ended with a crash.
Error - 30.06.2009 12:03:47 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 189
seconds with 0 seconds of active time. This session ended with a crash.
Error - 12.07.2009 03:36:35 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 78
seconds with 60 seconds of active time. This session ended with a crash.
Error - 06.08.2009 15:31:23 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 241
seconds with 60 seconds of active time. This session ended with a crash.
Error - 06.08.2009 15:54:45 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1394
seconds with 60 seconds of active time. This session ended with a crash.
Error - 31.08.2009 08:11:44 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 64
seconds with 0 seconds of active time. This session ended with a crash.
Error - 04.01.2010 18:35:56 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 843
seconds with 360 seconds of active time. This session ended with a crash.
Error - 25.02.2010 10:17:23 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 20536
seconds with 660 seconds of active time. This session ended with a crash.
Error - 03.03.2010 03:31:45 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 371
seconds with 120 seconds of active time. This session ended with a crash.
Error - 07.03.2010 14:21:40 | Computer Name = PROC-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9325
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 13.08.2010 07:21:26 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.08.2010 07:21:26 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TrueVector
Internet Monitor.
Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 13.08.2010 12:14:48 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst TrueVector
Internet Monitor.
Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TrueVector Internet Monitor" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 14.08.2010 11:11:43 | Computer Name = PROC-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
< End of report >
|
|
16.08.2010, 08:25
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Sparkassen 40 TAN TrojanerZitat:
Folge dem Artikel zur Neuinstallation des Betriebssystems.
__________________ |
|
16.08.2010, 11:15
| #3 |
| | Sparkassen 40 TAN Trojaner Kann man anhand der Dateien sehen,
__________________wo sich der Trojaner befindet? Wie er heißt? Wo er herkommt? Wer Schuld ist? |
|
16.08.2010, 11:26
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen 40 TAN TrojanerZitat:
Du minimierst das Risiko deutlich, wenn Du beim Surfen auf Adminrechte verzichtest und Deine Programme, Windows und den IE ständig aktuell hälst.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.08.2010, 11:48
| #5 |
| | Sparkassen 40 TAN Trojaner Alles klar. Nachdem die Sparkasse den Zugang gelöscht hat, kann ich nicht mehr nachschauen, ob sich der Trojaner noch im System befindet, da er sich ja nur meldet, wenn ich mich eingeloggt habe. Gibt es eine Möglichkeit zu überprüfen, ob er noch da ist??? |
|
16.08.2010, 12:02
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Sparkassen 40 TAN TrojanerZitat:
__________________ --> Sparkassen 40 TAN Trojaner |
|
| Themen zu Sparkassen 40 TAN Trojaner |
| 0x00000001, 40 tan, 40tan, 4d36e972-e325-11ce-bfc1-08002be10318, antivir, avgntflt.sys, avira, bho, browser, c:\windows\system32\rundll32.exe, components, crypto, decrypter, desktop, downloader, druck, einstellungen, error, excel.exe, festplatte, firefox, google, home, iastor.sys, installation, kaspersky, location, logfile, media center, microsoft office word, mozilla, msvcr80.dll, object, office 2007, oldtimer, plug-in, realtek, registry, rundll, safer networking, saver, sched.exe, security, security update, senden, service pack 1, software, sptd.sys, staropen, super, tan trojaner, trojane, trojaner, virus, vlc media player, windows internet, windows internet explorer, wrapper |
Linear-Darstellung
