| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Fehlermeldungen beim StartupWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
30.08.2010, 20:38
| #31 | |
  |  Fehlermeldungen beim Startup Panda deinstallieren. Sind dir diese Programme bekannt? Falls nicht, löschen. Zitat:
Poste neue Logs von OTL. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer.  Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
30.08.2010, 20:43
| #32 |
 | Fehlermeldungen beim Startup Die beiden Dateien kenne ich nicht, aber der PC ist von Medion und da war am Anfang schon einiges drauf...
__________________Die Datei "cofi.exe" - nicht die "Combofix", die ich immer für die Scans verwendet hab - lässt sich nicht löschen. Es kommt immer die Fehlermeldung, dass das die Datei gerade verwendet wird. Hier die OTL-Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2010 21:38:13 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Ich.DÖ\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895,00 Mb Total Physical Memory | 303,00 Mb Available Physical Memory | 34,00% Memory free 2,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 62,82 Gb Total Space | 22,15 Gb Free Space | 35,26% Space Free | Partition Type: NTFS Drive D: | 11,73 Gb Total Space | 4,88 Gb Free Space | 41,60% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 245,23 Mb Total Space | 244,61 Mb Free Space | 99,75% Space Free | Partition Type: FAT Drive G: | 957,63 Mb Total Space | 828,75 Mb Free Space | 86,54% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DÖ Current User Name: Ich Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Trillian\trillian.exe (Cerulean Studios) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\WINDOWS\system32\wbsecsvc.exe (Winbond) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ClipInc001) -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wbsecsvc) -- C:\WINDOWS\System32\wbsecsvc.exe (Winbond) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (catchme) -- C:\DOKUME~1\ICH~1.D\LOKALE~1\Temp\catchme.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (WmaCDriverV32) -- C:\WINDOWS\system32\drivers\WmaCDriverV32.sys (Windows (R) 2000/XP) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (W33ND) -- C:\WINDOWS\system32\drivers\W33ND.SYS (Winbond Electronics Corp.) DRV - (wbsecdrv) -- C:\WINDOWS\system32\drivers\wbsecdrv.sys (Winbond) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.17 01:02:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.25 11:07:28 | 000,000,000 | ---D | M] [2008.06.19 14:15:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Extensions [2010.08.30 10:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions [2010.08.17 17:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1} [2010.02.14 16:01:16 | 000,000,000 | ---D | M] (CountdownClock) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{19D3B002-1AD1-4a69-A5B3-AA98773DBB86} [2010.08.17 17:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66} [2010.08.16 09:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.08.17 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{4a428302-5267-4749-bb22-459b3236695f} [2010.01.23 00:59:23 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.08.17 17:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010.08.16 09:51:42 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.08.17 17:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{70a5ac84-0087-11dc-8314-0800200c9a66} [2010.08.17 20:07:29 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2010.08.17 17:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010.06.03 10:27:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.08.16 09:51:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.17 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2010.08.19 09:46:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.30 10:07:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.10 09:35:45 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2010.08.17 17:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008} [2010.04.10 09:36:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.05.07 23:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\firebug@software.joehewitt.com [2010.08.30 10:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\foxyproxy@eric.h.jung [2010.08.17 17:57:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\nasanightlaunch@example.com [2010.08.17 17:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\redshift_V2@shift-themes.com [2010.08.23 23:04:37 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\searchplugins\icqplugin.xml [2008.08.23 16:04:26 | 000,005,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\searchplugins\magiccardsinfo.xml [2010.08.30 10:07:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.25 10:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.08.25 10:59:30 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2004.05.13 16:37:02 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Programme\Mozilla Firefox\plugins\npdsplay.dll [2010.08.25 11:05:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009.03.03 12:00:30 | 001,275,856 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll [2007.12.19 14:57:38 | 000,310,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2010.07.27 09:18:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.27 09:18:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.27 09:18:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.27 09:18:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.27 09:18:37 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.24 10:52:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.05 06:41:03 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.30 10:09:04 | 000,028,552 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2010.08.30 10:08:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2010.08.29 20:14:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Foxit Software [2010.08.25 11:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.08.25 11:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2010.08.25 11:00:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.08.25 11:00:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.25 10:59:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.25 10:59:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.25 10:59:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.25 10:59:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.25 10:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.08.24 10:16:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.08.23 19:33:00 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.08.23 19:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.08.23 19:28:13 | 000,000,000 | ---D | C] -- C:\Downloads [2010.08.23 19:26:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Avira [2010.08.23 19:21:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Recent [2010.08.23 19:07:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.08.23 19:07:36 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.08.23 19:07:36 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.08.23 19:07:36 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.08.23 19:07:36 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.08.23 19:07:32 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.23 19:07:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.08.23 17:44:20 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.23 16:51:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe [2010.08.23 11:49:27 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.23 11:09:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Malwarebytes [2010.08.23 11:09:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.23 11:09:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.23 11:09:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.23 11:09:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.23 10:41:09 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.17 20:18:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared [2010.08.17 13:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\.gimp-2.6 [2010.08.17 13:23:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Eigene Dateien\gegl-0.0 [2010.08.16 00:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Eigene Dateien\7lands [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts ========== Files - Modified Within 30 Days ========== [2010.08.30 21:41:16 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5D7FD096-657B-427F-A602-02A464BC8C97}.job [2010.08.30 21:37:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe [2010.08.30 09:39:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.30 09:38:36 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.30 09:38:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.30 09:38:30 | 939,048,960 | -HS- | M] () -- C:\hiberfil.sys [2010.08.29 23:12:56 | 007,602,176 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\ntuser.dat [2010.08.29 23:12:56 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\ntuser.ini [2010.08.25 10:59:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.25 10:59:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.25 10:59:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.25 10:59:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.25 10:59:27 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.25 10:10:08 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.24 10:52:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010.08.23 19:33:12 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2010.08.23 19:09:02 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\cofi.exe [2010.08.23 11:48:21 | 000,339,991 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\RSIT.exe [2010.08.22 10:45:56 | 001,751,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\Track18.wma [2010.08.17 20:27:00 | 000,000,753 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.17 20:27:00 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2010.08.17 16:30:02 | 000,584,606 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg2.jpg [2010.08.17 16:30:02 | 000,003,547 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\.recently-used.xbel [2010.08.17 15:59:47 | 000,294,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg1.jpg [2010.08.16 10:37:17 | 000,150,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.14 09:17:25 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.14 01:42:45 | 001,004,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.14 01:42:45 | 000,434,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 01:42:45 | 000,068,798 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts ========== Files Created - No Company Name ========== [2010.08.23 19:33:12 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2010.08.23 19:33:08 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.08.23 19:08:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\cofi.exe [2010.08.23 11:48:17 | 000,339,991 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\RSIT.exe [2010.08.22 10:45:27 | 001,751,583 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\Track18.wma [2010.08.17 20:26:59 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Startmenü\Programme\Autostart\Verknüpfung mit ehtray.exe.lnk [2010.08.17 16:30:02 | 000,584,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg2.jpg [2010.08.17 16:30:02 | 000,003,547 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\.recently-used.xbel [2010.08.17 15:59:47 | 000,294,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg1.jpg [2009.08.03 11:12:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008.09.26 21:12:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008.03.24 19:23:01 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2008.02.06 11:35:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2007.12.01 22:46:52 | 000,001,359 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.10.30 16:17:40 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\imgpdf2.dll [2007.10.30 16:10:18 | 000,000,215 | ---- | C] () -- C:\WINDOWS\pdf2word.INI [2007.10.30 14:37:23 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007.10.23 21:22:05 | 000,000,872 | ---- | C] () -- C:\WINDOWS\uninst.ini [2007.10.02 20:01:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.10.02 14:24:32 | 000,002,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\HPSU_48BitScanUpdate.log [2007.10.02 14:24:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2007.10.02 14:01:54 | 000,000,348 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log [2007.10.02 14:01:54 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini [2007.10.02 14:01:35 | 000,003,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\PatchUpdate_InstantShareJPG.log [2007.10.02 14:01:35 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini [2007.10.02 14:01:23 | 000,003,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\PatchUpdate_IZClosingDiscError.log [2007.10.02 14:01:23 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini [2007.10.02 14:00:25 | 000,053,245 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Update_HP_RedboxHprblog_HPSU.log [2007.10.02 14:00:25 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2007.09.26 14:10:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2007.09.26 14:06:43 | 000,013,142 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2007.04.11 12:19:47 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2007.03.30 12:51:17 | 000,000,071 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI [2007.01.05 18:37:11 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL [2006.12.25 22:14:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006.12.10 21:24:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hiphopmaker.INI [2006.11.26 12:44:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\VoiceOver.INI [2006.11.25 23:10:13 | 000,001,872 | ---- | C] () -- C:\WINDOWS\Ultra EDIT.INI [2006.11.25 22:31:01 | 000,000,426 | ---- | C] () -- C:\WINDOWS\canopus.ini [2006.10.19 13:38:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2006.09.24 15:08:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006.09.07 17:54:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.09.06 20:18:07 | 000,150,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.09.06 20:18:07 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.04.06 16:04:48 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2246DFD473.sys [2006.04.05 07:20:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.04.05 06:37:17 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll [2006.04.05 06:33:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2006.04.03 20:17:03 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.04.03 20:17:00 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.04.03 19:42:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.30 10:33:14 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\4212FAB396.sys [2006.03.30 10:33:13 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.03.30 09:48:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.03.23 18:41:31 | 000,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.03.23 17:36:00 | 000,000,362 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.03.23 16:04:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.03.23 15:47:37 | 000,002,396 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.03.23 15:33:45 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2010 21:38:13 - Run 2
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Ich.DÖ\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
895,00 Mb Total Physical Memory | 303,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 62,82 Gb Total Space | 22,15 Gb Free Space | 35,26% Space Free | Partition Type: NTFS
Drive D: | 11,73 Gb Total Space | 4,88 Gb Free Space | 41,60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 245,23 Mb Total Space | 244,61 Mb Free Space | 99,75% Space Free | Partition Type: FAT
Drive G: | 957,63 Mb Total Space | 828,75 Mb Free Space | 86,54% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DÖ
Current User Name: Ich
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1028:TCP" = 1028:TCP:*:Disabled:TheWestBetaFortkämpfe
"1582:TCP" = 1582:TCP:*:Disabled:TheWestBetaFortkämpfe
"2380:TCP" = 2380:TCP:*:Enabled:msdrm
"5222:TCP" = 5222:TCP:*:Enabled:msdrm
"61440:TCP" = 61440:TCP:*:Enabled:msdrm
"2382:TCP" = 2382:TCP:*:Enabled:msdrm
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\InterVideo\DVD7\WinDVD.exe" = C:\Programme\InterVideo\DVD7\WinDVD.exe:*:enabled:InterVideo WinDVD 7 -- File not found
"C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe" = C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe:*:enabled:InterVideo MediaOne Gallery -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\Spiele\GSC Game World\Cossacks II\Data\ENGINE.EXE" = C:\Programme\Spiele\GSC Game World\Cossacks II\Data\ENGINE.EXE:*:Enabled:Cossacks 2: Napoleonic Wars -- (GSC Game World)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\LackeyCCG\LackeyCCG.exe" = C:\Programme\LackeyCCG\LackeyCCG.exe:*:Enabled:LackeyCCG -- ()
"C:\Programme\Cossacks - Back To War\dmcr.exe" = C:\Programme\Cossacks - Back To War\dmcr.exe:*:Enabled:dmcr -- (-GSC-)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ()
"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe" = C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- ()
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- (Tobit.Software)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\Magic Workstation\MWSPlay.exe" = C:\Programme\Magic Workstation\MWSPlay.exe:*:Enabled:Magic Workstation Play Module -- (Magi-Soft Development)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\Veoh\VeohClient.exe" = C:\Programme\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\QuickTime\QuickTimePlayer.exe" = C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Ressourcendatei -- (Apple Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead FilmBrennerei 4.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.2 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem
"DivX Setup.divx.com" = DivX-Setup
"FLVPlayer" = FLV Player 1.3.3
"Forte Free" = Forte Free
"Forte Scan" = Forte Scan
"Foxit Reader" = Foxit Reader
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF to Image Converter_is1" = PDF to Image Converter 2.00
"RealPlayer 12.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SuperTux_is1" = SuperTux 0.1.3
"Swiff Player_is1" = Swiff Player 1.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winbond WLAN" = Winbond WLAN
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR Archivierer
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra" = GeoGebra
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2010 16:21:48 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:26:21 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:30:37 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:36:57 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:37:16 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:38:41 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:50:37 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:55:59 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 17:10:21 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 18:34:02 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
[ OSession Events ]
Error - 16.11.2008 07:13:30 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 5492
seconds with 3900 seconds of active time. This session ended with a crash.
Error - 26.02.2010 12:49:00 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.02.2010 14:12:45 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2391
seconds with 420 seconds of active time. This session ended with a crash.
Error - 27.02.2010 14:13:27 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 29.08.2010 10:57:21 | Computer Name = DÖ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 29.08.2010 10:57:21 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 29.08.2010 10:57:21 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
Error - 29.08.2010 10:57:30 | Computer Name = DÖ | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.33 für die Netzwerkkarte mit der Netzwerkadresse
0060B35B48E1 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 29.08.2010 10:57:35 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
Error - 30.08.2010 03:38:43 | Computer Name = DÖ | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.32 für die Netzwerkkarte mit der Netzwerkadresse
0060B35B48E1 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 30.08.2010 03:39:02 | Computer Name = DÖ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 30.08.2010 03:39:02 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 30.08.2010 03:39:02 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
Error - 30.08.2010 03:39:12 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
< End of report >
|
|
30.08.2010, 21:04
| #33 | ||
| | Fehlermeldungen beim StartupZitat:
Zitat:
Start => Ausführen => combofix /uninstall => OK Schlimmstenfalls musst du dir eine LiveCD brennen (die man immer vorrätig haben sollte). => http://www.trojaner-board.de/75619-a...x-live-cd.html 1.) Deinstalliere:
Code:
ATTFilter :OTL
DRV - (catchme) -- C:\DOKUME~1\ICH~1.D\LOKALE~1\Temp\catchme.sys File not found
DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]
3.) Erstelle und poste neue Logs mit OTL. ciao, andreas
__________________ |
|
30.08.2010, 21:10
| #34 |
| | Fehlermeldungen beim Startup Wie deinstalliere ich Internet Explorer 7 und Lightscribe? Ich finde beides weder unter Software noch im Ordner Programme. "cofi.exe" lässt sich nicht mit /uninstall löschen. Die Datei kann nicht gefunden werden. |
|
30.08.2010, 21:15
| #35 |
| | Fehlermeldungen beim Startup
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
30.08.2010, 21:22
| #36 |
| | Fehlermeldungen beim Startup RSIT Logfile: Code:
ATTFilter Logfile of random's system information tool 1.08 (written by random/random) Run by Ich at 2010-08-30 22:20:10 Microsoft Windows XP Professional Service Pack 3 System drive C: has 23 GB (36%) free of 64 GB Total RAM: 895 MB (48% free) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:20:40, on 30.08.2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\AGRSMMSG.exe C:\Programme\Synaptics\SynTP\SynTPEnh.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\Programme\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\ehome\ehtray.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe C:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\wbsecsvc.exe C:\WINDOWS\system32\wuauclt.exe C:\Programme\Windows Media Player\setup_wm.exe C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\RSIT.exe C:\Programme\trend micro\Ich.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Programme\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Startup: Verknüpfung mit ehtray.exe.lnk = C:\WINDOWS\ehome\ehtray.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ClipInc 001 (ClipInc001) - Unknown owner - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: wbsecsvc - Winbond - C:\WINDOWS\system32\wbsecsvc.exe -- End of file - 5066 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\User_Feed_Synchronization-{5D7FD096-657B-427F-A602-02A464BC8C97}.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Programme\Java\jre6\bin\jp2ssv.dll [2010-08-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-25 79648] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"=C:\Programme\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-11-01 344064] "AGRSMMSG"=C:\WINDOWS\AGRSMMSG.exe [2004-07-22 88361] "SynTPEnh"=C:\Programme\Synaptics\SynTP\SynTPEnh.exe [2005-10-28 761945] "avgnt"=C:\Programme\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792] "SunJavaUpdateSched"=C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe [2010-05-14 248552] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "WMPNSCFG"=C:\Programme\Windows Media Player\WMPNSCFG.exe [2006-11-03 204288] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] C:\Dokumente und Einstellungen\Ich.DÖ\Startmenü\Programme\Autostart Verknüpfung mit ehtray.exe.lnk - C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2005-11-01 47616] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=323 "NoDriveAutoRun"=67108863 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"=1 "NoDriveAutoRun"=67108863 "NoDriveTypeAutoRun"=323 "NoDrives"=0 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax" "C:\Programme\NetMeeting\Conf.exe"="C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting" "C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome" "C:\Programme\Spiele\GSC Game World\Cossacks II\Data\ENGINE.EXE"="C:\Programme\Spiele\GSC Game World\Cossacks II\Data\ENGINE.EXE:*:Enabled:Cossacks 2: Napoleonic Wars" "C:\Programme\Mozilla Firefox\firefox.exe"="C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox" "C:\Programme\LackeyCCG\LackeyCCG.exe"="C:\Programme\LackeyCCG\LackeyCCG.exe:*:Enabled:LackeyCCG" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Programme\Cossacks - Back To War\dmcr.exe"="C:\Programme\Cossacks - Back To War\dmcr.exe:*:Enabled:dmcr" "C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper" "C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe"="C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader" "C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe"="C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server" "C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe"="C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player" "C:\Programme\mIRC\mirc.exe"="C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC" "C:\Programme\Magic Workstation\MWSPlay.exe"="C:\Programme\Magic Workstation\MWSPlay.exe:*:Enabled:Magic Workstation Play Module" "C:\Programme\TmNationsForever\TmForever.exe"="C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever" "C:\Programme\Veoh\VeohClient.exe"="C:\Programme\Veoh\VeohClient.exe:*:Enabled:Veoh Client" "C:\Programme\Opera\Opera.exe"="C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser" "C:\Programme\Microsoft Office\Office12\ONENOTE.EXE"="C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Programme\QuickTime\QuickTimePlayer.exe"="C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Ressourcendatei" "C:\Programme\Java\jre6\bin\java.exe"="C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary" "C:\Programme\TeamViewer\Version4\TeamViewer.exe"="C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application" "C:\Programme\HP\Digital Imaging\bin\hpqste08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe" "C:\Programme\HP\Digital Imaging\bin\hposid01.exe"="C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe" "C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Programme\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Programme\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "C:\Programme\HP\Digital Imaging\bin\hpoews01.exe"="C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe" "C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Programme\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "C:\Programme\Trillian\trillian.exe"="C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:enabled:Remoteunterstützung" "C:\Programme\Messenger\msmsgs.exe"="C:\Programme\Messenger\msmsgs.exe:*:enabled:Windows Messenger" "C:\Programme\AOL 9.0\AOL.exe"="C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0" "C:\Programme\AOL 9.0\WAOL.exe"="C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service)" "C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe"="C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer)" "C:\WINDOWS\system32\fxsclnt.exe"="C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax" "C:\Programme\Skype\Phone\Skype.exe"="C:\Programme\Skype\Phone\Skype.exe:*:enabled:Skype" "C:\Programme\CA\eTrust Antivirus\InocIT.exe"="C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner" "C:\Programme\CA\eTrust Antivirus\Realmon.exe"="C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor" "C:\Programme\CA\eTrust Antivirus\InoRpc.exe"="C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server" "C:\Programme\NetMeeting\Conf.exe"="C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting" "C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe"="C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome" "C:\Programme\InterVideo\DVD7\WinDVD.exe"="C:\Programme\InterVideo\DVD7\WinDVD.exe:*:enabled:InterVideo WinDVD 7" "C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe"="C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe:*:enabled:InterVideo MediaOne Gallery" "C:\Programme\MSN Messenger\msnmsgr.exe"="C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" ======List of files/folders created in the last 1 months====== 2010-08-30 22:20:09 ----D---- C:\rsit 2010-08-29 20:14:06 ----D---- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Foxit Software 2010-08-25 11:08:10 ----D---- C:\Programme\Panda Security 2010-08-25 11:06:08 ----D---- C:\Programme\Foxit Software 2010-08-25 11:00:35 ----SHD---- C:\RECYCLER 2010-08-25 11:00:27 ----D---- C:\Programme\Gemeinsame Dateien\Java 2010-08-25 10:59:50 ----A---- C:\WINDOWS\system32\javaws.exe 2010-08-25 10:59:50 ----A---- C:\WINDOWS\system32\javaw.exe 2010-08-25 10:59:50 ----A---- C:\WINDOWS\system32\java.exe 2010-08-25 10:12:46 ----D---- C:\WINDOWS\temp 2010-08-24 10:16:14 ----D---- C:\WINDOWS\system32\NtmsData 2010-08-23 19:33:12 ----A---- C:\Boot.bak 2010-08-23 19:33:00 ----RASHD---- C:\cmdcons 2010-08-23 19:29:15 ----D---- C:\WINDOWS\ERDNT 2010-08-23 19:28:13 ----D---- C:\Downloads 2010-08-23 19:26:21 ----D---- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Avira 2010-08-23 19:07:43 ----A---- C:\WINDOWS\system32\drivers\ssmdrv.sys 2010-08-23 19:07:36 ----A---- C:\WINDOWS\system32\drivers\avipbb.sys 2010-08-23 19:07:36 ----A---- C:\WINDOWS\system32\drivers\avgntmgr.sys 2010-08-23 19:07:36 ----A---- C:\WINDOWS\system32\drivers\avgntflt.sys 2010-08-23 19:07:36 ----A---- C:\WINDOWS\system32\drivers\avgntdd.sys 2010-08-23 19:07:32 ----D---- C:\Programme\Avira 2010-08-23 19:07:32 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira 2010-08-23 17:44:20 ----D---- C:\_OTL 2010-08-23 11:49:27 ----D---- C:\Programme\trend micro 2010-08-23 11:09:50 ----D---- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Malwarebytes 2010-08-23 11:09:34 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2010-08-23 11:09:24 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes 2010-08-23 11:09:23 ----A---- C:\WINDOWS\system32\drivers\mbam.sys 2010-08-23 11:09:22 ----D---- C:\Programme\Malwarebytes' Anti-Malware 2010-08-23 10:41:09 ----D---- C:\Programme\CCleaner 2010-08-17 20:18:37 ----D---- C:\Programme\Gemeinsame Dateien\DivX Shared 2010-08-14 01:44:54 ----HDC---- C:\WINDOWS\$NtUninstallKB982214$ 2010-08-14 01:44:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2115168$ 2010-08-14 01:44:19 ----HDC---- C:\WINDOWS\$NtUninstallKB981852$ 2010-08-14 01:43:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2079403$ 2010-08-14 01:36:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2160329$ 2010-08-14 01:36:25 ----HDC---- C:\WINDOWS\$NtUninstallKB980436$ 2010-08-14 01:32:02 ----HDC---- C:\WINDOWS\$NtUninstallKB981997$ 2010-08-14 01:31:19 ----HDC---- C:\WINDOWS\$NtUninstallKB982665$ 2010-08-13 19:32:06 ----HDC---- C:\WINDOWS\$NtUninstallKB2286198$ ======List of files/folders modified in the last 1 months====== 2010-08-30 22:20:14 ----D---- C:\WINDOWS\Prefetch 2010-08-30 22:20:03 ----D---- C:\WINDOWS 2010-08-30 22:16:35 ----D---- C:\WINDOWS\system32\CatRoot2 2010-08-30 22:16:20 ----A---- C:\WINDOWS\ModemLog_Creatix 2.0 AC'97 Modem.txt 2010-08-30 22:14:37 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-08-30 22:14:08 ----D---- C:\Programme\Trillian 2010-08-30 22:07:03 ----D---- C:\Programme\Google 2010-08-30 22:07:00 ----SHD---- C:\WINDOWS\Installer 2010-08-30 22:06:59 ----D---- C:\Config.Msi 2010-08-30 22:05:19 ----RD---- C:\Programme 2010-08-30 22:01:55 ----D---- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Skype 2010-08-30 21:57:58 ----D---- C:\WINDOWS\system32\drivers 2010-08-30 10:08:43 ----HD---- C:\WINDOWS\inf 2010-08-25 11:00:27 ----D---- C:\Programme\Gemeinsame Dateien 2010-08-25 10:59:51 ----D---- C:\WINDOWS\system32 2010-08-25 10:59:27 ----A---- C:\WINDOWS\system32\deployJava1.dll 2010-08-25 10:57:25 ----D---- C:\Programme\Opera 2010-08-25 10:52:30 ----D---- C:\Programme\Gemeinsame Dateien\Adobe 2010-08-25 10:52:30 ----D---- C:\Programme\Adobe 2010-08-25 10:52:27 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe 2010-08-25 10:10:08 ----A---- C:\WINDOWS\system.ini 2010-08-25 10:07:31 ----D---- C:\WINDOWS\AppPatch 2010-08-25 00:19:17 ----SHD---- C:\System Volume Information 2010-08-24 11:12:13 ----D---- C:\WINDOWS\Registration 2010-08-24 10:52:48 ----D---- C:\WINDOWS\system32\drivers\etc 2010-08-24 10:51:02 ----D---- C:\WINDOWS\system32\config 2010-08-24 10:50:03 ----SD---- C:\WINDOWS\Tasks 2010-08-23 21:03:26 ----D---- C:\WINDOWS\repair 2010-08-23 19:41:01 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-08-23 19:33:12 ----RASH---- C:\boot.ini 2010-08-23 19:04:15 ----D---- C:\WINDOWS\WinSxS 2010-08-23 19:04:11 ----D---- C:\Programme\Gemeinsame Dateien\Microsoft Shared 2010-08-23 12:01:21 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater 2010-08-23 11:42:51 ----HDC---- C:\WINDOWS\$NtUninstallKB887797$ 2010-08-23 10:58:44 ----D---- C:\WINDOWS\Debug 2010-08-23 10:58:43 ----D---- C:\WINDOWS\Minidump 2010-08-18 10:11:28 ----D---- C:\Programme\BSW 2010-08-17 20:27:00 ----A---- C:\WINDOWS\win.ini 2010-08-17 20:26:59 ----D---- C:\WINDOWS\pss 2010-08-17 20:20:00 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX 2010-08-17 20:19:27 ----D---- C:\Programme\DivX 2010-08-17 16:30:02 ----D---- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\gtk-2.0 2010-08-17 13:22:12 ----D---- C:\Programme\GIMP-2.0 2010-08-14 14:03:09 ----D---- C:\WINDOWS\Microsoft.NET 2010-08-14 14:02:57 ----RSD---- C:\WINDOWS\assembly 2010-08-14 13:24:10 ----D---- C:\Programme\QuickTime 2010-08-14 01:44:56 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-08-14 01:44:52 ----HD---- C:\WINDOWS\$hf_mig$ 2010-08-14 01:42:45 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-08-14 01:37:30 ----D---- C:\Programme\Internet Explorer 2010-08-14 01:32:05 ----D---- C:\Programme\Movie Maker 2010-08-14 01:31:53 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help 2010-08-03 20:09:31 ----A---- C:\WINDOWS\system32\MRT.exe ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R0 ohci1394;Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696] R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944] R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688] R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656] R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488] R1 AmdK8;AMD Athlon64-Prozessortreiber; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2004-05-08 38912] R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir Desktop\avgio.sys [] R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784] R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520] R1 wbsecdrv;wbsecdrv Protocol Driver; C:\WINDOWS\system32\DRIVERS\wbsecdrv.sys [2005-06-14 17792] R1 WS2IFSL;Windows Socket 2.0 Non-IFS-Dienstanbieter-Unterstützungsumgebung; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936] R3 AgereSoftModem;Creatix 2.0 AC'97 Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-07-22 1268234] R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-12-16 3842560] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-11-01 1392128] R3 HidUsb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-18 12288] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-28 191936] R3 ULI5261XP;ULi M526X Ethernet NT Driver; C:\WINDOWS\system32\DRIVERS\ULILAN51.SYS [2005-03-22 28672] R3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 W33ND;W89C33 mPCI 802.11 Wireless LAN Adapter Driver; C:\WINDOWS\system32\DRIVERS\W33ND.SYS [2005-07-26 140064] S3 61883;61883-Einheitsgerät; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128] S3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] S3 Avc;AVC-Gerät; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912] S3 catchme;catchme; \??\C:\DOKUME~1\ICH~1.D\LOKALE~1\Temp\catchme.sys [] S3 CCDECODE;Untertiteldecoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664] S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496] S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568] S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;NABTS/FEC VBI-Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NdisIP;Microsoft TV-/Videoverbindung; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] S3 nm;Netzwerkmonitortreiber; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-13 40320] S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 streamip;BDA-IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbprint;Microsoft USB-Druckerklasse; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys [] S3 WmaCDriverV32;WmaCDriverV32; C:\WINDOWS\system32\drivers\WmaCDriverV32.sys [2007-03-14 513152] S3 WSTCODEC;World Standard Teletext-Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Programme\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336] R2 AntiVirService;Avira AntiVir Guard; C:\Programme\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432] R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-11-01 389120] R2 ClipInc001;ClipInc 001; C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe [2009-05-27 2230024] R2 JavaQuickStarterService;Java Quick Starter; C:\Programme\Java\jre6\bin\jqs.exe [2010-08-25 153376] R2 MDM;Machine Debug Manager; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728] R2 UleadBurningHelper;Ulead Burning Helper; C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe [2005-01-31 49152] R2 wbsecsvc;wbsecsvc; C:\WINDOWS\system32\wbsecsvc.exe [2005-04-30 245760] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] S2 WMPNetworkSvc;Windows Media Player-Netzwerkfreigabedienst; C:\Programme\Windows Media Player\WMPNetwk.exe [2006-11-03 920576] S3 aspnet_state;ASP.NET-Zustandsdienst; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 odserv;Microsoft Office Diagnostics Service; C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712] S3 ose;Office Source Engine; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S4 NetTcpPortSharing;Net.Tcp-Portfreigabedienst; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- info.txtRSIT Logfile: Code:
ATTFilter logfile of random's system information tool 1.08 2010-08-30 22:20:49
======Uninstall list======
-->C:\Programme\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\IsUn0407.exe -fc:\programme\spiele\sierra\professortim\Uninst.isu
-->C:\WINDOWS\IsUn0407.exe -fC:\Programme\Spiele\Sierra\RCRacersDeluxe\Uninst.isu
-->C:\WINDOWS\IsUn0407.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\UNNeroVision.exe /UNINSTALL
-->C:\WINDOWS\UNNMP.exe /UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -maintain plugin
Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Apple Application Support-->MsiExec.exe /I{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x7
ATI - Dienstprogramm zur Deinstallation der Software-->C:\Programme\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI Systemsteuerung-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
Audacity 1.3.2 (Unicode)-->"C:\Programme\Audacity 1.3 Beta (Unicode)\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir Desktop\setup.exe /REMOVE
BrettspielWelt-->"C:\Programme\BSW\uninstall.exe"
CCleaner-->"C:\Programme\CCleaner\uninst.exe"
ConvertHelper 2.1-->"C:\Programme\ConvertHelper\unins000.exe"
Creatix 2.0 AC'97 Modem-->agrsmdel
DivX-Setup-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
FLV Player 1.3.3-->"C:\Programme\FLVPlayer\uninstall.exe"
Forte Free -->C:\Programme\Lugert Verlag\Forte Free\Unwise32.EXE C:\PROGRA~1\LUGERT~1\FORTEF~2\Install.LOG
Forte Scan -->C:\Programme\Lugert Verlag\Forte Scan\Unwise32.EXE C:\PROGRA~1\LUGERT~1\FORTES~1\Install.LOG
Foxit Reader-->C:\Programme\Foxit Software\Foxit Reader\Uninstall.exe
Free Video to MP3 Converter version 3.2-->"C:\Programme\DVDVideoSoft\Free Video to MP3 Converter\unins000.exe"
Free WMA to MP3 Converter 1.16-->"C:\Programme\Free WMA to MP3 Converter\unins000.exe"
GIMP 2.6.10-->"C:\Programme\GIMP-2.0\setup\unins001.exe"
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Programme\Google\Google Updater\GoogleUpdater.exe" -uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB945282)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946040)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB946308)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947540)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB947789)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU (KB948127)-->C:\WINDOWS\system32\msiexec.exe /package {D5A7D7AB-3093-3619-9261-74DB250ECF7B} /uninstall /qb+ REBOOTPROMPT=""
Hotfix für Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix für Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB942288-v3)-->"C:\WINDOWS\$NtUninstallKB942288-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"
Hotfix für Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"
HP Imaging Device Functions 5.3-->C:\Programme\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart, Officejet and Deskjet 7.0.A-->C:\Programme\HP\Digital Imaging\{3A316611-45D1-429C-AA26-B71259C44689}\setup\hpzscr01.exe -datfile hposcr11.dat
HP Solution Center & Imaging Support Tools 5.3-->C:\Programme\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
HP Update-->MsiExec.exe /X{818ABC3C-635C-4651-8183-D0E9640B7DD1}
Java(TM) 6 Update 21-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216021FF}
Magic Workstation 0.94f-->"C:\Programme\Magic Workstation\unins000.exe"
Malwarebytes' Anti-Malware-->"C:\Programme\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.0 Hotfix (KB979904)-->"C:\WINDOWS\$NtUninstallKB979904$\spuninst\spuninst.exe"
Microsoft .NET Framework 1.1 German Language Pack-->MsiExec.exe /X{E78BFA60-5393-4C38-82AB-E8019E464EB4}
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C314CE45-3392-3B73-B4E1-139CD41CA933}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 German Language Pack-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0 German Language Pack\setup.exe
Microsoft .NET Framework 3.0 German Language Pack-->MsiExec.exe /X{F2A7F421-1679-48D5-B918-96999014ED53}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU-->MsiExec.exe /I{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - deu\setup.exe
Microsoft .NET Framework 3.5 Language Pack SP1 - deu-->MsiExec.exe /I{052FDD78-A6EA-3187-8386-C82F4CA3A929}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0407-0000-0000000FF1CE} /uninstall {26454C26-D259-4543-AA60-3189E09C5F76}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0407-0000-0000000FF1CE} /uninstall {9BD40163-B95D-4B07-8991-0AB775B6D88B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->"C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0410-0000-0000000FF1CE} /uninstall {322296D4-1EAE-4030-9FBC-D2787EB25FA2}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU-->C:\Programme\Microsoft Visual Studio 9.0\Microsoft Visual C++ 2008 Express Edition with SP1 - DEU\setup.exe
Microsoft Visual C++ 2008 Express Edition with SP1 - DEU-->MsiExec.exe /X{D5A7D7AB-3093-3619-9261-74DB250ECF7B}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729-->MsiExec.exe /X{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}
Microsoft Visual J# .NET Redistributable Package 1.1-->MsiExec.exe /X{1A655D51-1423-48A3-B748-8F5A0BE294C8}
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries-->MsiExec.exe /X{842FAF7C-50EF-4463-9B8F-6222E1384D7D}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu-->MsiExec.exe /X{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32-->MsiExec.exe /X{044F9133-B8D7-4d11-BF39-803FA20F5C8B}
Microsoft Windows-Journal-Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Microsoft-Basissmartcard-Kryptografiedienstanbieterpaket-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
mIRC-->C:\Programme\mIRC\uninstall.exe _?=C:\Programme\mIRC
Mozilla Firefox (3.6.8)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
MTG GamePack for Magic Workstation-->"C:\Programme\Magic Workstation\unins001.exe"
Nero Suite-->C:\Programme\Gemeinsame Dateien\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Office 2003 Trial Assistant-->MsiExec.exe /I{47D2103B-FD51-4017-9C20-DD408B17D726}
OpenOffice.org 2.4-->MsiExec.exe /I{CCD90636-D97D-4130-A44A-3AD4E63B9220}
PDF to Image Converter 2.00-->"C:\Programme\PDF-Convert\pdf2img\unins000.exe"
QuickTime-->MsiExec.exe /I{EB900AF8-CC61-4E15-871B-98D1EA3E8025}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x7 -removeonly
Security Update for 2007 Microsoft Office System (KB2277947)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5857EE21-03D0-482E-9620-5A30B314A2AE}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}
Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}
Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2251419)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7E9103DA-253F-41FF-9E83-7C83806C77DA}
Sicherheitsupdate für Step by Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Sicherheitsupdate für Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Encoder (KB954156)-->"C:\WINDOWS\$NtUninstallKB954156_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Encoder (KB979332)-->"C:\WINDOWS\$NtUninstallKB979332_WM9L$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2079403)-->"C:\WINDOWS\$NtUninstallKB2079403$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2115168)-->"C:\WINDOWS\$NtUninstallKB2115168$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2160329)-->"C:\WINDOWS\$NtUninstallKB2160329$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2229593)-->"C:\WINDOWS\$NtUninstallKB2229593$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB2286198)-->"C:\WINDOWS\$NtUninstallKB2286198$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975561)-->"C:\WINDOWS\$NtUninstallKB975561$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB980436)-->"C:\WINDOWS\$NtUninstallKB980436$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981852)-->"C:\WINDOWS\$NtUninstallKB981852$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB981997)-->"C:\WINDOWS\$NtUninstallKB981997$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982214)-->"C:\WINDOWS\$NtUninstallKB982214$\spuninst\spuninst.exe"
Sicherheitsupdate für Windows XP (KB982665)-->"C:\WINDOWS\$NtUninstallKB982665$\spuninst\spuninst.exe"
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SmartSound Quicktracks Plugin-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}
SQL Server System CLR Types-->MsiExec.exe /I{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}
Stronghold Crusader-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8C3727F2-8E37-49E4-820C-03B1677F53B6}\setup.exe"
SuperTux 0.1.3-->C:\Programme\SuperTux\unins000.exe
Swiff Player 1.5-->"C:\Programme\GlobFX\Swiff Player\unins000.exe"
Synaptics Pointing Device Driver-->rundll32.exe "C:\Programme\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 2 RC2-->C:\Programme\Teamspeak2_RC2\unins000.exe
TeamViewer 4-->C:\Programme\TeamViewer\Version4\uninstall.exe
TmNationsForever-->"C:\Programme\TmNationsForever\unins000.exe"
Tobit.Software clipinc.fx-->C:\WINDOWS\CISUnins.exe "C:\Programme\Tobit ClipInc\Server\CISUnins.inf"
T-Online WLAN-Access Finder-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}\Setup.exe" -L0x7
Trillian-->C:\Programme\Trillian\Trillian.exe /uninstall
Ulead FilmBrennerei 4.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}\setup.exe" -l0x7
Ulead VideoStudio 9.0-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}\setup.exe" -l0x7
ULi LAN Driver-->C:\WINDOWS\system32\UnLAN.EXE RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{143BE018-D8F8-4014-8CB6-AF63F5799D21}\Setup.exe" -uninst
Uninstall 1.0.0.1-->"C:\Programme\Gemeinsame Dateien\DVDVideoSoft\unins000.exe"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}
Update für Windows Internet Explorer 8 (KB971930)-->"C:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"
Update für Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"
Update für Windows Media Player 10 (KB910393)-->"C:\WINDOWS\$NtUninstallKB910393$\spuninst\spuninst.exe"
Update für Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update für Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update für Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update für Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update für Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"
Update für Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update für Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update für Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update für Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"
Update für Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"
Update für Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 für Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VDMSound-->C:\Programme\VDMSound\uninst.exe
videon-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Programme\InstallShield Installation Information\{261D0486-9127-4071-BA1D-FE784310752E}\Setup.exe" -l0x7
Viewpoint Media Player-->C:\Programme\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
Wichtiges Update für Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Winbond WLAN-->C:\PROGRA~1\winbond\w89c33\UNWISE.EXE C:\PROGRA~1\winbond\w89c33\INSTALL.LOG
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Connect-->"C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Encoder 9-Reihe-->msiexec.exe /I {E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Encoder 9-Reihe-->MsiExec.exe /I{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}
Windows Media Format 11 runtime-->"C:\Programme\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Programme\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation Language Pack (DEU)-->MsiExec.exe /X{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB925766-->"C:\WINDOWS\$NtUninstallKB925766$\spuninst\spuninst.exe"
Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"
Windows XP Media Center Edition Screen Saver Screen Saver-->C:\WINDOWS\system32\WINDOW~1.SCR /U
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR Archivierer-->C:\Programme\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
======Security center information======
AV: AntiVir Desktop
======System event log======
Computer Name: DÖ
Event Code: 6005
Message: Der Ereignisprotokolldienst wurde gestartet.
Record Number: 51233
Source Name: EventLog
Time Written: 20100710193709.000000+120
Event Type: Informationen
User:
Computer Name: DÖ
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.
Record Number: 51232
Source Name: EventLog
Time Written: 20100710193709.000000+120
Event Type: Informationen
User:
Computer Name: DÖ
Event Code: 6006
Message: Der Ereignisprotokolldienst wurde beendet.
Record Number: 51231
Source Name: EventLog
Time Written: 20100704141950.000000+120
Event Type: Informationen
User:
Computer Name: DÖ
Event Code: 7036
Message: Dienst "Ati HotKey Poller" befindet sich jetzt im Status "Beendet".
Record Number: 51230
Source Name: Service Control Manager
Time Written: 20100704141919.000000+120
Event Type: Informationen
User:
Computer Name: DÖ
Event Code: 7036
Message: Dienst "Office Source Engine" befindet sich jetzt im Status "Beendet".
Record Number: 51229
Source Name: Service Control Manager
Time Written: 20100704122215.000000+120
Event Type: Informationen
User:
=====Application event log=====
Computer Name: DÖ
Event Code: 1035
Message: Das Produkt wurde durch Windows Installer neu konfiguriert. Produktname: JourneySoftwarePromo. Produktversion: 1.10.0000. Produktsprache: 1033. Erfolg- bzw. Fehlerstatus der neuen Konfiguration: 0.
Record Number: 22220
Source Name: MsiInstaller
Time Written: 20100626110339.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: DÖ
Event Code: 1035
Message: Das Produkt wurde durch Windows Installer neu konfiguriert. Produktname: SmartSound Quicktracks Plugin. Produktversion: 3.0.2.6. Produktsprache: 1033. Erfolg- bzw. Fehlerstatus der neuen Konfiguration: 0.
Record Number: 22219
Source Name: MsiInstaller
Time Written: 20100626110339.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: DÖ
Event Code: 1035
Message: Das Produkt wurde durch Windows Installer neu konfiguriert. Produktname: Apple Application Support. Produktversion: 1.2.0. Produktsprache: 1033. Erfolg- bzw. Fehlerstatus der neuen Konfiguration: 0.
Record Number: 22218
Source Name: MsiInstaller
Time Written: 20100626110339.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: DÖ
Event Code: 1035
Message: Das Produkt wurde durch Windows Installer neu konfiguriert. Produktname: Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries. Produktversion: 6.1.5288.17011. Produktsprache: 1033. Erfolg- bzw. Fehlerstatus der neuen Konfiguration: 0.
Record Number: 22217
Source Name: MsiInstaller
Time Written: 20100626110339.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
Computer Name: DÖ
Event Code: 1035
Message: Das Produkt wurde durch Windows Installer neu konfiguriert. Produktname: HP Update. Produktversion: 5.002.001.004. Produktsprache: 1031. Erfolg- bzw. Fehlerstatus der neuen Konfiguration: 0.
Record Number: 22216
Source Name: MsiInstaller
Time Written: 20100626110338.000000+120
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Programme\ATI Technologies\ATI Control Panel;C:\Programme\Gemeinsame Dateien\Ulead Systems\MPEG;C:\Programme\VDMSound;C:\Programme\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 44 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2c02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"VDMSPath"=C:\Programme\VDMSound
"VS90COMNTOOLS"=C:\Programme\Microsoft Visual Studio 9.0\Common7\Tools\
"CLASSPATH"=.;C:\Programme\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Programme\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
|
|
30.08.2010, 21:37
| #37 |
| | Fehlermeldungen beim Startup Start => Ausführen => C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe => OK Lightscribe sehe ich nicht, muss ne Macke von OTL sein. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
30.08.2010, 21:39
| #38 |
| | Fehlermeldungen beim Startup Der Deinstallationassistent meldet, dass etliche Programme beim Entfernen von "KB947864" uU nicht mehr richtig funktionieren... |
|
30.08.2010, 21:45
| #39 |
| | Fehlermeldungen beim Startup Schon vermutet. Falls es sonst keine Probleme mehr gibt: Starte OTL => Klick auf Bereinigen => Rechner startet neu. Deinstalliere/lösche alle Programme, die zum Einsatz kamen (Malwarebytes kannst du behalten). Du bist entlassen. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
30.08.2010, 22:02
| #40 |
| | Fehlermeldungen beim Startup Krieg ich die cofi-Datei nur mit der CD runter? Hier die Logs von OTL: All processes killed ========== OTL ========== Service catchme stopped successfully! Service catchme deleted successfully! File C:\DOKUME~1\ICH~1.D\LOKALE~1\Temp\catchme.sys File not found not found. Error: No service named pavboot was found to stop! Service\Driver key pavboot not found. File C:\WINDOWS\system32\drivers\pavboot.sys not found. HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully. C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe moved successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. ========== COMMANDS ========== C:\WINDOWS\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: Administrator ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Flash cache emptied: 0 bytes User: Gast ->Flash cache emptied: 0 bytes User: Ich ->Flash cache emptied: 0 bytes User: Ich.DÖ ->Flash cache emptied: 6498 bytes User: K1x_CD1 User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Ich ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Ich.DÖ ->Temp folder emptied: 79922007 bytes ->Temporary Internet Files folder emptied: 6800506 bytes ->Java cache emptied: 185849 bytes ->FireFox cache emptied: 89335584 bytes ->Google Chrome cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: K1x_CD1 User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 38878 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 664 bytes RecycleBin emptied: 15873394 bytes Total Files Cleaned = 183,00 mb OTL by OldTimer - Version 3.2.11.0 log created on 08302010_224712 Files\Folders moved on Reboot... Registry entries deleted on Reboot...OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.08.2010 22:53:32 - Run 3
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Ich.DÖ\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
895,00 Mb Total Physical Memory | 394,00 Mb Available Physical Memory | 44,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 62,82 Gb Total Space | 22,58 Gb Free Space | 35,95% Space Free | Partition Type: NTFS
Drive D: | 11,73 Gb Total Space | 4,88 Gb Free Space | 41,60% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 245,23 Mb Total Space | 244,61 Mb Free Space | 99,75% Space Free | Partition Type: FAT
Drive G: | 957,63 Mb Total Space | 828,75 Mb Free Space | 86,54% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DÖ
Current User Name: Ich
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"1028:TCP" = 1028:TCP:*:Disabled:TheWestBetaFortkämpfe
"1582:TCP" = 1582:TCP:*:Disabled:TheWestBetaFortkämpfe
"2380:TCP" = 2380:TCP:*:Enabled:msdrm
"5222:TCP" = 5222:TCP:*:Enabled:msdrm
"61440:TCP" = 61440:TCP:*:Enabled:msdrm
"2382:TCP" = 2382:TCP:*:Enabled:msdrm
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\AOL 9.0\AOL.exe" = C:\Programme\AOL 9.0\AOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Programme\AOL 9.0\WAOL.exe" = C:\Programme\AOL 9.0\WAOL.exe:*:enabled:AOL 9.0 -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLACSD.exe:*:enabled:AOL 9.0 (Connectivity Service) -- File not found
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDIAL.exe:*:enabled:AOL 9.0 (Connectivity Service Dialer) -- File not found
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:enabled:eTrust Antivirus - Local Scanner -- File not found
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:enabled:eTrust Antivirus - Realtime monitor -- File not found
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:enabled:eTrust Antivirus - RPC Server -- File not found
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\InterVideo\DVD7\WinDVD.exe" = C:\Programme\InterVideo\DVD7\WinDVD.exe:*:enabled:InterVideo WinDVD 7 -- File not found
"C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe" = C:\Programme\InterVideo\MediaOne Gallery\mediaone.exe:*:enabled:InterVideo MediaOne Gallery -- File not found
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:enabled:Microsoft Fax -- (Microsoft Corporation)
"C:\Programme\NetMeeting\Conf.exe" = C:\Programme\NetMeeting\Conf.exe:*:enabled:NetMeeting -- (Microsoft Corporation)
"C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe" = C:\Programme\Ahead\Nero MediaHome\NeroMediaHome.exe:*:enabled:Nero MediaHome -- (Ahead Software AG)
"C:\Programme\Spiele\GSC Game World\Cossacks II\Data\ENGINE.EXE" = C:\Programme\Spiele\GSC Game World\Cossacks II\Data\ENGINE.EXE:*:Enabled:Cossacks 2: Napoleonic Wars -- (GSC Game World)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\LackeyCCG\LackeyCCG.exe" = C:\Programme\LackeyCCG\LackeyCCG.exe:*:Enabled:LackeyCCG -- ()
"C:\Programme\Cossacks - Back To War\dmcr.exe" = C:\Programme\Cossacks - Back To War\dmcr.exe:*:Enabled:dmcr -- (-GSC-)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe" = C:\Programme\Firefly Studios\Stronghold Crusader\Stronghold Crusader.exe:*:Enabled:Stronghold Crusader -- ()
"C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe" = C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe:*:Enabled:ClipInc Server -- ()
"C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe" = C:\Programme\Tobit ClipInc\Player\ClipInc-Player.exe:*:Enabled:ClipInc Player -- (Tobit.Software)
"C:\Programme\mIRC\mirc.exe" = C:\Programme\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)
"C:\Programme\Magic Workstation\MWSPlay.exe" = C:\Programme\Magic Workstation\MWSPlay.exe:*:Enabled:Magic Workstation Play Module -- (Magi-Soft Development)
"C:\Programme\TmNationsForever\TmForever.exe" = C:\Programme\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()
"C:\Programme\Veoh\VeohClient.exe" = C:\Programme\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Programme\Opera\Opera.exe" = C:\Programme\Opera\Opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Programme\Microsoft Office\Office12\ONENOTE.EXE" = C:\Programme\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Programme\QuickTime\QuickTimePlayer.exe" = C:\Programme\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Ressourcendatei -- (Apple Inc.)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\Trillian\trillian.exe" = C:\Programme\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Systemsteuerung
"{0E592C31-09EF-3CA1-A7DE-05D13DFCF791}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - deu
"{143BE018-D8F8-4014-8CB6-AF63F5799D21}" = ULi LAN Driver
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{261D0486-9127-4071-BA1D-FE784310752E}" = videon
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{448AB2CB-C94A-47DE-80B8-9D7824DEFA57}" = Ulead FilmBrennerei 4.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{8234A27D-C5A4-4F84-8718-3BF34BCFC89F}" = JourneySoftwarePromo
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B5924CA6-24A7-48F5-BC9C-8BFA94ED4564}" = LightScribe 1.4.67.1
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CCD90636-D97D-4130-A44A-3AD4E63B9220}" = OpenOffice.org 2.4
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5A7D7AB-3093-3619-9261-74DB250ECF7B}" = Microsoft Visual C++ 2008 Express Edition with SP1 - DEU
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.2 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSW" = BrettspielWelt
"CCleaner" = CCleaner
"Creatix 2.0 AC'97 Soft Modem" = Creatix 2.0 AC'97 Modem
"DivX Setup.divx.com" = DivX-Setup
"FLVPlayer" = FLV Player 1.3.3
"Forte Free" = Forte Free
"Forte Scan" = Forte Scan
"Foxit Reader" = Foxit Reader
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - DEU" = Microsoft Visual C++ 2008 Express Edition mit SP1 - DEU
"mIRC" = mIRC
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PDF to Image Converter_is1" = PDF to Image Converter 2.00
"RealPlayer 12.0" = RealPlayer
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SuperTux_is1" = SuperTux 0.1.3
"Swiff Player_is1" = Swiff Player 1.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"TmNationsForever_is1" = TmNationsForever
"Tobit ClipInc Server" = Tobit.Software clipinc.fx
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VDMSound" = VDMSound
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winbond WLAN" = Winbond WLAN
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Media Center Edition Screen Saver Screen Saver" = Windows XP Media Center Edition Screen Saver Screen Saver
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinRAR archiver" = WinRAR Archivierer
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GeoGebra" = GeoGebra
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 23.08.2010 16:21:48 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:26:21 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:30:37 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:36:57 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:37:16 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:38:41 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:50:37 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 16:55:59 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 17:10:21 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
Error - 23.08.2010 18:34:02 | Computer Name = DÖ | Source = VSS | ID = 5013
Description = Volumeschattenkopie-Dienstfehler: Von Schattenkopieautor "RemovableStorageManager"
aufgerufene Routine "OpenNtmsSessionW" ist mit Status "0x80070422" (konvertiert
in 0x800423f4) fehlgeschlagen.
[ OSession Events ]
Error - 16.11.2008 07:13:30 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6324.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 5492
seconds with 3900 seconds of active time. This session ended with a crash.
Error - 26.02.2010 12:49:00 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 40
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.02.2010 14:12:45 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2391
seconds with 420 seconds of active time. This session ended with a crash.
Error - 27.02.2010 14:13:27 | Computer Name = DÖ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 30.08.2010 16:47:12 | Computer Name = DÖ | Source = Service Control Manager | ID = 7034
Description = Dienst "Ati HotKey Poller" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2010 16:47:13 | Computer Name = DÖ | Source = Service Control Manager | ID = 7034
Description = Dienst "ClipInc 001" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.
Error - 30.08.2010 16:47:13 | Computer Name = DÖ | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2010 16:47:13 | Computer Name = DÖ | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 30.08.2010 16:47:14 | Computer Name = DÖ | Source = Service Control Manager | ID = 7034
Description = Dienst "Pml Driver HPZ12" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2010 16:47:14 | Computer Name = DÖ | Source = Service Control Manager | ID = 7034
Description = Dienst "Ulead Burning Helper" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 30.08.2010 16:49:30 | Computer Name = DÖ | Source = Service Control Manager | ID = 7023
Description = Der Dienst "HID Input Service" wurde mit folgendem Fehler beendet:
%%126
Error - 30.08.2010 16:49:30 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender Service" ist vom Dienst "SSDP Discovery
Service" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 30.08.2010 16:49:30 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
Error - 30.08.2010 16:50:04 | Computer Name = DÖ | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" ist vom Dienst
"Universeller Plug & Play-Gerätehost" abhängig, der aufgrund folgenden Fehlers
nicht gestartet wurde: %%1058
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.08.2010 22:53:32 - Run 3 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Dokumente und Einstellungen\Ich.DÖ\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 895,00 Mb Total Physical Memory | 394,00 Mb Available Physical Memory | 44,00% Memory free 2,00 Gb Paging File | 2,00 Gb Available in Paging File | 81,00% Paging File free Paging file location(s): C:\pagefile.sys 1344 2688 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 62,82 Gb Total Space | 22,58 Gb Free Space | 35,95% Space Free | Partition Type: NTFS Drive D: | 11,73 Gb Total Space | 4,88 Gb Free Space | 41,60% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded Drive F: | 245,23 Mb Total Space | 244,61 Mb Free Space | 99,75% Space Free | Partition Type: FAT Drive G: | 957,63 Mb Total Space | 828,75 Mb Free Space | 86,54% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: DÖ Current User Name: Ich Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\WINDOWS\system32\wbsecsvc.exe (Winbond) PRC - C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (ClipInc001) -- C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (wbsecsvc) -- C:\WINDOWS\System32\wbsecsvc.exe (Winbond) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Gemeinsame Dateien\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (WmaCDriverV32) -- C:\WINDOWS\system32\drivers\WmaCDriverV32.sys (Windows (R) 2000/XP) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.) DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (W33ND) -- C:\WINDOWS\system32\drivers\W33ND.SYS (Winbond Electronics Corp.) DRV - (wbsecdrv) -- C:\WINDOWS\system32\drivers\wbsecdrv.sys (Winbond) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (ULI5261XP) -- C:\WINDOWS\system32\drivers\ULILAN51.SYS (ULi Electronics Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.1 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8 FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.6 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.11 FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9 FF - prefs.js..extensions.enabledItems: {84b24861-62f6-364b-eba5-2e5e2061d7e6}:0.9.3 FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..keyword.URL: "hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.17 01:02:23 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.25 11:07:28 | 000,000,000 | ---D | M] [2008.06.19 14:15:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Extensions [2010.08.30 10:07:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions [2010.08.17 17:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81b1} [2010.02.14 16:01:16 | 000,000,000 | ---D | M] (CountdownClock) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{19D3B002-1AD1-4a69-A5B3-AA98773DBB86} [2010.08.17 17:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{239c61a8-e55f-11db-8314-0800200c9a66} [2010.08.16 09:51:36 | 000,000,000 | ---D | M] (Stylish) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.08.17 17:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{4a428302-5267-4749-bb22-459b3236695f} [2010.01.23 00:59:23 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.08.17 17:56:29 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66} [2010.08.16 09:51:42 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{64161300-e22b-11db-8314-0800200c9a66} [2010.08.17 17:56:41 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{70a5ac84-0087-11dc-8314-0800200c9a66} [2010.08.17 20:07:29 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6} [2010.08.17 17:57:09 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2010.06.03 10:27:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2010.08.16 09:51:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.08.17 17:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2010.08.19 09:46:56 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.08.30 10:07:05 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.04.10 09:35:45 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2010.08.17 17:56:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{e213bb8f-8ebd-11db-96b7-005056c00008} [2010.04.10 09:36:08 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.05.07 23:46:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\firebug@software.joehewitt.com [2010.08.30 10:07:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\foxyproxy@eric.h.jung [2010.08.17 17:57:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\nasanightlaunch@example.com [2010.08.17 17:57:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\extensions\redshift_V2@shift-themes.com [2010.08.23 23:04:37 | 000,000,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\searchplugins\icqplugin.xml [2008.08.23 16:04:26 | 000,005,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Mozilla\Firefox\Profiles\rrdr5407.default\searchplugins\magiccardsinfo.xml [2010.08.30 10:07:24 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.08.25 10:59:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.08.25 10:59:30 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2004.05.13 16:37:02 | 000,364,544 | ---- | M] (Microsoft Corporation (written by Digital Renaissance Inc.)) -- C:\Programme\Mozilla Firefox\plugins\npdsplay.dll [2010.08.25 11:05:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll [2009.03.03 12:00:30 | 001,275,856 | ---- | M] (1 mal 1 Software GmbH) -- C:\Programme\Mozilla Firefox\plugins\NpFv501.dll [2007.12.19 14:57:38 | 000,310,272 | ---- | M] () -- C:\Programme\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll [2010.07.27 09:18:36 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.07.27 09:18:36 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.07.27 09:18:37 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.07.27 09:18:37 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.07.27 09:18:37 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.30 22:47:20 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.04.05 06:41:03 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.08.30 22:20:09 | 000,000,000 | ---D | C] -- C:\rsit [2010.08.29 20:14:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Foxit Software [2010.08.25 11:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Panda Security [2010.08.25 11:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software [2010.08.25 11:00:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010.08.25 11:00:27 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java [2010.08.25 10:59:51 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.25 10:59:50 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.25 10:59:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.25 10:59:50 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.25 10:12:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2010.08.24 10:16:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010.08.23 19:33:00 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010.08.23 19:29:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.08.23 19:28:13 | 000,000,000 | ---D | C] -- C:\Downloads [2010.08.23 19:26:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Avira [2010.08.23 19:21:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Recent [2010.08.23 19:07:43 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2010.08.23 19:07:36 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.08.23 19:07:36 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.08.23 19:07:36 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.08.23 19:07:36 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.08.23 19:07:32 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2010.08.23 19:07:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.08.23 17:44:20 | 000,000,000 | ---D | C] -- C:\_OTL [2010.08.23 16:51:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe [2010.08.23 11:49:27 | 000,000,000 | ---D | C] -- C:\Programme\trend micro [2010.08.23 11:09:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Malwarebytes [2010.08.23 11:09:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.08.23 11:09:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.08.23 11:09:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.08.23 11:09:22 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.08.23 10:41:09 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.08.17 20:18:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DivX Shared [2010.08.17 13:23:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\.gimp-2.6 [2010.08.17 13:23:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Eigene Dateien\gegl-0.0 [2010.08.16 00:23:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Ich.DÖ\Eigene Dateien\7lands [2010.08.10 05:15:58 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts ========== Files - Modified Within 30 Days ========== [2010.08.30 22:50:32 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.08.30 22:49:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.08.30 22:49:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.08.30 22:49:00 | 939,048,960 | -HS- | M] () -- C:\hiberfil.sys [2010.08.30 22:47:45 | 007,602,176 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\ntuser.dat [2010.08.30 22:47:45 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\ntuser.ini [2010.08.30 22:47:20 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts [2010.08.30 22:38:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.08.30 22:19:53 | 001,751,583 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\Track18.wma [2010.08.30 22:11:15 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{5D7FD096-657B-427F-A602-02A464BC8C97}.job [2010.08.30 21:37:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\OTL.exe [2010.08.25 10:59:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2010.08.25 10:59:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2010.08.25 10:59:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2010.08.25 10:59:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2010.08.25 10:59:27 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll [2010.08.25 10:10:08 | 000,000,282 | ---- | M] () -- C:\WINDOWS\system.ini [2010.08.23 19:33:12 | 000,000,293 | RHS- | M] () -- C:\boot.ini [2010.08.23 19:09:02 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\cofi.exe [2010.08.23 11:48:21 | 000,339,991 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\RSIT.exe [2010.08.17 20:27:00 | 000,000,753 | ---- | M] () -- C:\WINDOWS\win.ini [2010.08.17 20:27:00 | 000,000,223 | ---- | M] () -- C:\Boot.bak [2010.08.17 16:30:02 | 000,584,606 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg2.jpg [2010.08.17 16:30:02 | 000,003,547 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\.recently-used.xbel [2010.08.17 15:59:47 | 000,294,742 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg1.jpg [2010.08.16 10:37:17 | 000,150,016 | ---- | M] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.14 09:17:25 | 000,299,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.08.14 01:42:45 | 001,004,124 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010.08.14 01:42:45 | 000,434,894 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010.08.14 01:42:45 | 000,068,798 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010.08.10 05:15:58 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx [2010.08.10 05:15:58 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts ========== Files Created - No Company Name ========== [2010.08.30 22:38:11 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2010.08.23 19:33:12 | 000,000,223 | ---- | C] () -- C:\Boot.bak [2010.08.23 19:33:08 | 000,262,448 | ---- | C] () -- C:\cmldr [2010.08.23 19:08:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\cofi.exe [2010.08.23 11:48:17 | 000,339,991 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\RSIT.exe [2010.08.22 10:45:27 | 001,751,583 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\Track18.wma [2010.08.17 20:26:59 | 000,000,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Startmenü\Programme\Autostart\Verknüpfung mit ehtray.exe.lnk [2010.08.17 16:30:02 | 000,584,606 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg2.jpg [2010.08.17 16:30:02 | 000,003,547 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\.recently-used.xbel [2010.08.17 15:59:47 | 000,294,742 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Desktop\bg1.jpg [2009.08.03 11:12:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2008.09.26 21:12:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll [2008.03.24 19:23:01 | 000,554,496 | ---- | C] () -- C:\WINDOWS\System32\dvmsg.dll [2008.02.06 11:35:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2007.12.01 22:46:52 | 000,001,359 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2007.10.30 16:17:40 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\imgpdf2.dll [2007.10.30 16:10:18 | 000,000,215 | ---- | C] () -- C:\WINDOWS\pdf2word.INI [2007.10.30 14:37:23 | 000,000,075 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2007.10.23 21:22:05 | 000,000,872 | ---- | C] () -- C:\WINDOWS\uninst.ini [2007.10.02 20:01:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007.10.02 14:24:32 | 000,002,060 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\HPSU_48BitScanUpdate.log [2007.10.02 14:24:32 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini [2007.10.02 14:01:54 | 000,000,348 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\HelpFilesUpdatePatch_PRINTHELPWRAPPER.log [2007.10.02 14:01:54 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini [2007.10.02 14:01:35 | 000,003,064 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\PatchUpdate_InstantShareJPG.log [2007.10.02 14:01:35 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini [2007.10.02 14:01:23 | 000,003,867 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\PatchUpdate_IZClosingDiscError.log [2007.10.02 14:01:23 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini [2007.10.02 14:00:25 | 000,053,245 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Anwendungsdaten\Update_HP_RedboxHprblog_HPSU.log [2007.10.02 14:00:25 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini [2007.09.26 14:10:53 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2007.09.26 14:06:43 | 000,013,142 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log [2007.04.11 12:19:47 | 000,000,101 | ---- | C] () -- C:\WINDOWS\ChssBase.ini [2007.03.30 12:51:17 | 000,000,071 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI [2007.01.05 18:37:11 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL [2006.12.25 22:14:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI [2006.12.10 21:24:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hiphopmaker.INI [2006.11.26 12:44:59 | 000,000,127 | ---- | C] () -- C:\WINDOWS\VoiceOver.INI [2006.11.25 23:10:13 | 000,001,872 | ---- | C] () -- C:\WINDOWS\Ultra EDIT.INI [2006.11.25 22:31:01 | 000,000,426 | ---- | C] () -- C:\WINDOWS\canopus.ini [2006.10.19 13:38:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2006.09.24 15:08:50 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2006.09.07 17:54:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.09.06 20:18:07 | 000,150,016 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006.09.06 20:18:07 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Ich.DÖ\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2006.04.06 16:04:48 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\2246DFD473.sys [2006.04.05 07:20:51 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2006.04.05 06:37:17 | 000,038,912 | ---- | C] () -- C:\WINDOWS\System32\mgxasio.dll [2006.04.05 06:33:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\magix.ini [2006.04.03 20:17:03 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2006.04.03 20:17:00 | 000,002,856 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2006.04.03 19:42:33 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2006.03.30 10:33:14 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\4212FAB396.sys [2006.03.30 10:33:13 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys [2006.03.30 09:48:13 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.03.23 18:41:31 | 000,000,941 | ---- | C] () -- C:\WINDOWS\orun32.ini [2006.03.23 17:36:00 | 000,000,362 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2006.03.23 16:04:03 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2006.03.23 15:47:37 | 000,002,396 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2006.03.23 15:33:45 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005.08.05 15:26:04 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2001.07.06 15:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL < End of report > |
|
30.08.2010, 22:09
| #41 |
| | Fehlermeldungen beim Startup Dank dem besch+++++ (zensiert) Rechtesystem von MS, ja. Es gibt noch andere Möglichkeiten, aber so eine LiveCD sollte jeder haben. ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
02.09.2010, 23:37
| #42 |
| | Fehlermeldungen beim Startup Noch zwei Fragen: 1. Was hätten die Viren auf meinem PC gemacht, wenn sie nicht entfernt worden wären? 2. Wie verhindere ich, dass sich bei mir wieder was einnistet? |
|
03.09.2010, 18:53
| #43 | ||
| | Fehlermeldungen beim StartupZitat:
Zitat:
ciao, andreas
__________________ Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung! Für alle NeuenPrivatbetreuung nur gegen Bezahlung und ich koste sehr teuer. Anleitungen Virenscanner Kompromittierung unvermeidbar? |
|
.
Linear-Darstellung
