|
Log-Analyse und Auswertung: Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
22.04.2011, 15:08 | #1 |
| Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Hallo, ich habe zu meinem Problem hier schon etwas gelesen und hoffe Ihr könnt mir helfen. Neben der beschriebenen Fehlermeldung habe ich noch den Hinweis auf eine kritische Ramausnutzung und ein Programm wollte mein System reparieren, nachdem es angeblich kritische Festplattenfehler diagnostiziert hat. Dateien auf C und einer externen USB Festplatte sind nicht mehr sichtbar. Den Taskmanager konnte ich über einen Regediteintrag wieder aktivieren und das angebliche Windows Reparaturprogramm stoppen. Einen OTL Scan habe ich bereits ausgeführt und poste die OTL.TXT und Extras.TXT Bitte helft mir. Bin total fertig, weil meine Daten nicht mehr sichtbar sind. JörgOTL Logfile: Code:
ATTFilter OTL logfile created on: 22.04.2011 15:35:35 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,04 Gb Total Space | 63,21 Gb Free Space | 42,41% Space Free | Partition Type: NTFS Computer Name: XPPC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.22 15:35:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe PRC - [2011.04.22 14:41:25 | 000,565,248 | -H-- | M] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe PRC - [2010.10.29 22:06:08 | 005,915,480 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\Vid HD\Vid.exe PRC - [2010.08.24 11:38:18 | 000,092,008 | -H-- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.05.07 19:47:32 | 000,162,648 | -H-- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2010.05.07 19:43:52 | 000,651,096 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\LogiShrd\LQCVFX\COCIManager.exe PRC - [2010.05.07 19:35:22 | 000,165,208 | -H-- | M] (Logitech Inc.) -- C:\Programme\Logitech\LWS\Webcam Software\LWS.exe PRC - [2010.05.07 19:34:58 | 000,168,792 | -H-- | M] () -- C:\Programme\Logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2009.12.11 11:25:53 | 000,470,785 | -H-- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avcenter.exe PRC - [2009.11.20 08:09:02 | 000,466,689 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avscan.exe PRC - [2009.07.21 15:34:28 | 000,185,089 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 17:48:18 | 000,108,289 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.03.02 14:08:43 | 000,209,153 | -H-- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2008.10.24 09:14:36 | 000,206,112 | -H-- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe PRC - [2008.09.10 14:01:28 | 000,611,664 | -H-- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008.04.14 07:52:36 | 000,012,288 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\attrib.exe PRC - [2007.10.18 15:32:42 | 000,079,136 | -H-- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe PRC - [2007.09.06 13:26:20 | 000,221,184 | -H-- | M] (SafeBoot International) -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe PRC - [2007.04.10 13:10:20 | 001,489,688 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\UNS.exe PRC - [2007.04.10 13:10:16 | 000,183,064 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchksrv.exe PRC - [2007.04.10 13:10:10 | 000,404,248 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\atchk.exe PRC - [2007.04.10 13:10:06 | 000,121,624 | -H-- | M] (Intel Corporation) -- C:\Programme\Intel\AMT\LMS.exe PRC - [2007.03.07 06:19:00 | 000,066,048 | RH-- | M] (Bioscrypt Inc.) -- c:\Programme\Hewlett-Packard\IAM\Bin\asghost.exe PRC - [2007.01.25 04:52:26 | 000,065,536 | -H-- | M] () -- C:\Programme\Gemeinsame Dateien\NMSAccessU.exe PRC - [2007.01.24 14:28:58 | 000,124,928 | -H-- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\accelerometerST.exe PRC - [2007.01.09 15:52:32 | 000,145,184 | -H-- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe PRC - [2004.09.10 15:32:48 | 000,053,248 | -H-- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfBAgS.exe ========== Modules (SafeList) ========== MOD - [2011.04.22 15:35:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe MOD - [2010.08.23 18:11:46 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2007.02.26 04:49:00 | 000,070,144 | RH-- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll ========== Win32 Services (SafeList) ========== SRV - [2010.09.16 20:54:15 | 000,867,080 | -H-- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.08.24 11:38:18 | 000,092,008 | -H-- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2010.05.07 19:47:32 | 000,162,648 | -H-- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2009.10.15 06:51:14 | 000,087,336 | -H-- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Programme\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost) SRV - [2009.10.11 14:47:31 | 000,079,360 | -H-- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service) SRV - [2009.07.21 15:34:28 | 000,185,089 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.07.08 13:31:36 | 000,313,840 | -H-- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9) SRV - [2009.07.08 13:31:32 | 000,170,480 | -H-- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9) SRV - [2009.07.08 13:31:12 | 001,108,464 | -H-- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9) SRV - [2009.05.13 17:48:18 | 000,108,289 | -H-- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.09.10 14:01:28 | 000,611,664 | -H-- | M] (Lavasoft) [Auto | Running] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2008.08.20 07:08:30 | 000,070,336 | -H-- | M] () [On_Demand | Stopped] -- C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2007.11.08 01:58:18 | 003,004,416 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90) SRV - [2007.10.18 15:32:42 | 000,079,136 | -H-- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService) SRV - [2007.09.06 13:26:20 | 000,221,184 | -H-- | M] (SafeBoot International) [Auto | Running] -- c:\Programme\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService) SRV - [2007.06.08 09:06:42 | 000,172,131 | RH-- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK) SRV - [2007.04.10 13:10:20 | 001,489,688 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\UNS.exe -- (UNS) Intel(R) SRV - [2007.04.10 13:10:16 | 000,183,064 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R) SRV - [2007.04.10 13:10:06 | 000,121,624 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\AMT\LMS.exe -- (LMS) Intel(R) SRV - [2007.03.14 06:03:00 | 000,074,752 | RH-- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker) SRV - [2007.01.25 04:52:26 | 000,065,536 | -H-- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\NMSAccessU.exe -- (NMSAccessU) SRV - [2006.10.26 19:49:34 | 000,441,136 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2006.10.26 14:03:08 | 000,145,184 | -H-- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.06.22 06:14:00 | 000,131,584 | RH-- | M] (Cognizance Corporation) [Auto | Running] -- c:\Programme\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel) SRV - [2005.09.23 07:01:16 | 002,799,808 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80) SRV - [2004.10.22 03:24:18 | 000,073,728 | -H-- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004.09.10 15:32:48 | 000,053,248 | -H-- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\BrmfBAgS.exe -- (brmfbags) ========== Driver Services (SafeList) ========== DRV - [2010.11.10 04:49:50 | 004,323,040 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC) DRV - [2010.11.10 04:48:12 | 000,283,744 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2010.05.07 19:43:30 | 000,025,824 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2009.12.11 11:25:55 | 000,056,816 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.11 11:12:20 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 11:33:03 | 000,096,104 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 13:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.01 20:32:29 | 000,101,248 | -H-- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmaura.sys -- (avmaura) DRV - [2008.10.03 17:01:34 | 000,057,536 | -H-- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS) DRV - [2008.04.28 15:22:10 | 000,009,344 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey) DRV - [2008.04.14 00:06:42 | 000,063,744 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf) DRV - [2008.03.13 03:25:36 | 002,530,176 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R) DRV - [2008.01.17 02:10:15 | 000,107,168 | -H-- | M] (Your Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Mach3.sys -- (Mach3) DRV - [2007.10.16 07:29:00 | 000,989,312 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2007.10.16 07:28:20 | 000,211,200 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2007.10.16 07:28:16 | 000,731,136 | -H-- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2007.08.28 15:47:36 | 000,146,560 | -H-- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) DRV - [2007.08.14 17:59:52 | 000,005,840 | -H-- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock) DRV - [2007.08.14 17:59:44 | 000,101,167 | -H-- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot) DRV - [2007.07.20 00:39:50 | 002,142,488 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2007.07.19 02:44:22 | 000,022,296 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService) DRV - [2007.07.19 02:44:00 | 000,041,752 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2007.07.19 02:43:37 | 000,066,456 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvselsus.sys -- (lvselsus) DRV - [2007.07.19 02:42:29 | 001,920,920 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007.07.19 02:39:15 | 001,278,104 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI) DRV - [2007.07.19 02:39:15 | 000,013,848 | RH-- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lv302af.sys -- (pepifilter) DRV - [2007.07.12 11:41:52 | 000,045,056 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R) DRV - [2007.06.18 17:12:04 | 000,016,768 | -H-- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.06.14 16:22:58 | 000,013,184 | -H-- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock) DRV - [2007.06.08 08:49:46 | 000,030,008 | RH-- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv) DRV - [2007.04.21 03:00:00 | 000,146,368 | RH-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0470Vid.sys -- (VF0470Vid) Live! Cam Notebook (VF0470) DRV - [2007.04.04 19:16:20 | 000,041,216 | -H-- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM) DRV - [2007.03.21 22:02:04 | 000,037,376 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 14:42:22 | 000,039,936 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.02.14 14:21:00 | 000,067,960 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2007.02.14 14:20:58 | 000,868,298 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2007.02.14 14:20:58 | 000,149,123 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2007.02.14 14:20:58 | 000,030,459 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2007.02.14 14:20:56 | 000,530,861 | -H-- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2007.01.23 16:40:20 | 000,042,496 | -H-- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.20 01:08:00 | 000,047,616 | -H-- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32) DRV - [2006.10.17 10:59:06 | 000,022,016 | -H-- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2006.10.17 10:57:58 | 000,017,920 | -H-- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2006.10.09 13:31:46 | 000,044,720 | -H-- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg) DRV - [2004.11.05 11:08:06 | 000,670,208 | -H-- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2004.05.11 18:11:02 | 000,099,968 | -H-- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb) DRV - [2004.04.28 09:03:08 | 000,328,448 | -H-- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp) DRV - [2003.12.10 11:40:44 | 000,031,650 | -H-- | M] (BridgeCo AG, Switzerland) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\bcoreth5.sys -- (BCORETH5) DRV - [2001.08.18 05:21:04 | 000,039,808 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParwdm.sys -- (BrParWdm) Brother WDM-Treiber (parallel) DRV - [2001.08.17 15:05:48 | 000,314,752 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrO21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000 (08B0) DRV - [2001.08.17 14:12:24 | 000,003,168 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrParImg.sys -- (brparimg) DRV - [2001.08.17 14:12:12 | 000,002,944 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== [2009.02.15 11:01:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions [2009.02.15 11:01:12 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2009.02.24 11:27:36 | 000,000,000 | -H-D | M] (Long Titles) -- C:\PROGRAMME\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF} O1 HOSTS File: ([2010.03.24 06:55:42 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll () O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Programme\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (Freeware.de Toolbar) - {7e111a5c-3d11-4f56-9463-5310c3c69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Freeware.de Toolbar) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - C:\Programme\Freeware.de\prxtbFre0.dll (Conduit Ltd.) O4 - HKLM..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\accelerometerST.exe (Hewlett-Packard Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [atchk] C:\Programme\Intel\AMT\atchk.exe (Intel Corporation) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CognizanceTS] c:\Programme\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Cognizance Corporation) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LWS] C:\Programme\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PTHOSTTR] c:\Programme\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.) O4 - HKCU..\Run: [GoWNKtoBbTfMqRQ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe (WinTrust) O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - HKCU..\Run: [Logitech Vid] C:\Programme\Logitech\Vid HD\Vid.exe (Logitech Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Programme\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Programme\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Programme\Free Download Manager\dllink.htm () O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Programme\Free Download Manager\dlfvideo.htm () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programme\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - File not found O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: fritz.repeater ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range2 ([*] in Lokales Intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited) O20 - Winlogon\Notify\OneCard: DllName - c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - c:\Programme\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.10.16 21:01:03 | 000,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{8af6060a-fb3e-11dd-acbe-001de0a1c83b}\Shell\AutoRun\command - "" = F:\InstallTomTomHOME.exe O33 - MountPoints2\{e80a1e4e-10bf-11de-acd6-001de0a1c83b}\Shell\AutoRun\command - "" = H:\kqnns.exe O33 - MountPoints2\{e80a1e4e-10bf-11de-acd6-001de0a1c83b}\Shell\explore\Command - "" = H:\kqnns.exe O33 - MountPoints2\{e80a1e4e-10bf-11de-acd6-001de0a1c83b}\Shell\open\Command - "" = H:\kqnns.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.04.22 15:34:57 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.04.22 15:21:34 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Admin\Recent [2011.04.22 15:06:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows Recovery [2011.04.22 14:42:49 | 000,004,224 | -H-- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\beep.sys [2011.04.22 14:41:26 | 000,565,248 | -H-- | C] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe [2011.04.21 15:49:18 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan [2011.04.21 15:49:16 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Security Task Manager [2011.04.21 15:49:15 | 000,000,000 | -H-D | C] -- C:\Programme\Security Task Manager [2008.08.13 21:24:10 | 000,152,848 | -H-- | C] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Comdlg32.ocx [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.04.22 15:35:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Admin\Desktop\OTL.exe [2011.04.22 15:10:03 | 000,000,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332 [2011.04.22 15:10:02 | 000,000,152 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332r [2011.04.22 15:09:49 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.04.22 15:07:56 | 000,311,473 | -H-- | M] () -- C:\WINDOWS\System32\nvModes.001 [2011.04.22 15:06:40 | 000,000,823 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows Recovery.lnk [2011.04.22 15:06:36 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19521332 [2011.04.22 15:06:32 | 000,175,033 | -H-- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.04.22 15:06:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.04.22 14:41:25 | 000,565,248 | -H-- | M] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe [2011.04.22 14:32:29 | 000,000,664 | -H-- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011.04.17 17:30:47 | 000,395,160 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.04.17 17:29:11 | 000,001,374 | -H-- | M] () -- C:\WINDOWS\imsins.BAK [2011.04.17 17:28:04 | 000,535,772 | -H-- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.04.17 17:28:04 | 000,482,804 | -H-- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.04.17 17:28:04 | 000,115,786 | -H-- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.04.17 17:28:04 | 000,086,634 | -H-- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.04.11 16:54:52 | 000,002,593 | -H-- | M] () -- C:\WINDOWS\BrmfBidi.ini [2011.03.28 20:42:27 | 000,002,405 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SolidWorks 2010.lnk [2011.03.27 14:36:05 | 004,807,834 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\221403_CNS_Unterbaubecken_10-2009.pdf [2011.03.25 22:46:03 | 000,000,276 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.04.22 15:10:02 | 000,000,176 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332 [2011.04.22 15:10:02 | 000,000,152 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332r [2011.04.22 15:06:40 | 000,000,823 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows Recovery.lnk [2011.04.22 15:06:36 | 000,000,336 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19521332 [2011.03.27 14:36:05 | 004,807,834 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Desktop\221403_CNS_Unterbaubecken_10-2009.pdf [2011.01.07 22:37:07 | 000,002,593 | -H-- | C] () -- C:\WINDOWS\BrmfBidi.ini [2010.11.10 04:45:32 | 000,102,744 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2010.11.10 04:45:30 | 010,871,128 | -H-- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2010.11.10 04:45:20 | 000,316,248 | -H-- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2010.09.06 06:42:02 | 000,616,256 | -H-- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.05.07 19:46:36 | 000,014,168 | -H-- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2010.05.07 19:43:30 | 000,025,824 | -H-- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2010.03.24 06:47:06 | 000,261,632 | -H-- | C] () -- C:\WINDOWS\PEV.exe [2010.03.24 06:47:06 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe [2010.03.24 06:47:06 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe [2010.03.24 06:47:06 | 000,077,312 | -H-- | C] () -- C:\WINDOWS\MBR.exe [2010.03.24 06:47:06 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe [2010.02.13 13:26:53 | 000,000,347 | -H-- | C] () -- C:\WINDOWS\wiso.ini [2009.12.30 16:59:09 | 000,000,267 | -H-- | C] () -- C:\WINDOWS\A5W.INI [2009.11.13 13:09:19 | 000,345,600 | -H-- | C] () -- C:\WINDOWS\System32\K8055D.dll [2009.11.08 14:57:32 | 000,000,422 | -H-- | C] () -- C:\WINDOWS\ODBC.INI [2009.11.06 14:52:30 | 000,006,550 | -H-- | C] () -- C:\WINDOWS\jautoexp.dat [2009.10.16 21:24:34 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.04.16 22:07:06 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI [2009.03.06 11:27:43 | 000,000,256 | -H-- | C] () -- C:\WINDOWS\System32\pool.bin [2008.12.29 19:46:12 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\Relax.ini [2008.12.29 17:56:04 | 000,571,904 | -H-- | C] () -- C:\WINDOWS\System32\DLL_MHJProperties.dll [2008.12.29 17:56:04 | 000,158,208 | -H-- | C] () -- C:\WINDOWS\System32\DLL_MHJSimaticDriver.dll [2008.12.29 17:55:58 | 000,147,488 | -H-- | C] () -- C:\WINDOWS\System32\S5AG32.dll [2008.12.29 17:55:36 | 000,610,304 | -H-- | C] () -- C:\WINDOWS\System32\WS7_S7AG.dll [2008.12.05 12:40:51 | 000,000,105 | -H-- | C] () -- C:\WINDOWS\Mach3.INI [2008.11.02 21:59:44 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2008.10.31 22:37:28 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\FESTO.INI [2008.09.07 11:34:24 | 000,000,754 | -H-- | C] () -- C:\WINDOWS\WORDPAD.INI [2008.08.30 15:00:13 | 000,765,952 | -H-- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2008.08.30 15:00:13 | 000,180,224 | -H-- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2008.08.17 11:33:55 | 000,116,224 | -H-- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2008.08.17 11:33:55 | 000,045,056 | -H-- | C] () -- C:\WINDOWS\System32\unredmon.exe [2008.08.09 17:14:51 | 000,000,432 | -H-- | C] () -- C:\WINDOWS\BRWMARK.INI [2008.08.09 17:13:15 | 000,000,065 | -H-- | C] () -- C:\WINDOWS\System32\BD7010.dat [2008.08.09 17:12:45 | 000,000,052 | -H-- | C] () -- C:\WINDOWS\System32\BrmfBAgP.ini [2008.08.09 17:12:45 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\BrmfBiPP.dat [2008.08.09 17:12:45 | 000,000,029 | -H-- | C] () -- C:\WINDOWS\System32\BrmfBAgS.ini [2008.08.09 17:12:39 | 000,077,824 | -H-- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL [2008.08.09 17:12:35 | 000,106,496 | -H-- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2008.08.09 17:10:54 | 000,027,114 | -H-- | C] () -- C:\WINDOWS\maxlink.ini [2008.08.09 12:22:53 | 000,026,286 | -H-- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008.08.08 17:23:08 | 000,226,816 | -H-- | C] () -- C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.08.08 14:57:31 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI [2008.08.04 11:59:45 | 000,311,473 | -H-- | C] () -- C:\WINDOWS\System32\nvModes.dat [2008.08.04 11:14:58 | 000,016,480 | -H-- | C] () -- C:\WINDOWS\System32\rixdicon.dll [2008.07.30 17:44:12 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.07.30 17:42:57 | 000,395,160 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.07.30 17:00:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.07.30 16:53:05 | 000,021,740 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.05.26 22:23:36 | 000,016,834 | -H-- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | -H-- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | -H-- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | -H-- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.05.16 11:58:04 | 000,012,632 | -H-- | C] () -- C:\WINDOWS\System32\lsdelete.exe [2008.03.19 07:00:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008.03.19 07:00:00 | 001,630,208 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008.03.19 07:00:00 | 001,486,848 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll [2008.03.19 07:00:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008.03.19 07:00:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008.03.19 07:00:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008.03.19 07:00:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008.03.19 07:00:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe [2007.08.14 17:59:44 | 000,101,167 | -H-- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys [2007.07.27 14:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin [2007.07.27 14:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat [2007.07.27 14:00:00 | 000,535,772 | -H-- | C] () -- C:\WINDOWS\System32\perfh007.dat [2007.07.27 14:00:00 | 000,482,804 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007.07.27 14:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007.07.27 14:00:00 | 000,269,480 | -H-- | C] () -- C:\WINDOWS\System32\perfi007.dat [2007.07.27 14:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat [2007.07.27 14:00:00 | 000,115,786 | -H-- | C] () -- C:\WINDOWS\System32\perfc007.dat [2007.07.27 14:00:00 | 000,086,634 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007.07.27 14:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin [2007.07.27 14:00:00 | 000,034,478 | -H-- | C] () -- C:\WINDOWS\System32\perfd007.dat [2007.07.27 14:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007.07.27 14:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat [2007.07.27 14:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat [2007.07.27 14:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin [2007.07.27 14:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat [2007.06.08 09:05:38 | 000,274,432 | -H-- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll [2007.02.06 15:20:00 | 002,842,624 | -H-- | C] () -- C:\WINDOWS\System32\btwicons.dll [2007.02.06 14:55:52 | 000,090,112 | -H-- | C] () -- C:\WINDOWS\System32\btprn2k.dll [2007.01.25 04:52:26 | 000,065,536 | -H-- | C] () -- C:\Programme\Gemeinsame Dateien\NMSAccessU.exe [2006.06.13 16:35:32 | 000,053,760 | -H-- | C] () -- C:\WINDOWS\System32\zlib.dll [2002.03.04 10:16:34 | 000,110,592 | RH-- | C] () -- C:\WINDOWS\System32\Jpeg32.dll [2001.11.14 12:56:00 | 001,802,240 | -H-- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001.11.08 03:27:00 | 000,237,568 | -H-- | C] () -- C:\WINDOWS\System32\glut32.dll [1998.06.10 01:00:00 | 000,015,120 | -H-- | C] () -- C:\WINDOWS\System32\REPUTIL.DLL [1998.05.07 03:10:00 | 000,069,632 | RH-- | C] () -- C:\WINDOWS\System32\ODMA32.dll < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.04.2011 15:35:35 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Dokumente und Einstellungen\Admin\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 59,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 149,04 Gb Total Space | 63,21 Gb Free Space | 42,41% Space Free | Partition Type: NTFS Computer Name: XPPC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [SNAPFISH] -- "C:\Programme\SNAPFISH\SNAPFISH\SNAPFISH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe" = C:\Programme\Pegasus Technologies\PC Notes Taker\PCNotesTaker.exe:*:Enabled:PC Notes Taker -- (Pegasus Technologies) "C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.) "C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule "C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Apps\2.0\5XVRMD6G.VLY\AOJJJ49G.KOJ\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Apps\2.0\5XVRMD6G.VLY\AOJJJ49G.KOJ\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf149dd7a141\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin) "C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth "C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\pftCF.tmp\fsetup.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\pftCF.tmp\fsetup.exe:*:Enabled:AVM FSetup Application "C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\pft11.tmp\fsetup.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\pft11.tmp\fsetup.exe:*:Enabled:AVM FSetup Application "C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\pft2D.tmp\fsetup.exe" = C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temp\pft2D.tmp\fsetup.exe:*:Enabled:AVM FSetup Application "C:\Programme\Logitech\Vid HD\Vid.exe" = C:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.) "C:\Dokumente und Einstellungen\Admin\Desktop\AudioConverter_Setup.exe" = C:\Dokumente und Einstellungen\Admin\Desktop\AudioConverter_Setup.exe:*:Enabled:Audio Converter -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS) "{05F334A4-BCA1-4D9E-9B9B-A0B6C5E2C0DD}" = Drive Encryption for HP ProtectTools "{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch) "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{159098AF-4EB8-4C10-B0C6-24CDA32B45F9}" = Microsoft SQL Server Compact 3.5 DEU "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{18E1FD72-60FA-3E10-A66B-640970B5559F}" = Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU "{1959101B-E34C-4266-8915-20F23B5BCF43}" = SolidWorks eDrawings 2010 "{1C3ADB5F-750E-4453-AC98-B75C5323845C}" = Microsoft SQL Server Compact 3.5 for Devices DEU "{1D1347A8-D5E8-466D-A1FD-2EC88A9AEC58}" = PC Notes Taker "{1D1D8ADC-BF08-4E61-9393-5FA305B16864}" = Microsoft SQL Server Native Client "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1 "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20 "{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager "{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler "{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 F1 "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime "{3924C3E7-C440-4B23-9740-9A9EC0545F21}" = Crystal Reports Basic German Language Pack for Visual Studio 2008 "{3AAFCB5F-5166-46EC-A521-E363C6950A94}" = Steuer Update 15.01 "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{4109EEA6-0868-41B8-B79A-07DCFB2B1C93}" = SmartView 2.1 "{429E92A4-159F-4AEC-85A1-D693E1E4274D}" = HP 3D DriveGuard "{445174EA-3D3A-308E-84AD-446127E71441}" = Microsoft Visual Studio 2008 Professional Edition - DEU "{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Steuer 2010 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4ACDC413-AF13-3934-8D8A-1F8CEF70D1A5}" = Microsoft Document Explorer 2008 Language Pack - DEU "{4CF29999-1BB0-42B2-99BB-3A34507F9E3B}" = Steuer Update 15.01 "{4D917958-6A96-4CBC-AA7D-FB16C854EE36}" = DMP Installer "{4E3A817A-8033-3D7E-BCA9-102EFF3FD9CA}" = Microsoft Device Emulator Version 3.0 - DEU "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features "{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools "{59046D29-2E6B-4224-BF0D-64F3E7A93F7B}" = LightScribe System Software 1.10.19.1 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C853 Media Driver Ver.1.02.00.03 "{5C759B74-34F4-43C6-A5D9-039CB754C5E9}" = Microsoft SQL Server VSS Writer "{5DB161C0-7C9C-41D7-8DA1-CB112F60946B}" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6 "{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008 "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 1.00 A7 "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{721B5CF0-D220-4955-BB6F-EBCFB1096DE7}" = Windows Mobile 5.0 SDK R2 for Pocket PC "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{72CCBEA1-8D57-4981-A337-81019F28C5BA}" = Microsoft .NET Compact Framework 3.5 "{77130095-2039-424F-A633-4FAF0261258A}" = Java Card Security for HP ProtectTools "{7A434D88-4A51-4DD9-8B8B-BC6666BC25A0}" = SJ KOSMA "{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries "{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology "{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12 "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007 "{90120000-0021-0407-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (German) 2007 "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser "{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU "{94056AE8-EF0F-45E4-A1B4-D754115F8A28}" = Numedia CD-DVD writing as non-admin user "{99F0C3CC-8DF0-3611-B190-CF4D1AF0E053}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2 "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch "{AF2066F6-7C57-46A1-A306-077EBBFC7B2B}" = SolidWorks 2010 SP0 "{B0F64C44-DC77-497D-9A27-C0F5BAB12493}" = muveeNow 2.0 - Creative "{B1060346-9388-4C5B-AA52-176C39819E43}" = Microsoft .NET Compact Framework 2.0 SP2 "{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools "{B98BE95C-E76F-4246-B8E6-BEB8EE791D06}" = Roxio Media Manager "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{BBAAAD82-6242-420F-86D4-BD72BB5E6C86}" = Tools für Microsoft SQL Server 2005 Express Edition "{BC35397E-6A05-4E93-8418-1BA7CD2B7AAB}" = BIOS Configuration for HP ProtectTools "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C15F7F16-941E-414B-A676-40190CD621D5}" = Credential Manager for HP ProtectTools "{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D475588F-91C9-365E-AB40-D588111DD7C4}" = MSDN Library for Visual Studio 2008 - DEU "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU "{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service "{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite "{DA7F48EF-5F56-45FE-9169-3B8159A7A323}" = Windows Mobile 5.0 SDK R2 for Smartphone "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F04D6A72-92D3-44FB-9005-A89065245E33}" = Steuer Update 15.01 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser "{F722209B-739E-40E4-ADB1-062BD032A0DB}" = Personal ID "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "AVMFBox" = AVM FRITZ!Box Dokumentation "AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss "Bauskript Software 2010-3 Standard" = Bauskript Software 2010-3 Standard "BlackBerry_{205A5182-EFC8-4C25-B61D-C164F8FF4048}" = BlackBerry Desktop Software 5.0.1 "CCleaner" = CCleaner "CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpqZ3795" = Soft Data Fax Modem with SmartCP "Creative Live! Cam Center" = Creative Live! Cam Center "Creative Live! Cam Manager" = Creative Live! Cam Manager "Creative Live! Cam User's Guide" = Creative Live! Cam-Benutzerhandbuch "Creative Photo Manager" = Creative Photo Manager "Creative VF0470" = Creative Live! Cam Notebook Driver (1.00.03.0000) "DSMT6" = MathType 6 "ENTERPRISE" = Microsoft Office Enterprise 2007 "FileZilla Client" = FileZilla Client 3.2.8.1 "Free Download Manager_is1" = Free Download Manager 2.5 "FreePDF_XP" = FreePDF XP (Remove only) "Freeware.de Toolbar" = Freeware.de Toolbar "GPL Ghostscript 8.62" = GPL Ghostscript 8.62 "GPL Ghostscript Fonts" = GPL Ghostscript Fonts "HECI" = Intel(R) Management Engine Interface "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie8" = Windows Internet Explorer 8 "IrfanView" = IrfanView (remove only) "IsoBuster_is1" = IsoBuster 2.8 "K8055" = K8055 "Logitech Vid" = Logitech Vid HD "Mach3 R3.041W-26-Dev(SS)" = Mach3 R3.041W-26-Dev(SS) "MESOL" = Intel(R) Active Management Technology Device Software "Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008 "Microsoft Document Explorer 2008 Language Pack - DEU" = Microsoft Document Explorer 2008 Language Pack - DEU "Microsoft SQL Server 2005" = Microsoft SQL Server 2005 "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime "Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack" = Microsoft Visual Studio 2005 Tools for Office Runtime Language Pack "Microsoft Visual Studio 2008 Professional Edition - DEU" = Microsoft Visual Studio 2008 Professional Edition - DEU "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSDN Library für Visual Studio 2008 - DEU" = MSDN Library für Visual Studio 2008 - DEU "MsJavaVM" = Microsoft VM for Java "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "PROSet" = Intel(R) Network Connections Drivers "QcDrv" = Logitech® Camera-Treiber "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Security Task Manager" = Security Task Manager 1.8c "SheetCam" = SheetCam V6.0.0 "SNAPFISH" = SNAPFISH "SolidWorks Installation Manager 20100-40000-1100-200" = SolidWorks 2010 SP0 "SPS-VISU V4.60" = SPS-VISU V4.60 "ST6UNST #1" = K8055 Demo "ST6UNST #2" = K8055 Demo (C:\Programme\Project1\) "SynTPDeinstKey" = Synaptics Pointing Device Driver "SysInfo" = Creative-Systeminformationen "TomTom HOME" = TomTom HOME 2.7.6.2056 "Trackplanner_is1" = Trackplanner 1.1.9 "Visual Studio 6.0 Enterprise Edition" = Microsoft Visual Studio 6.0 Enterprise Edition "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime "Visual Studio Tools for the Office system 3.0 Runtime Language Pack - DEU" = Visual Studio-Tools für Office System 3.0 Runtime Language Pack - DEU "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WebPost" = Microsoft Web Publishing Wizard 1.53 "Weight Watchers FlexPoints" = Weight Watchers FlexPoints "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR "WinSPS-S7 V4.25" = WinSPS-S7 V4.25 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "Xvid_is1" = Xvid 1.1.3 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11.04.2011 10:57:34 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 11.04.2011 16:27:26 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 17.04.2011 02:43:24 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 17.04.2011 11:32:14 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 20.04.2011 01:26:33 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 20.04.2011 01:26:38 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 20.04.2011 13:57:16 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 21.04.2011 09:44:56 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 22.04.2011 09:07:53 | Computer Name = XPPC | Source = Intel(R) AMT | ID = 2002 Description = [UNS] Failed to subscribe to local Intel(R) AMT. Error - 22.04.2011 09:10:02 | Computer Name = XPPC | Source = Windows Search Service | ID = 3013 Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\RECENT\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) [ OSession Events ] Error - 17.08.2008 06:55:48 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4764 seconds with 2940 seconds of active time. This session ended with a crash. Error - 25.10.2008 06:07:57 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 943 seconds with 300 seconds of active time. This session ended with a crash. Error - 28.03.2009 16:43:39 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4742 seconds with 960 seconds of active time. This session ended with a crash. Error - 03.04.2009 04:04:15 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 700 seconds with 120 seconds of active time. This session ended with a crash. Error - 28.05.2009 15:41:06 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 68 seconds with 60 seconds of active time. This session ended with a crash. Error - 02.12.2009 15:07:29 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 286124 seconds with 1380 seconds of active time. This session ended with a crash. Error - 23.02.2010 02:00:41 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 41657 seconds with 2880 seconds of active time. This session ended with a crash. Error - 01.06.2010 09:41:28 | Computer Name = XPPC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1066. This session lasted 3465 seconds with 2220 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.04.2011 10:57:41 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 11.04.2011 16:27:33 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 17.04.2011 02:43:38 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 17.04.2011 11:32:21 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 20.04.2011 01:26:41 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 20.04.2011 13:57:23 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 21.04.2011 09:45:04 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 21.04.2011 09:47:21 | Computer Name = XPPC | Source = Service Control Manager | ID = 7034 Description = Dienst "Roxio Upnp Server 9" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 22.04.2011 09:08:01 | Computer Name = XPPC | Source = Service Control Manager | ID = 7009 Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio Hard Drive Watcher 9. Error - 22.04.2011 09:18:36 | Computer Name = XPPC | Source = DCOM | ID = 10010 Description = Der Server "{FFF2D28F-E4EE-44D9-8104-8E71556757F6}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. < End of report > |
22.04.2011, 15:18 | #2 |
/// Malware-holic | Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. • Starte bitte die OTL.exe
__________________• Kopiere nun das Folgende in die Textbox. :OTL O4 - HKCU..\Run: [GoWNKtoBbTfMqRQ] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe (WinTrust) [2011.04.22 15:06:39 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows Recovery [2011.04.22 14:41:26 | 000,565,248 | -H-- | C] (WinTrust) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe [2011.04.22 15:10:03 | 000,000,176 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332 [2011.04.22 15:10:02 | 000,000,152 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332r [2011.04.22 15:06:40 | 000,000,823 | -H-- | M] () -- C:\Dokumente und Einstellungen\Admin\Desktop\Windows Recovery.lnk [2011.04.22 15:06:36 | 000,000,336 | -H-- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19521332 :Files C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. lade unhide: http://www.trojaner-board.de/54791-a...ner-board.html
__________________ |
22.04.2011, 16:00 | #3 |
| Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Hallo,habe OTL mit den angegebenen Zeilen ausgeführt und nach dem Reboot folgendes Textfile gefunden:
__________________All processes killed ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GoWNKtoBbTfMqRQ deleted successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe moved successfully. C:\Dokumente und Einstellungen\Admin\Startmenü\Programme\Windows Recovery folder moved successfully. File C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe not found. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332 moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19521332r moved successfully. C:\Dokumente und Einstellungen\Admin\Desktop\Windows Recovery.lnk moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19521332 moved successfully. ========== FILES ========== File\Folder C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoWNKtoBbTfMqRQ.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: Admin ->Flash cache emptied: 25123 bytes User: All Users User: CURRENT_USER User: Default User User: LocalService User: NetworkService Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Admin ->Temp folder emptied: 488319336 bytes ->Temporary Internet Files folder emptied: 389090590 bytes ->Java cache emptied: 796580 bytes ->Google Chrome cache emptied: 6711556 bytes ->Flash cache emptied: 0 bytes User: All Users User: CURRENT_USER User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 210368 bytes User: NetworkService ->Temp folder emptied: 147456 bytes ->Temporary Internet Files folder emptied: 126853146 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2154807 bytes %systemroot%\System32 .tmp files removed: 1243227 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 98753309 bytes RecycleBin emptied: 829804758 bytes Total Files Cleaned = 1.854,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 04222011_165308 Files\Folders moved on Reboot... C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZA216LWK\ads[2].htm moved successfully. C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\RC8H6HH0\97921-windows-konnte-alle-daten-fur-die-datei-system32-496a8300-nicht-speichern-daten-verloren[1].html moved successfully. C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\Content.IE5\M62NN4W0\ads[4].htm moved successfully. C:\Dokumente und Einstellungen\Admin\Lokale Einstellungen\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully. File\Folder C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Temp\Perflib_Perfdata_e18.dat not found! Registry entries deleted on Reboot... Danke, wie gehts jetzt weiter? |
22.04.2011, 16:02 | #4 |
/// Malware-holic | Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. steht doch da, musst nur mal alles bis zum ende durcharbeiten und nicht zwischendurch aufhören
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.04.2011, 16:06 | #5 |
| Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Upload der Datei ist ebenfalls erfolgt. Unhide arbeitet noch. Jörg |
22.04.2011, 16:15 | #6 |
| Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Wie kann ich denn die unhide.exe auf die USB Festplatte lenken? |
22.04.2011, 16:21 | #7 |
/// Malware-holic | Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. sind auf der externen auch versteckte dateien? markiere mal alles und rechtsklick eigenschaften haken bei versteckt raus, übernehmen ok. bzw mal rechtsklick auf das laufwerk, falls dort auch nen haken bei versteckt drinnen ist, raus nehmen. übernehmen ok
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.04.2011, 16:23 | #8 |
| Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. War vielleicht der Fehler, das ich die unhide.exe ausgeführt habe ohne angeschlossene Festplatte? |
22.04.2011, 16:24 | #9 |
/// Malware-holic | Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. versuchs halt mal mit. und ja, wie soll denn jemand auf ein gerät ohne strom bzw kontakt zum pc zugreifen...
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
22.04.2011, 16:38 | #10 |
| Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. Ist schon klar. Habs nochmal mit angeschlossener Festplatte gemacht und hat gefunzt. Muß ich noch irgendwas machen, außer euch zu unterstützen? |
22.04.2011, 17:05 | #11 |
/// Malware-holic | Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. download malwarebytes: Malwarebytes instalieren, öffnen, registerkarte aktualisierung, programm updaten. schalte alle laufenden programme ab, trenne die internetverbindung. registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Windows konnte alle Daten fur die Datei \\System32\\496A8300 nicht speichern. Daten verloren. |
0x00000001, ad-aware, antivir, avgntflt.sys, avira, bho, conduit, desktop.ini, disabletaskmgr, document, error, excel, failed, festplatte, firefox, flash player, fontcache, free download, google earth, home, homepage, installation, intranet, launch, location, logfile, microsoft office 2003, microsoft office word, mozilla, nodrives, oldtimer, otl scan, otl.txt, plug-in, problem, programm, registry, safeboot.sys, saver, scan, security, senden, shell32.dll, software, studio, system, taskmanager, visual studio, windows, windows internet |