Trojaner-Board
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   System Care Antivirus - OTL log beigefügt (https://www.trojaner-board.de/135259-system-care-antivirus-otl-log-beigefuegt.html)

Arbeitswütig 30.05.2013 19:14
neues OTL-log:
Code:
OTL logfile created on: 30.05.2013 19:43:41 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 396,88 Mb Available Physical Memory | 38,78% Memory free
1,65 Gb Paging File | 1,02 Gb Available in Paging File | 61,42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 208,45 Gb Total Space | 88,62 Gb Free Space | 42,51% Space Free | Partition Type: NTFS
Drive D: | 24,42 Gb Total Space | 24,33 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Drive M: | 2737,39 Gb Total Space | 2373,54 Gb Free Space | 86,71% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programme\FileHippo.com\UpdateChecker.exe (FileHippo.com)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
PRC - C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
PRC - C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
PRC - C:\Programme\Calling-Us\bin\callrun.exe (media21.de)
PRC - C:\Programme\Calling-Us\bin\callice.exe (media21.de)
PRC - C:\Programme\Calling-Us\bin\callclient.exe (media21.de)
PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.)
PRC - C:\Programme\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.                    )
PRC - C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.                    )
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\81b85db6e9fe04e4d1c9547b993acfce\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\17440cd05eee7f87026b3c17119eed58\System.Configuration.ni.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\024c898ad1ccfde466d033c0a08d0564\Microsoft.VisualBasic.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\e143370f0583abe015d8e3d2d536185e\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\d7a2248a76f0e94d56c92c5bf96f5175\System.Runtime.Remoting.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll ()
MOD - C:\Programme\Minilyrics\MiniLyrics.dll ()
MOD - C:\Programme\Minilyrics\WmpLyrics.dll ()
MOD - C:\WINDOWS\system32\KSXPPI32.dll ()
MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
MOD - C:\WINDOWS\system32\vpnapi.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\Desktop Messenger\8876480\6.1.0.155-8876480L\Program\bwfiles.dll ()
MOD - C:\Programme\Desktop Messenger\8876480\6.1.0.155-8876480L\Program\clntutil.dll ()
MOD - C:\Programme\Desktop Messenger\8876480\Program\BWfiles-8876480.dll ()
MOD - C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
MOD - C:\Programme\Desktop Messenger\8876480\Program\SyncExt.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\AC3Filter\ac3filter.ax ()
MOD - C:\Programme\WS_FTP Pro\nsftpch.dll ()
MOD - C:\Programme\WS_FTP Pro\wsftplib.dll ()
MOD - C:\Programme\WS_FTP Pro\wshosts.dll ()
MOD - C:\Programme\WS_FTP Pro\libeay32.dll ()
MOD - C:\Programme\WS_FTP Pro\ssleay32.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Creative Media Toolbox 6 Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\MT6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Programme\Gemeinsame Dateien\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (CTAudSvcService) -- C:\Programme\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (m21callrunsrv) -- C:\Programme\Calling-Us\bin\callice.exe (media21.de)
SRV - (niSvcLoc) -- C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.)
SRV - (NIDomainService) -- C:\Programme\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.)
SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Programme\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (lbrtfdc) --  File not found
DRV - (i2omgmt) --  File not found
DRV - (Changer) --  File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf_x86.sys (Secunia)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdbus) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (flashusb) -- C:\WINDOWS\system32\drivers\flashusb.sys (Danish Wireless Design A/S)
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (ksaud) -- C:\WINDOWS\system32\drivers\ksaud.sys (Creative Technology Ltd.)
DRV - (ksaudfl) -- C:\WINDOWS\system32\drivers\ksaudfl.sys (Creative)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)
DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys ()
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nvnforce) -- C:\WINDOWS\system32\drivers\nvapu.sys (NVIDIA Corporation)
DRV - (nvax) -- C:\WINDOWS\system32\drivers\nvax.sys (NVIDIA Corporation)
DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors)
DRV - (Cap7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors)
DRV - (vobiw) -- C:\WINDOWS\System32\drivers\vobIW.sys (VOB Computersysteme GmbH)
DRV - (NVENET) -- C:\WINDOWS\system32\drivers\NVENET.sys (NVIDIA Corporation)
DRV - (cdrdrv) -- C:\WINDOWS\System32\drivers\Cdrdrv.sys (VOB Computersysteme GmbH)
DRV - (ElgTaDrv) -- C:\WINDOWS\system32\drivers\ElgTaDrv.sys (elmeg Kommunikationstechnik)
DRV - (StreamDispatcher) -- C:\WINDOWS\system32\drivers\strmdisp.sys (Conexant Systems)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (l8042pr2) -- C:\WINDOWS\system32\drivers\L8042Pr2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech Inc.                    )
DRV - (vobcom) -- C:\WINDOWS\System32\drivers\vobcom.sys (VOB Computersysteme GmbH)
DRV - (fpcibase) -- C:\WINDOWS\system32\drivers\fpcibase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\WINDOWS\system32\drivers\avmwan.sys (AVM GmbH)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://192.168.0.1/
IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-606747145-583907252-682003330-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.05.24 17:44:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.27 22:23:30 | 000,000,000 | ---D | M]
 
[2008.08.27 19:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2010.12.10 10:43:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\2usf7nlo.default\extensions
[2013.03.01 21:43:25 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions
[2011.11.24 23:44:12 | 000,000,000 | ---D | M] (Old Location Bar) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{3205B348-523A-4fac-9BC4-9939CBF583B0}
[2008.08.27 22:00:29 | 000,000,000 | ---D | M] (Classic Compact) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}
[2008.12.08 16:31:03 | 000,000,000 | ---D | M] (Firefox 2, the theme, reloaded) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}
[2009.10.27 23:34:40 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2011.11.24 23:44:11 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.11.24 23:45:55 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\foxyproxy@eric.h.jung
[2009.05.14 16:07:33 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\moveplayer@movenetworks.com
[2013.03.01 21:43:24 | 000,185,839 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\stealthyextension@gmail.com.xpi
[2011.11.24 23:44:11 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2011.11.24 23:44:31 | 000,627,675 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2008.08.27 22:00:29 | 000,672,102 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\5kqlidvz.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\tmp-2.xpi
[2013.05.27 22:26:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.24 17:56:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.24 17:56:52 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2006.01.23 10:32:04 | 000,020,992 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV80Win32.dll
[2007.02.08 10:48:16 | 000,028,448 | ---- | M] (National Instruments) -- C:\Programme\mozilla firefox\plugins\NPLV82Win32.dll
 
O1 HOSTS File: ([2013.05.24 20:19:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Creative KSRun Persistence Module] C:\WINDOWS\System32\KSRun.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc.                    )
O4 - HKLM..\Run: [Module Loader] C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PrnStatusMX] C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Marvell Semiconductor, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc.                    )
O4 - HKU\S-1-5-21-606747145-583907252-682003330-1005..\Run: [FileHippo.com] C:\Programme\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKU\S-1-5-21-606747145-583907252-682003330-1005..\Run: [LDM] C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraVNC Server.lnk = C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Calling-Us Client.lnk = C:\Programme\Calling-Us\bin\callclient.exe (media21.de)
O4 - Startup: C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\Kassel.LNK = C:\Programme\Cisco Systems\VPN Client\ipsecdialer.exe (Cisco Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1369405616843 (MUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB7BC0B5-F68A-42D0-9A2F-71AAEC405E93}: NameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.03.05 18:41:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell - "" = AutoRun
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun\command - "" = I:\DTVP_Launcher.exe
O33 - MountPoints2\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 18:29:23 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013.05.30 17:52:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.05.30 17:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun
[2013.05.30 11:22:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WinZip Courier
[2013.05.29 09:25:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZipEC
[2013.05.29 09:25:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\assembly
[2013.05.29 09:24:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WinZip
[2013.05.28 20:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.05.28 20:33:45 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.05.28 20:33:44 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.05.28 20:33:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.05.28 20:33:37 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.05.28 20:33:37 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.05.27 22:56:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2013.05.27 22:14:32 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.05.27 22:14:32 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.05.26 14:47:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Avira
[2013.05.26 14:06:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2013.05.26 14:04:13 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2013.05.26 14:03:51 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2013.05.26 14:03:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.05.26 14:01:36 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2013.05.26 13:59:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer
[2013.05.25 18:41:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.05.25 18:40:53 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.05.25 18:40:47 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.05.25 18:40:47 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.05.25 18:40:47 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.05.25 18:40:26 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.05.25 18:40:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2013.05.24 20:27:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.05.24 20:02:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.05.24 20:02:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.05.24 20:02:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.05.24 20:02:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.05.24 20:01:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.24 20:01:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2013.05.24 20:01:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.05.24 18:00:04 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013.05.24 17:43:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2013.05.24 17:41:40 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2013.05.24 17:30:01 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2013.05.24 17:02:20 | 000,000,000 | ---D | C] -- C:\Programme\Wireshark
[2013.05.24 16:49:15 | 000,000,000 | ---D | C] -- C:\Programme\FileHippo.com
[2013.05.24 16:48:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI
[2013.05.24 16:48:14 | 000,000,000 | ---D | C] -- C:\Programme\Secunia
[2013.05.24 16:44:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Windows Genuine Advantage
[2013.05.23 22:35:55 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013.05.20 22:48:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2013.05.20 22:47:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.05.20 22:47:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.20 22:47:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.20 22:47:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.05.20 19:41:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2013.05.20 18:25:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.01 03:59:12 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013.05.01 03:59:12 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 19:34:36 | 000,000,037 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2013.05.30 19:32:17 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.30 18:35:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.30 18:29:23 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2013.05.30 12:47:22 | 000,022,526 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\fehler.JPG
[2013.05.30 11:25:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.30 11:20:41 | 000,002,607 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Outlook 2003.lnk
[2013.05.29 09:34:18 | 000,001,558 | ---- | M] () -- C:\WINDOWS\XI420Ke.INI
[2013.05.28 20:32:53 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.05.28 20:32:42 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2013.05.28 20:32:42 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2013.05.28 20:32:42 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2013.05.28 20:32:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.05.28 20:32:42 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.05.28 20:32:42 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2013.05.27 22:41:23 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2013.05.27 22:38:49 | 000,196,648 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.27 22:14:32 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.05.27 22:14:32 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.05.25 17:49:44 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.05.25 17:49:44 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.05.25 17:49:44 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.05.25 17:49:44 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.05.24 20:19:02 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.05.24 17:30:06 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.05.24 16:48:20 | 000,000,725 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
[2013.05.21 21:43:08 | 000,002,409 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\VPN Client.lnk
[2013.05.17 21:49:16 | 000,463,954 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.17 21:49:16 | 000,445,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.17 21:49:16 | 000,072,984 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.05.17 21:49:15 | 000,086,674 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.17 21:46:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.05.11 13:26:40 | 000,002,537 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Excel 2003.lnk
[2013.05.11 13:25:26 | 000,001,820 | -H-- | M] () -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Default.rdp
[2013.05.07 06:27:17 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013.05.04 13:18:59 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Microsoft Office Word 2003.lnk
[2013.05.01 03:59:12 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTimeVR.qtx
[2013.05.01 03:59:12 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2013.05.30 12:47:21 | 000,022,526 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\fehler.JPG
[2013.05.27 22:23:30 | 000,002,299 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.05.27 22:14:34 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.24 20:02:02 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.05.24 20:02:02 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.05.24 20:02:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.05.24 20:02:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.05.24 20:02:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.05.24 17:30:05 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.05.24 17:03:24 | 000,001,471 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Wireshark.lnk
[2013.05.24 16:49:28 | 000,001,602 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Update Checker.lnk
[2013.05.24 16:48:20 | 000,000,725 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
[2013.05.24 16:48:20 | 000,000,688 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk
[2013.05.20 20:29:50 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraVNC Server.lnk
[2012.02.06 00:11:54 | 000,029,518 | R--- | C] () -- C:\WINDOWS\System32\ksaud.ini
[2012.02.06 00:11:35 | 000,190,976 | R--- | C] () -- C:\WINDOWS\System32\KSXPPI32.dll
[2012.02.06 00:11:35 | 000,033,120 | R--- | C] () -- C:\WINDOWS\System32\kschimp.ini
[2012.02.06 00:11:35 | 000,000,029 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2012.01.09 21:01:20 | 000,010,599 | ---- | C] () -- C:\Dokumente und Einstellungen\***\solar_elster_2048.pfx
[2011.12.23 11:30:56 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.10.31 12:22:40 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.10.31 12:22:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.10.31 12:22:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.10.31 12:22:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.10.10 21:30:51 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.SIG_PINSTATUS_VOREINSTELLUNG
[2011.10.10 21:30:51 | 000,000,001 | ---- | C] () -- C:\Dokumente und Einstellungen\***\.SIG_DIALOG_VOREINSTELLUNG
[2011.03.26 14:21:30 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\winscp.rnd
[2010.12.05 17:51:32 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_5_16_51.PLT
[2010.12.05 17:51:27 | 002,181,120 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_5_16_51.0000.mpg
[2009.12.20 01:26:32 | 524,681,216 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0003.mpg
[2009.12.20 01:07:00 | 629,297,152 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0002.mpg
[2009.12.20 00:47:27 | 629,475,328 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0001.mpg
[2009.12.20 00:27:55 | 629,454,848 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Eigene DateienCH 37_12_19_23_27.0000.mpg
[2008.10.22 09:11:17 | 000,010,231 | ---- | C] () -- C:\Dokumente und Einstellungen\***\******_***m_elster_2048.pfx
[2008.05.07 23:52:09 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.03.11 22:37:23 | 000,000,000 | ---- | C] () -- C:\Programme\error.dat
[2008.03.06 00:59:11 | 000,092,160 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2008.04.11 16:00:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 04:22:25 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.05.26 14:06:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2009.05.13 10:24:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV
[2011.04.29 20:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2011.05.08 14:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2008.06.16 23:44:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2013.05.30 18:29:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2010.02.04 20:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSScanAppDataDir
[2008.08.01 11:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\National Instruments
[2012.02.05 15:49:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Native Instruments
[2011.12.04 12:37:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Samsung
[2008.03.30 18:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009.03.30 00:51:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\STAMPIT
[2013.05.27 22:57:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2013.05.29 09:25:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZipEC
[2012.10.19 18:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Calling-Us
[2008.12.30 15:37:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Calling-Us
[2013.03.09 14:54:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\BOM
[2010.01.18 22:04:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CadSoft
[2009.01.14 14:05:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Calling-Us
[2009.06.24 21:57:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ComCenter
[2009.01.21 21:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DeepBurner
[2012.02.08 19:28:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\e-academy Inc
[2011.12.05 19:07:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\FileZilla
[2008.07.02 09:01:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2008.09.27 12:31:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQLite
[2011.12.01 12:59:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\LEGO Company
[2011.04.26 19:37:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mabii
[2009.01.23 18:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mathsoft
[2008.07.31 11:11:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\National Instruments
[2011.04.27 09:49:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Poqaja
[2009.08.28 11:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PV Design Tool
[2011.07.30 15:37:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\R-TT
[2008.08.12 20:30:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Radmin
[2011.12.03 23:31:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Samsung
[2009.06.01 14:12:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ScanSoft
[2009.01.11 22:38:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Teledat
[2008.06.05 15:12:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\uTorrent
[2008.12.04 19:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Wireshark
[2008.12.25 19:06:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Calling-Us
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 30.05.2013 19:43:41 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1023,48 Mb Total Physical Memory | 396,88 Mb Available Physical Memory | 38,78% Memory free
1,65 Gb Paging File | 1,02 Gb Available in Paging File | 61,42% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 208,45 Gb Total Space | 88,62 Gb Free Space | 42,51% Space Free | Partition Type: NTFS
Drive D: | 24,42 Gb Total Space | 24,33 Gb Free Space | 99,61% Space Free | Partition Type: NTFS
Drive M: | 2737,39 Gb Total Space | 2373,54 Gb Free Space | 86,71% Space Free | Partition Type: NTFS
 
Computer Name: COMPUTER2 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:backWeb-8876480 -- ()
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE" = C:\Programme\Microsoft Office\OFFICE11\WINWORD.EXE:*:Enabled:Microsoft Office Word -- (Microsoft Corporation)
"C:\Programme\WS_FTP Pro\wsftppro.exe" = C:\Programme\WS_FTP Pro\wsftppro.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Programme\Calling-Us\bin\callclient.exe" = C:\Programme\Calling-Us\bin\callclient.exe:*:Enabled:callclient -- (media21.de)
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\Programme\Windows Media Player\wmplayer.exe" = C:\Programme\Windows Media Player\wmplayer.exe:*:Enabled:Windows Media Player -- (Microsoft Corporation)
"C:\Programme\Synology\Assistant\DSAssistant.exe" = C:\Programme\Synology\Assistant\DSAssistant.exe:*:Enabled:DSAssistant -- ()
"C:\Programme\Cisco Systems\VPN Client\vpngui.exe" = C:\Programme\Cisco Systems\VPN Client\vpngui.exe:*:Enabled:vpngui.exe -- (Cisco Systems, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (UltraVNC)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQM\icq.exe" = C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQM\icq.exe:*:Enabled:ICQ
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0087583F-1ED8-4A92-88A4-D49DCD56FC6B}" = NI Circuit Design Suite 10 Core
"{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software
"{047DB692-BBD4-4768-91CC-ABD418B494B8}" = NI USI 1.4.1
"{0F6F6876-6334-4977-B5DD-CFC12E193420}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{12BEF00E-ECFF-4820-BEDF-CCB9CC06A955}" = Sound Blaster X-Fi Surround 5.1
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14 Help
"{25F138F7-89D9-4836-A9F5-642DEA06564C}" = NI LabWindows/CVI 8.1 Run-Time Engine
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{32E00E5E-22B1-4D5A-9DC2-CD75E087A5E6}" = Steuer-Spar-Erklärung 2009
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{414C1019-21ED-479A-A2F0-1F2383674BD1}" = Brother DCP-7025
"{45FA54F6-8574-49D2-9E2D-0BDDE6237822}" = NI LabVIEW Run-Time Engine 8.2.1
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5535426F-E814-4B34-9B36-726E9DBEB7A7}" = NI Logos 4.7
"{57700DD3-0C10-4CE6-95BA-630284EE2CB1}" = NI License Manager
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.42 .1
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{63CFD835-FF50-4F8B-91CD-5662A8C640F8}" = Photo Transport
"{63E921D9-799A-44F9-A742-DE3DC968AFEF}" = Microsoft .NET Framework SDK (German) 1.1
"{682ABE6A-2CCE-4C6C-AA82-0FE5AB8033F3}" = Sunny Design
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D2737AE-8898-4BE1-AE46-555B7DB540A8}" = NI MDF Support
"{6F7D11DC-DE87-45C8-A37E-A35B724FC771}" = NI Help Assistant
"{6FADAF5C-C9AC-49E5-8B14-7021F91EF0B5}" = NI LabVIEW Run-Time Engine 8.0.1
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{78231F18-FD98-4B03-A932-DE9329594D08}" = NI TDMS
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7998C54B-5D31-48A6-93D1-72C73FFFC043}" = NI Circuit Design Suite Support and Upgrade Utility
"{7A2FD295-38D2-4AAF-BF41-2C95EBB96126}" = Moorhuhn Kart 2 XXL
"{7E3668CB-1228-416E-B721-C2FA3247B985}" = NI LabVIEW Real-Time FIFO for Runtime
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = pdf24
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8c166c68-277c-41dd-890e-317b12fff7cf}.sdb" = Calling-Us Compatibility System
"{8EAC192B-1E5B-4276-A2D8-59A303ECD2DE}" = Visual J# .NET Redistributable 1.1- German Language Pack
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90170407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{927AE974-7B5B-463B-A672-D3B048664D6B}" = T-Concept XI420
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{946BA398-5A53-454E-8D39-1C02959C1727}" = AAVUpdateManager
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A306FD29-7D3A-4287-91AC-9A0180931395}_is1" = Roadkil's Unstoppable Copier Version 5.2
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{B15B400A-19ED-4CC7-B3E4-9295D8470CBE}" = Secure Download Manager
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{BFAA820A-C7D8-42AE-A3BA-CE118F3F0802}" = NI Service Locator
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE0FCA1-4E95-11D4-9875-00105ACE7734}" = Logitech-Handbuch
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240DA}" = WinZip 17.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4DDFAA1-EC37-4529-AD5B-A433ADE68662}" = Apple Mobile Device Support
"{D6FAEBB1-90E0-4CF8-9A41-9087E6789D11}" = NI EULA Depot
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DD541310-3901-404D-8ADF-E15A92AF5DA5}" = NI Circuit Design Suite 10 Pro
"{E666A69B-A76D-43D5-AF28-4B2150A6EDE2}" = Mathcad 14
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E8991297-B702-44AA-ABAA-02C12045D8E9}" = NI Uninstaller
"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14 Resource Center
"{F0BA5720-E189-11D4-9EA1-0050BAE317E1}" = PowerVCR II
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1A14CB2-A048-45A6-AFDA-3571296E1D76}" = Creative Media Toolbox 6
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"BAHN384r3a_is1" = BAHN 3.84r3a
"Biet-O-Matic v2.12.7" = Biet-O-Matic v2.12.7
"Bridge Builder" = Bridge Builder
"Bridge Construction Set Demo" = Bridge Construction Set Demo
"Calling-Us" = Calling-Us MAX 2007 (Rev. 2)
"CCleaner" = CCleaner (remove only)
"Cool Edit 2000" = Cool Edit 2000
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Electronics_Workbench_V5" = Electronics Workbench V5.12
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileHippo.com" = FileHippo.com Update Checker
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download version 2.10.28
"GPL Ghostscript 8.63" = GPL Ghostscript 8.63
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstantCD/DVD" = InstantCD/DVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiniLyrics" = Minilyrics(remove only)
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"New LEGO Digital Designer" = LEGO Digital Designer
"NI Uninstaller" = National Instruments-Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Phoner_is1" = Phoner 2.26
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PV Design Tool 1.0.3.9" = PV Design Tool 1.0.3.9 1.0.3.9
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"R-Studio 5.4NSIS" = R-Studio 5.4
"Schnaeppchen-Tool.de" = Schnaeppchen-Tool.de
"Secunia PSI" = Secunia PSI (3.0.0.7009)
"Sunny Design DE" = Sunny Design DE
"Sunny Design Update 1.48.0" = Sunny Design Update 1.48.0
"Sunny Design Update 1.49.0" = Sunny Design Update 1.49.0
"Synology Assistant" = Synology Assistant (remove only)
"SysInfo" = Creative Systeminformationen
"Train Simulator 1.0" = Microsoft Train Simulator
"Tunatic" = Tunatic
"Ultravnc2_is1" = UltraVNC 1.0.9.1
"Uninstall_is1" = Uninstall 1.0.0.1
"Uninstaller_B4736000_Creative Media Toolbox 6" = Creative Media Toolbox 6 (Shared Components)
"UnrealTournament" = Unreal Tournament
"VLC media player" = VLC media player 2.0.6
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.0.2
"WinRAR archiver" = WinRAR
"Wireshark" = Wireshark 1.6.15 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"WS_FTP Pro" = Ipswitch WS_FTP Pro
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zusi - Der Zugsimulator DEMO_is1" = Zusi 2.3 DEMO
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-606747145-583907252-682003330-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dr. DivX 2.0 OSS" = Dr. DivX 2.0 OSS
"e0c143f1d5b5e1b8" = RapidShare Manager
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 20.05.2013 12:31:56 | Computer Name = COMPUTER2 | Source = Avira AntiVir | ID = 4122
Description =
 
Error - 24.05.2013 15:06:41 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung psi.exe, Version 3.0.0.7009, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 25.05.2013 06:19:19 | Computer Name = COMPUTER2 | Source = COM+ | ID = 135763
Description = Transaktionen, die zur Unterstützung von Transaktionskomponenten erforderlich
 sind, konnten von der Laufzeitumgebung nicht initialisiert werden. Stellen Sie
sicher, dass MS DTC ausgeführt wird.(DtcGetTransactionManagerEx(): hr = 0x8004d01
 
Error - 25.05.2013 10:40:37 | Computer Name = COMPUTER2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul
 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
 
Error - 26.05.2013 07:58:17 | Computer Name = COMPUTER2 | Source = MsiInstaller | ID = 10005
Description = Produkt: Apple Application Support -- Es ist bereits eine neuere Version
 von  auf diesem Computer installiert.
 
Error - 27.05.2013 16:33:14 | Computer Name = COMPUTER2 | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 msi1e5.tmp, P2 1.0.0.0, P3 513eda28, P4 mscorlib,
 P5 2.0.0.0, P6 5040540e, P7 3451, P8 119, P9 system.io.directorynotfound, P10 NIL.
 
Error - 27.05.2013 16:33:56 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung qtraxinstaller.exe, Version 0.0.0.0, fehlgeschlagenes
 Modul kernel32.dll, Version 5.1.2600.6293, Fehleradresse 0x00012fd3.
 
Error - 29.05.2013 03:25:10 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
 Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
 
Error - 29.05.2013 03:27:03 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
 Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
 
Error - 29.05.2013 03:29:42 | Computer Name = COMPUTER2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung smapp.exe, Version 2.2.0.24, fehlgeschlagenes
 Modul smanager.dll, Version 2.2.0.24, Fehleradresse 0x0000239e.
 
[ System Events ]
Error - 30.05.2013 12:01:49 | Computer Name = COMPUTER2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 30.05.2013 12:06:41 | Computer Name = COMPUTER2 | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
 geantwortet.
 
Error - 30.05.2013 12:06:41 | Computer Name = COMPUTER2 | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 30.05.2013 12:38:50 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst IMAPI-CD-Brenn-COM-Dienste.
 
Error - 30.05.2013 12:38:50 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "IMAPI-CD-Brenn-COM-Dienste" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 30.05.2013 12:39:19 | Computer Name = COMPUTER2 | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
 fehlgeschlagen.
 
Error - 30.05.2013 12:39:19 | Computer Name = COMPUTER2 | Source = Srv | ID = 2000
Description = Der Aufruf eines Systemdienstes durch den Serverdienst ist unerwartet
 fehlgeschlagen.
 
Error - 30.05.2013 12:39:25 | Computer Name = COMPUTER2 | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1053" aufgetreten, als der Dienst "iPod
Service" mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:
{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error - 30.05.2013 12:39:25 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst iPod-Dienst.
 
Error - 30.05.2013 12:39:25 | Computer Name = COMPUTER2 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPod-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%1053
 
 
< End of report >

markusg 30.05.2013 20:23
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell - "" = AutoRun
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun\command - "" = I:\DTVP_Launcher.exe
O33 - MountPoints2\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

Arbeitswütig 30.05.2013 21:06
Hab ich gemacht.

Das sieht mir nach dem Kingston-USB Stick aus, der beim Einstecken diesen "Launcher" öffnet.
Zitat:
Zitat von markusg (Beitrag 1074443)
Code:
:OTL
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell - "" = AutoRun
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\Shell\AutoRun\command - "" = I:\DTVP_Launcher.exe
O33 - MountPoints2\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
:files
:Commands
[emptytemp]
Code:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85bbc178-c322-11e0-87ed-00e018c0dee3}\ not found.
File I:\DTVP_Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e4fd8c5-cb63-11dd-80e0-00e018c0dee3}\ not found.
File I:\Menu.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\I\ not found.
File I:\LaunchU3.exe -a not found.
========== FILES ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 4742716 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 82322 bytes
 
User: ***
->Temp folder emptied: 98956641 bytes
->Temporary Internet Files folder emptied: 18485286 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2255 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 181410 bytes
 
Total Files Cleaned = 117,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05302013_213609

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Ich achte immer drauf, dass ich nie eine Toolbar mitinstalliere. Es ist auch keine Vorhanden. Auch sonst sind mir beim Browser keine Ungereimtheiten aufgefallen.

Mir fällt allerdings auf, dass der Rechner relativ langsam war und seit den ganzen Bereinigungen schon merklich träger ist (Prozessorlast ist dauernd hoch). Das Windows-logo beim Booten bleibt auch länger stehen als vorher.

markusg 30.05.2013 21:09
Hi, dann lass die o33 einträge.
kannst du mal Malwarebytes eddestalieren? gibts ne Besserung?

Arbeitswütig 30.05.2013 21:44
leider immer noch langsam

markusg 30.05.2013 21:58
öffne mal ccleaner, extras, autostartliste, windows, als text speichern und posten

Arbeitswütig 30.05.2013 22:23
Finde da keine Exportmöglichkeit. :-(

Stehen aber ein paar Einträge von Adobe, Quicktime, Realtime, Java, itunes auf aktiviert. Itunes benutze ich nicht, die Pfade von Adobe, Java und Real sind alt.

markusg 30.05.2013 22:24
da gibts n schalter, als textdatei speichernb

Arbeitswütig 30.05.2013 22:56
Der war nicht da der Schalter. Secunia PSI war der Meinung CCleaner 2.x ist aktuell. Hab dann mal manuell gesucht. Und siehe da. In der 4er Version gibts auch den Button.

Code:
Ja        Startup User        Kassel.LNK        Cisco Systems, Inc.        C:\Programme\Cisco Systems\VPN Client\ipsecdialer.exe
Ja        Startup User        Calling-Us Client.lnk        media21.de        C:\Programme\Calling-Us\bin\callclient.exe
Ja        Startup Common        UltraVNC Server.lnk        UltraVNC        C:\Programme\UltraVNC\winvnc.exe
Ja        Startup Common        Secunia PSI Tray.lnk        Secunia        C:\Programme\Secunia\PSI\psi_tray.exe
Ja        HKLM:Run        zBrowser Launcher        Logitech Inc.                            C:\Programme\Logitech\iTouch\iTouch.exe
Ja        HKLM:Run        SunJavaUpdateSched        Oracle Corporation        "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe"
Ja        HKLM:Run        realsched        RealNetworks, Inc.        "C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe"  -osboot
Ja        HKLM:Run        QuickTime Task        Apple Inc.        "C:\Programme\QuickTime\QTTask.exe" -atboottime
Ja        HKLM:Run        PrnStatusMX        Marvell Semiconductor, Inc.        C:\Programme\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe
Ja        HKLM:Run        Module Loader        Creative Technology Ltd.        C:\Programme\Creative\Shared Files\Module Loader\DLLML.exe -StartUpRun
Ja        HKLM:Run        iTunesHelper        Apple Inc.        "C:\Programme\iTunes\iTunesHelper.exe"
Ja        HKLM:Run        EM_EXEC        Logitech Inc.                            C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
Ja        HKLM:Run        Creative KSRun Persistence Module                RunDll32 KSRun.dll,RunDLLEntry
Ja        HKLM:Run        avgnt        Avira Operations GmbH & Co. KG        "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
Ja        HKLM:Run        APSDaemon        Apple Inc.        "C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe"
Ja        HKLM:Run        Adobe Reader Speed Launcher                "C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe"
Ja        HKLM:Run        Adobe ARM        Adobe Systems Incorporated        "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe"
Ja        HKCU:Run        LDM                C:\Programme\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
Ja        HKCU:Run        FileHippo.com        FileHippo.com        "C:\Programme\FileHippo.com\UpdateChecker.exe" /background
Ja        HKCU:Run        ctfmon.exe        Microsoft Corporation        C:\WINDOWS\system32\ctfmon.exe
Nein        HKLM:Run        VolPanlu        Creative Technology Ltd        "C:\Programme\Creative\Sound Blaster X-Fi Surround 5.1\Volume Panel\VolPanlu.exe" /r
Nein        HKLM:Run        SSBkgdupdate        Scansoft, Inc.        "C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
Nein        HKLM:Run        RemoteAgent        Cyberlink Corp.        C:\Programme\CyberLink\PowerVCRII\RemoteAgent.exe
Nein        HKLM:Run        pptd40nt        ScanSoft, Inc.        C:\Programme\ScanSoft\PaperPort\pptd40nt.exe
Nein        HKLM:Run        PDFPrint                "C:\Programme\pdf24\PDFBackend.exe"
Nein        HKLM:Run        IW Controlcenter        VOB Computersysteme GmbH        C:\PROGRA~1\INSTAN~1\INSTAN~1\IWCTRL.EXE
Nein        HKLM:Run        IndexSearch        ScanSoft, Inc.        C:\Programme\ScanSoft\PaperPort\IndexSearch.exe
Nein        HKLM:Run        ICQLite                "C:\Programme\ICQLite\ICQLite.exe" -minimize
Nein        HKLM:Run        DivXUpdate                "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
Nein        HKLM:Run        CTAPR2        Creative Technology Ltd        "C:\Programme\Creative\Sound Blaster X-Fi Surround 5.1\Console Launcher\CTAPR2.exe" /r
Nein        HKLM:Run        carpserv        Conexant Systems        carpserv.exe
Nein        HKLM:Run        BrStDvPt        Brother Industories, Ltd.        C:\Programme\Brother\Brmfl04g\BrStDvPt.exe
Nein        HKLM:Run        brctrcen        Brother Industries, Ltd.        C:\Programme\Brother\ControlCenter2\brctrcen.exe /autorun
Nein        HKLM:Run        backWeb-8876480                C:\Programme\Desktop Messenger\8876480\Program\backWeb-8876480.exe
Nein        HKLM:Run        Agent        CyberLink        C:\Programme\CyberLink\PowerVCRII\Agent.exe
Nein        HKCU:Run        msmsgs        Microsoft Corporation        "C:\Programme\Messenger\msmsgs.exe" /background
Nein        HKCU:Run        icq                C:\Dokumente und Einstellungen\Admin\Anwendungsdaten\ICQM\icq.exe -CU

markusg 31.05.2013 11:01
bUnter startup, würd ich alles deaktivieren außer:
Common Secunia
ansonsten alles außer:
avgnt
FileHippo

Wenn was fehlt, kann mans reaktivieren, dann mal 2 neustarts machen und gucken wies läuft


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:15 Uhr.
Seite 3 von 3 12 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130