Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Nach BKA/Bundespolizei Virus : keine Taskleiste & keine Icons !! (https://www.trojaner-board.de/104824-bka-bundespolizei-virus-keine-taskleiste-keine-icons.html)

jc36206 06.11.2011 00:55
Nach BKA/Bundespolizei Virus : keine Taskleiste & keine Icons !!
 
Hallo liebe Helfer vom trojaner-board.

Ich wurde kürzlich Opfer des BKA Virus und habe folgendes gemacht:
- über abgesicherten WIN XP Modus früheren Systemwiederherstellungspunkt gewählt
dann kam ich problemlos wieder ins System
- habe dann McAffee ANtiVir, Spybot S&D , Malwarebytes laufen lassen (wurde auch was gefunden)
- ich kann das System problemlos via Taskmanager vollständig bedienen, z.B. explorer.exe starten etc.
- ABER : KEINE TASKLEISTE / KEINE ICONS sichtbar-

Was kann ich tun um die Taskleiste/Icons wieder zu bekommen ?

Anbei der Log für OTl.txt (im Anhang ist gmer.txt/extras.txt)
=============================================OTL Logfile:
Code:
OTL logfile created on: 03.11.2011 23:43:01 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 66,09% Memory free
2,86 Gb Paging File | 2,33 Gb Available in Paging File | 81,44% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,22 Gb Total Space | 36,01 Gb Free Space | 48,52% Space Free | Partition Type: NTFS
Drive D: | 71,90 Gb Total Space | 20,93 Gb Free Space | 29,11% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 0,46 Gb Free Space | 15,80% Space Free | Partition Type: FAT32
Drive K: | 232,83 Gb Total Space | 181,04 Gb Free Space | 77,76% Space Free | Partition Type: FAT32
 
Computer Name: JUMBO-C4R7Q18KI | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.03 23:41:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Software\OTL.exe
PRC - [2011.10.06 15:41:16 | 000,166,024 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
PRC - [2011.09.16 17:38:10 | 001,318,552 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.19 14:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011.08.19 14:55:34 | 000,160,344 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe
PRC - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe
PRC - [2011.06.23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\VirusScan\mcods.exe
PRC - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe
PRC - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2006.07.03 15:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
PRC - [2004.02.25 15:15:50 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.02.13 12:44:56 | 000,071,696 | ---- | M] () -- c:\Programme\McAfee\SiteAdvisor\mcfrmwk.dll
MOD - [2009.02.13 12:44:52 | 000,207,376 | ---- | M] () -- c:\Programme\McAfee\SiteAdvisor\cntscan.dll
MOD - [2009.02.13 12:44:52 | 000,117,264 | ---- | M] () -- c:\Programme\McAfee\SiteAdvisor\apengine.dll
MOD - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.10.06 15:41:16 | 000,166,024 | ---- | M] () [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.08.19 14:59:30 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011.08.19 14:55:34 | 000,160,344 | ---- | M] () [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2011.08.10 10:53:46 | 000,094,880 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2011.06.23 14:22:58 | 000,361,712 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011.01.27 17:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010.08.13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.04 00:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.06.14 12:58:58 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006.11.02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.07.03 15:22:58 | 000,049,152 | ---- | M] (Alpha Networks Inc.) [Auto | Running] -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe -- (ANIWZCSdService)
SRV - [2001.11.12 12:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.08.15 09:00:06 | 000,461,864 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.08.15 09:00:06 | 000,338,040 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011.08.15 09:00:06 | 000,180,072 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.08.15 09:00:06 | 000,119,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011.08.15 09:00:06 | 000,089,624 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011.08.15 09:00:06 | 000,087,808 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.08.15 09:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011.08.15 09:00:06 | 000,083,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011.08.15 09:00:06 | 000,059,288 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.08.15 09:00:06 | 000,057,432 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2009.09.07 12:22:58 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.05.25 12:39:51 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2008.05.12 17:30:02 | 003,007,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 23:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2007.05.02 11:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2007.05.02 11:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2007.05.02 11:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2006.04.28 15:34:00 | 000,882,688 | R--- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2005.12.11 11:55:38 | 000,028,195 | ---- | M] (Alpha Networks Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\ANIO.sys -- (ANIO)
DRV - [2005.11.03 20:39:02 | 000,245,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dr71WU.sys -- (RT73)
DRV - [2005.05.12 13:39:56 | 001,287,296 | ---- | M] (C-Media Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmudax.sys -- (cmudax)
DRV - [2004.06.29 08:07:18 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.02.14 05:04:48 | 000,469,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)
DRV - [2003.06.12 08:47:42 | 000,024,704 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2003.06.05 08:04:22 | 000,350,752 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programme\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.17 08:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programme\McAfee\SiteAdvisor [2011.11.03 22:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Programme\Gemeinsame Dateien\McAfee\SystemCore [2011.11.03 23:36:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.11 21:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.19 21:37:21 | 000,000,000 | ---D | M]
 
[2008.06.30 23:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Extensions
[2011.10.23 13:31:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions
[2009.06.27 07:28:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.02 13:46:32 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.09.12 21:10:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.01 22:04:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\engine@conduit.com
[2010.09.17 18:47:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\vshare@toolbar
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.23 00:00:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.19 21:17:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 06:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:16:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.27 20:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.11.03 23:36:47 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAMME\GEMEINSAME DATEIEN\MCAFEE\SYSTEMCORE
[2008.12.04 20:01:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.11.03 22:03:00 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAMME\MCAFEE\SITEADVISOR
[2011.10.11 21:42:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 21:42:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 21:42:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.11 21:42:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 21:42:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 13:46:46 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.11 21:42:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 21:42:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
 
O1 HOSTS File: ([2008.05.25 12:55:13 | 000,243,497 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        1001-search.info
O1 - Hosts: 127.0.0.1        www.1001-search.info
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        123topsearch.com
O1 - Hosts: 127.0.0.1        www.123topsearch.com
O1 - Hosts: 127.0.0.1        132.com
O1 - Hosts: 127.0.0.1        www.132.com
O1 - Hosts: 127.0.0.1        136136.net
O1 - Hosts: 127.0.0.1        www.136136.net
O1 - Hosts: 8502 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20111011231041.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8775472E-D5DE-4FE4-A94A-5D523A0EAB26}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E85D54-6BF3-405A-A963-B433B1B63BF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1C2489-8422-46C1-941C-3F265884FEF7}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mahmud.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.25 00:56:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BCFE1251-F17C-1FCC-AD1D-03AF6216FA6E} - Browseranpassungen
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.03 23:37:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee
[2011.11.03 22:51:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.03 22:51:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:36:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.11.03 22:06:20 | 000,000,000 | ---D | C] -- C:\PCWELT
[2011.10.28 11:36:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\ADMIN\Recent
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.03 23:45:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{472C7982-5779-466D-9D34-F757B334FFDB}.job
[2011.11.03 23:37:59 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011.11.03 23:33:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.03 23:33:52 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011.11.03 23:33:50 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.03 23:33:50 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-1284227242-725345543-1004.job
[2011.11.03 23:33:03 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{EB1C2489-8422-46C1-941C-3F265884FEF7}
[2011.11.03 23:32:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.03 23:29:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:49:03 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.03 22:36:21 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.11.03 22:00:41 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.03 22:00:40 | 000,477,232 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.03 22:00:40 | 000,091,348 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.03 22:00:40 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.28 23:14:42 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011.10.28 15:58:00 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011.10.28 13:30:48 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2011.10.23 07:51:08 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.03 23:29:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:36:21 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.01.21 23:29:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011.01.21 23:29:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011.01.21 23:29:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011.01.21 23:15:03 | 000,033,359 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.02.18 00:11:25 | 000,122,254 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mdbu.bin
[2010.02.17 23:34:46 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.11.17 19:29:15 | 000,012,989 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.11.13 19:37:56 | 000,056,180 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.10.20 13:51:56 | 000,038,464 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009.10.02 08:29:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.08.23 17:20:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009.06.15 19:30:15 | 000,170,439 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009.02.26 21:27:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.02.26 21:20:19 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.02.09 22:40:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2009.02.09 22:39:36 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2008.12.31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008.12.31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008.09.26 18:05:06 | 000,048,396 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008.09.23 20:33:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.09.23 20:33:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.09.23 20:33:44 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.09.23 20:33:44 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.09.23 20:33:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.23 20:33:42 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.09.13 23:34:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.09.02 18:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.07.19 23:08:59 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2008.07.19 23:08:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008.07.19 23:08:45 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.07.19 23:08:44 | 000,469,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008.07.19 23:08:18 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008.07.19 23:07:42 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2008.07.14 14:37:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.07.08 20:31:14 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2008.06.14 13:25:36 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008.06.14 13:25:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.06.11 20:42:24 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008.06.08 10:24:19 | 000,166,628 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008.06.08 10:24:18 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2008.06.07 09:20:29 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.05.25 19:16:34 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.25 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.05.25 11:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.05.25 11:25:48 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008.05.25 01:50:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.25 01:49:49 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.25 01:00:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.25 00:54:32 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.05.12 16:22:31 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2006.11.02 19:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006.02.13 12:29:26 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.16 14:04:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.27 16:18:30 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin
[2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.02 13:00:00 | 000,477,232 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.04.02 13:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.02 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003.04.02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.02 13:00:00 | 000,091,348 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.04.02 13:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.02 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003.04.02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.02.18 17:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999.01.27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== LOP Check ==========
 
[2008.05.25 13:03:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\ACD Systems
[2009.09.01 11:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\AidMaker
[2011.08.01 22:05:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Ashampoo
[2009.08.31 12:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Auslogics
[2008.09.13 23:48:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Backup MyPC Deluxe
[2011.01.30 01:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Broken Sword 2.5
[2010.03.28 20:42:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Dropbox
[2010.09.12 21:10:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.05.14 20:47:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\FOG Downloader
[2008.07.19 23:10:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\FotoWire
[2011.10.28 11:41:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\GoodSync
[2008.08.17 12:24:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\KC Softwares
[2010.02.17 23:38:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\MAGIX
[2010.11.23 22:11:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\MyVideoDownloader
[2010.11.23 22:12:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\MyVideoDownloaderHD
[2008.12.31 11:25:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\OfficeUpdate12
[2009.08.23 17:20:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\ppstream
[2009.02.26 21:27:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Samsung
[2008.09.09 22:18:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\SipDiscount
[2008.09.09 22:34:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\SparVoip
[2008.07.24 23:42:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\VoipCheapCom
[2008.12.11 19:26:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Windows Desktop Search
[2008.12.11 19:38:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Windows Search
[2008.05.25 12:39:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2010.02.17 23:38:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Sued Fotoservice
[2011.08.01 22:04:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2008.10.20 20:02:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoodSync
[2010.02.17 23:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2011.04.19 16:44:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2009.09.03 11:24:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.10.04 18:31:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2010.09.17 15:11:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.04 11:03:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.05.22 11:22:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011.10.28 23:14:42 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\OGADaily.job
[2011.11.03 23:33:52 | 000,000,222 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2008.09.15 20:18:53 | 000,001,062 | -H-- | M] () -- C:\WINDOWS\Tasks\RCHubTask 0 0 {2E6E3A14-F6F5-404E-AC33-87F20083074D} 2145632256~29957364.job
[2011.11.03 23:45:55 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{472C7982-5779-466D-9D34-F757B334FFDB}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2008.09.28 09:32:54 | 000,000,000 | ---D | M] -- C:\ATI
[2008.09.20 20:31:06 | 000,000,000 | ---D | M] -- C:\Call of Duty 4
[2011.10.23 07:49:54 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.05.15 22:20:14 | 000,000,000 | ---D | M] -- C:\CrashReport
[2011.10.28 19:47:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.06.15 21:03:51 | 000,000,000 | ---D | M] -- C:\Medion
[2008.05.25 13:33:58 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.11.03 22:06:20 | 000,000,000 | ---D | M] -- C:\PCWELT
[2009.03.09 23:44:35 | 000,000,000 | ---D | M] -- C:\Program Files
[2011.11.03 23:35:46 | 000,000,000 | R--D | M] -- C:\Programme
[2008.05.25 12:30:35 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.08.05 17:05:20 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2008.07.19 23:09:50 | 000,000,000 | ---D | M] -- C:\SXS
[2010.11.02 22:58:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.09.23 19:10:23 | 000,000,000 | ---D | M] -- C:\VLCPortable
[2011.10.28 19:28:53 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
< MD5 for: EXPLORER.EXE  >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004.08.03 23:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-17 11:17:41
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9638A27E
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9

< End of report >
--- --- ---

kira 06.11.2011 17:31
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:
  • Lade Dir Unhide.exe (http://filepony.de/download-unhide/) (by Grinler) herunter und speichere auf deinem Desktop
    für Windows 7 und Vista mit Rechtsklick als Administrator ausführen
  • Doppelklick auf das Unhide.exe Icon auf dem Desktop - Alles braucht seine Zeit, also ein bisschen Geduld
<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:
Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!
2.
** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

4.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

jc36206 07.11.2011 20:23
Hallo Kira,

vielen Dank für die angebotene Hilfe und die Informationen!

Also:
1. Ich habe Unhide.exe laufen lassen - leider keine Änderung, d.h. Taskleiste und alle Icons sind nicht sichtbar.

2. Habe dann Malwarebytes entsprechend der Anleitung noch mal laufen lassen, 2 Viren wurden gefunden:

Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8094

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

07.11.2011 07:56:39
mbam-log-2011-11-07 (07-56-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|K:\|)
Durchsuchte Objekte: 304034
Laufzeit: 5 Stunde(n), 10 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\system volume information\_restore{af93262c-9aa5-427b-8ce0-ee1f8dfe734a}\RP595\A0165132.dll (Adware.RelevantKnowledge) -> No action taken.
d:\system volume information\_restore{179d2562-567b-4acd-8997-ac111399bb49}\RP185\A0036165.exe (Riskware.Tool.CK) -> No action taken.
3. Jetzt die OTL Logs:
OTL Logfile:
Code:
OTL logfile created on: 07.11.2011 08:58:54 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 69,20% Memory free
2,86 Gb Paging File | 2,51 Gb Available in Paging File | 88,02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,22 Gb Total Space | 36,83 Gb Free Space | 49,62% Space Free | Partition Type: NTFS
Drive D: | 71,90 Gb Total Space | 17,69 Gb Free Space | 24,60% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 0,46 Gb Free Space | 15,81% Space Free | Partition Type: FAT32
Drive K: | 232,83 Gb Total Space | 181,04 Gb Free Space | 77,76% Space Free | Partition Type: FAT32
 
Computer Name: JUMBO-C4R7Q18KI | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Software\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\OGAVerify.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
PRC - C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Programme\McAfee\SiteAdvisor\apengine.dll ()
MOD - C:\WINDOWS\system32\OGACheckControl.dll ()
MOD - C:\WINDOWS\system32\OGAVerify.exe ()
MOD - C:\WINDOWS\system32\PSIService.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (HidServ) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (McShield) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mcshield.exe ()
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (mfevtp) -- C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\\mfefire.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Programme\Gemeinsame Dateien\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (Adobe LM Service) -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (ssm_mdm) -- C:\WINDOWS\system32\drivers\ssm_mdm.sys (MCCI Corporation)
DRV - (ssm_mdfl) -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys (MCCI Corporation)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ssm_bus.sys (MCCI Corporation)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc.)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (QCMerced) -- C:\WINDOWS\system32\drivers\lvcm.sys ()
DRV - (PhTVTune) -- C:\WINDOWS\system32\drivers\PhTVTune.sys (Philips Semiconductors)
DRV - (Cap7134) MEDION (7134) -- C:\WINDOWS\system32\drivers\Cap7134.sys (Philips Semiconductors)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Secure Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Sichere Suche"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.6
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=mcafee&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Programme\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.11: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlugin,version=0.9.7: C:\Programme\Veetle\plugins\npVeetle.dll (Veetle, Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.17 08:44:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Programme\McAfee\SiteAdvisor [2011.11.03 22:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Programme\Gemeinsame Dateien\McAfee\SystemCore [2011.11.07 08:04:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.10.11 21:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.19 21:37:21 | 000,000,000 | ---D | M]
 
[2008.06.30 23:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Extensions
[2011.11.06 01:04:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions
[2009.06.27 07:28:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.02 13:46:32 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2010.09.12 21:10:30 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.01 22:04:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\engine@conduit.com
[2010.09.17 18:47:05 | 000,000,000 | ---D | M] (vShare Plugin) -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Mozilla\Firefox\Profiles\t28yvhnj.default\extensions\vshare@toolbar
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.23 00:00:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.19 21:17:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.28 06:57:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.19 00:16:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.02.27 20:42:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.19 21:48:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\{EF522540-89F5-46B9-B6FE-1829E2B572C6}.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\AUTOPAGER@MOZILLA.ORG.XPI
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ADMIN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\T28YVHNJ.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.11.07 08:04:08 | 000,000,000 | ---D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAMME\GEMEINSAME DATEIEN\MCAFEE\SYSTEMCORE
[2008.12.04 20:01:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.11.03 22:03:00 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAMME\MCAFEE\SITEADVISOR
[2011.10.11 21:42:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\mozilla firefox\components\Scriptff.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.11 21:42:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 21:42:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.11 21:42:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 21:42:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 13:46:46 | 000,002,027 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011.10.11 21:42:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 21:42:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - Extension: SiteAdvisor = C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\
 
O1 HOSTS File: ([2008.05.25 12:55:13 | 000,243,497 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        1001-search.info
O1 - Hosts: 127.0.0.1        www.1001-search.info
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        123topsearch.com
O1 - Hosts: 127.0.0.1        www.123topsearch.com
O1 - Hosts: 127.0.0.1        132.com
O1 - Hosts: 127.0.0.1        www.132.com
O1 - Hosts: 127.0.0.1        136136.net
O1 - Hosts: 127.0.0.1        www.136136.net
O1 - Hosts: 8502 more lines...
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Programme\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\ScriptSn.20111011231041.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Programme\MyAshampoo\prxtbMyAs.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {1192A62B-4DBC-4D1F-B54E-D820A1BE76BE} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd File not found
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [ccleaner] C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKCU..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [*Restore] C:\WINDOWS\System32\restore\rstrui.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O9 - Extra Button: HP Sammelmappe - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Intelligente Auswahl - {700259D7-1666-479a-93B1-3250410481E8} - C:\Programme\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8775472E-D5DE-4FE4-A94A-5D523A0EAB26}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E85D54-6BF3-405A-A963-B433B1B63BF7}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB1C2489-8422-46C1-941C-3F265884FEF7}: NameServer = 192.168.0.1,192.168.0.2
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mahmud.exe) - File not found
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.25 00:56:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{2f3a0a48-ebec-11dd-97da-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c733926e-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell - "" = AutoRun
O33 - MountPoints2\{c7339271-ebe8-11dd-97d9-00110940ce99}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.07 09:01:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee
[2011.11.06 20:25:19 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\ADMIN\Recent
[2011.11.06 19:51:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CCleaner
[2011.11.06 19:51:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Chrome
[2011.11.06 00:30:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2011.11.06 00:30:23 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2011.11.03 22:51:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011.11.03 22:51:14 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.11.03 22:51:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.11.03 22:36:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011.11.03 22:28:14 | 001,036,800 | ---- | C] (Microsoft Corporation) -- C:\abc.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.07 09:01:36 | 000,001,575 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011.11.07 08:59:12 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011.11.07 08:59:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.07 08:57:04 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.07 08:57:03 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1715567821-1284227242-725345543-1004.job
[2011.11.07 08:55:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.07 08:49:23 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.07 07:59:43 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME{EB1C2489-8422-46C1-941C-3F265884FEF7}
[2011.11.07 07:56:53 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{472C7982-5779-466D-9D34-F757B334FFDB}.job
[2011.11.07 00:00:02 | 000,000,222 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2011.11.06 19:51:27 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.11.06 19:51:10 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2011.11.06 14:52:00 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1715567821-1284227242-725345543-1004.job
[2011.11.03 23:29:30 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:36:21 | 000,000,905 | ---- | M] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.11.03 22:00:41 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.03 22:00:40 | 000,477,232 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.11.03 22:00:40 | 000,091,348 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.11.03 22:00:40 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.28 15:58:00 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\ANIWZCSUSERNAME
[2011.10.28 13:30:48 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2011.10.23 07:51:08 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.06 19:51:27 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2011.11.06 19:51:10 | 000,001,777 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[2011.11.03 23:29:30 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\defogger_reenable
[2011.11.03 22:51:23 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.03 22:36:21 | 000,000,905 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Desktop\Spybot - Search & Destroy.lnk
[2011.01.21 23:29:43 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2011.01.21 23:29:43 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2011.01.21 23:29:43 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2011.01.21 23:15:03 | 000,033,359 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.02.18 00:11:25 | 000,122,254 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\mdbu.bin
[2010.02.17 23:34:46 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.11.17 19:29:15 | 000,012,989 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).CAL
[2009.11.13 19:37:56 | 000,056,180 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.10.20 13:51:56 | 000,038,464 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Kommagetrennte Werte (Windows).ADR
[2009.10.02 08:29:39 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.08.23 17:20:26 | 000,000,023 | ---- | C] () -- C:\WINDOWS\psnetwork.ini
[2009.06.15 19:30:15 | 000,170,439 | ---- | C] () -- C:\WINDOWS\hpqins00.dat
[2009.02.26 21:27:00 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2009.02.26 21:20:19 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.02.09 22:40:45 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2661.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561s.bin
[2009.02.09 22:39:38 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\rt2561.bin
[2009.02.09 22:39:36 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\rt73.bin
[2008.12.31 17:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008.12.31 17:04:42 | 000,528,744 | ---- | C] () -- C:\WINDOWS\System32\OGAVerify.exe
[2008.09.26 18:05:06 | 000,048,396 | ---- | C] () -- C:\WINDOWS\UninstVeetleTVPlayer.exe
[2008.09.23 20:33:53 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.09.23 20:33:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.09.23 20:33:44 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.09.23 20:33:44 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.09.23 20:33:43 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.09.23 20:33:42 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.09.13 23:34:23 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.09.02 18:09:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.07.19 23:08:59 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\InstMed.exe
[2008.07.19 23:08:45 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2008.07.19 23:08:45 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008.07.19 23:08:44 | 000,469,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2008.07.19 23:08:18 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2008.07.19 23:07:42 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe
[2008.07.14 14:37:55 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.07.08 20:31:14 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2008.06.14 13:25:36 | 000,003,072 | R--- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2008.06.14 13:25:32 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2008.06.11 20:42:24 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2008.06.08 10:24:19 | 000,166,628 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2008.06.08 10:24:18 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2008.06.07 09:20:29 | 000,001,144 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008.05.25 19:16:34 | 000,050,688 | ---- | C] () -- C:\Dokumente und Einstellungen\ADMIN\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.25 12:29:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.05.25 11:29:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.05.25 11:25:48 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008.05.25 01:50:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.05.25 01:49:49 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.05.25 01:00:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.05.25 00:54:32 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008.05.12 16:22:31 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008.05.12 16:22:31 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2007.08.16 05:23:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\gpyapi.dll
[2006.11.02 19:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2006.09.13 12:06:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gtapi.dll
[2006.02.13 12:29:26 | 000,168,883 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004.08.16 14:04:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.07.27 16:18:30 | 000,001,176 | ---- | C] () -- C:\WINDOWS\ImpTable.bin
[2003.04.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.02 13:00:00 | 000,477,232 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003.04.02 13:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.02 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003.04.02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.02 13:00:00 | 000,091,348 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003.04.02 13:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.02 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003.04.02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003.02.18 17:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll
[2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll
[2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1999.01.27 12:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 06:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:9638A27E
@Alternate Data Stream - 116 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:0CE7F3C9

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 07.11.2011 08:58:54 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = D:\Software
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 1,04 Gb Available Physical Memory | 69,20% Memory free
2,86 Gb Paging File | 2,51 Gb Available in Paging File | 88,02% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,22 Gb Total Space | 36,83 Gb Free Space | 49,62% Space Free | Partition Type: NTFS
Drive D: | 71,90 Gb Total Space | 17,69 Gb Free Space | 24,60% Space Free | Partition Type: NTFS
Drive E: | 2,92 Gb Total Space | 0,46 Gb Free Space | 15,81% Space Free | Partition Type: FAT32
Drive K: | 232,83 Gb Total Space | 181,04 Gb Free Space | 77,76% Space Free | Partition Type: FAT32
 
Computer Name: JUMBO-C4R7Q18KI | User Name: ADMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Programme\VoipCheapCom\VoipCheapCom.exe" = C:\Programme\VoipCheapCom\VoipCheapCom.exe:*:Enabled:VoipCheapCom -- (VoipCheapCom)
"C:\Programme\Zattoo\zattood.exe" = C:\Programme\Zattoo\zattood.exe:*:Enabled:zattood
"C:\Programme\Zattoo\Zattoo.exe" = C:\Programme\Zattoo\Zattoo.exe:*:Enabled:
"C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Programme\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:backWeb-8876480 -- ()
"C:\Programme\SipDiscount.com\SipDiscount\SipDiscount.exe" = C:\Programme\SipDiscount.com\SipDiscount\SipDiscount.exe:*:Enabled:SipDiscount
"C:\Programme\SparVoip\SparVoip.exe" = C:\Programme\SparVoip\SparVoip.exe:*:Enabled:SparVoip
"C:\Programme\sina\SAP\SAPlatform.exe" = C:\Programme\sina\SAP\SAPlatform.exe:*:Enabled:SAPlatform.exe -- (北京新浪网络技术服务有限公司)
"C:\Programme\uusee\UUSeePlayer.exe" = C:\Programme\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer
"C:\Programme\PPStream\PPStream.exe" = C:\Programme\PPStream\PPStream.exe:*:Enabled:PPStream -- (PPStream.com)
"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Facebook\facebook.exe" = C:\Dokumente und Einstellungen\ADMIN\Anwendungsdaten\Facebook\facebook.exe:127.0.0.1/255.255.255.255:Enabled:Facebook
"D:\Software\Facemoods.exe" = D:\Software\Facemoods.exe:*:Enabled:InstallCore™ -- (InstallCore© Technologies        )
"C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe" = C:\Programme\Gemeinsame Dateien\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{106B839C-DBA9-0AA9-07E9-9A2597151FF6}" = Catalyst Control Center Graphics Full Existing
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2B7E4354-0492-460A-BDB1-1F59EE141025}" = AirPlus G
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3389299C-9F50-D0C4-197C-A8804303B79F}" = Catalyst Control Center Graphics Light
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37A17F53-D058-267B-C256-19FB6DDF3843}" = ccc-core-preinstall
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D4B1570-C236-42B3-B24F-B3AAB422C983}" = XING-Plugin
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{466B21EE-2858-4845-B2B3-056FC544DAA3}" = Logitech QuickCam
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C590030-7469-453E-8589-D15DA9D03F52}" = ANIWZCS2 Service
"{5106480F-2039-420F-B315-213472966ED6}" = Samsung PC Studio 3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{559BA5B3-E3E1-C8A0-E301-5F50531BD44C}" = ccc-utility
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{79E88160-A5E4-F7D2-1314-DEB8AADD9C29}" = ccc-core-static
"{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}" = ANIO Service
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{83735930-0FB1-D871-8832-B5A9E27C93CA}" = CCC Help English
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A53A1A49-C3EA-406c-B87C-8E02B622D605}" = C7200_doccd
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync
"{B34E4B72-37C6-4f79-A5B3-008EEFC6EA8B}" = PS_AIO_02_Software_min
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B46AC30C-22D2-4610-B041-1DA7BB29EB57}" = HP Photosmart All-In-One Software 9.0
"{B55EF832-4613-A19B-A222-DDB8B6CE1B52}" = Catalyst Control Center Core Implementation
"{B7E5D642-E74E-40a4-B5C7-6AB6EE916814}" = PS_AIO_02_ProductContext
"{BC10649A-983B-494e-AD1F-DE0BF717D701}" = PS_AIO_02_Software
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{BD76AF27-5CD9-4848-87FC-12285A90AE6A}" = c7200_Help
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4832B53-2E80-47B9-930A-313BDFCB74DB}" = OGA Notifier 1.7.0105.35.0
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B6}" = WinZip 11.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CED5BB5B-2A24-2F7F-61B1-2B557484084B}" = Catalyst Control Center Graphics Previews Common
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1268F56-DE79-19A8-C8EC-961D48FFD2FE}" = Skins
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DEB6C5B9-D5BB-D8AC-20F7-F1E0F8A67D5A}" = Catalyst Control Center Graphics Full New
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FD88D501-1F0A-4DA4-A13A-6437411EE0C3}" = ACDSee 6.0 Standard
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Agere Systems Soft Modem" = Agere Systems PCI Soft Modem
"All ATI Software" = ATI - Software Uninstall Utility
"Ashampoo Burning Studio Elements_is1" = Ashampoo Burning Studio Elements 10.0.9
"ATI Display Driver" = ATI Display Driver
"AudibleDownloadManager" = Audible Download Manager
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"conduitEngine" = Conduit Engine
"Diablo II" = Diablo II
"ENTERPRISER" = Microsoft Office Enterprise 2007
"FLV Player" = FLV Player 2.0, build 24
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Google Chrome" = Google Chrome
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 2.01
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"HPOCR" = HP OCR Software 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.1.4 (Full)
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyAshampoo Toolbar" = MyAshampoo Toolbar
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ÓÆÊÓÓ°Òô²¥·ÅÆ÷(UUSEE)_is1" = UUSEE 4.2.21 °æ
"PPStream_is1" = PPStream
"QcDrv" = Logitech® Camera-Treiber
"RealPlayer 12.0" = RealPlayer
"Recover My Files_is1" = Recover My Files
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SopCast" = SopCast 3.2.9
"TVAnts 1.0" = TVAnts 1.0
"TVUPlayer" = TVUPlayer 2.3.4.1
"Veetle TV Player" = Veetle TV Player 0.9.11
"VLC media player" = VLC media player 1.1.4
"VoipCheapCom_is1" = VoipCheapCom
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinFuture xp-Iso-Builder 3_is1" = WinFuture xp-Iso-Builder 3.0.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.10.2011 14:52:35 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3029
Description = Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.

Kontext:
 Windows Anwendung, SystemIndex Katalog  Details:  Der Inhaltsindex kann nicht gelesen
 werden.  (0xc0041800)
 
Error - 28.10.2011 14:52:35 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3028
Description = Das Gatherer-Objekt kann nicht initialisiert werden.  Kontext: Windows
 Anwendung, SystemIndex Katalog  Details:  Der Inhaltsindex kann nicht gelesen werden.
  (0xc0041800)
 
Error - 28.10.2011 14:52:35 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3058
Description = Die Anwendung kann nicht initialisiert werden.  Kontext: Windows Anwendung

Details:
        Der
 Inhaltsindex kann nicht gelesen werden.  (0xc0041800)
 
Error - 28.10.2011 14:59:22 | Computer Name = JUMBO-C4R7Q18KI | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 80070005 von Zeile 44 von d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
 Wenden Sie sich an den Microsoft-Produktsuppor
 
Error - 28.10.2011 14:59:22 | Computer Name = JUMBO-C4R7Q18KI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
 ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät
funktioniert nicht.  (0x8007001f)
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät
funktioniert nicht.  (0x8007001f)
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät
funktioniert nicht.  (0x8007001f)
 
Error - 03.11.2011 17:05:48 | Computer Name = JUMBO-C4R7Q18KI | Source = Windows Search Service | ID = 3013
Description = Eintrag <C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\STARTMENÜ\PROGRAMME\MCAFEE\MCAFEE
 ANTIVIRUS PLUS.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden.  Kontext:
  Anwendung, SystemIndex Katalog  Details:  Ein an das System angeschlossenes Gerät
funktioniert nicht.  (0x8007001f)
 
Error - 06.11.2011 05:42:27 | Computer Name = JUMBO-C4R7Q18KI | Source = McLogEvent | ID = 5051
Description = A thread in process C:\Programme\Gemeinsame Dateien\McAfee\SystemCore\mcshield.exe
 took longer than 90000 ms to complete a request.    The process will be terminated.
Thread
 id : 2696 (0xa88)    Thread address : 0x7C91E514    Thread message :      Build VSCORE.14.4.0.374
 / 5400.1158  Object being scanned = \Device\HarddiskVolume1\Programme\Java\jre6\bin\deploy.dll

 by C:\Programme\Java\jre6\bin\jqs.exe  4(0)(0)  4(0)(0)  7200(0)(0)  7595(0)(0)  7005(0)(0)

 7004(0)(0)  5006(0)(0)  5004(0)(0) 
 
[ OSession Events ]
Error - 10.11.2009 13:16:59 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7639
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
Error - 16.11.2009 12:49:13 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5632
 seconds with 1020 seconds of active time.  This session ended with a crash.
 
Error - 17.11.2009 11:31:17 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 23016
 seconds with 2760 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2009 13:14:14 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 787
 seconds with 720 seconds of active time.  This session ended with a crash.
 
Error - 22.11.2009 14:37:40 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4989
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 09.05.2010 05:26:27 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 1988 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 16.10.2010 15:35:23 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9211
 seconds with 840 seconds of active time.  This session ended with a crash.
 
Error - 12.11.2010 16:22:46 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 348
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 18.12.2010 16:21:22 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 595 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 05.06.2011 15:35:54 | Computer Name = JUMBO-C4R7Q18KI | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 426
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.11.2011 18:34:41 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 05.11.2011 16:31:49 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 05.11.2011 18:20:18 | Computer Name = JUMBO-C4R7Q18KI | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk7\D.
 
Error - 06.11.2011 05:35:23 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 06.11.2011 05:42:28 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "McAfee McShield" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt:
 Starten Sie den Dienst neu..
 
Error - 06.11.2011 14:49:52 | Computer Name = JUMBO-C4R7Q18KI | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 06.11.2011 15:48:22 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 07.11.2011 03:01:38 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
Error - 07.11.2011 03:03:38 | Computer Name = JUMBO-C4R7Q18KI | Source = DCOM | ID = 10010
Description = Der Server "{5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 07.11.2011 03:59:08 | Computer Name = JUMBO-C4R7Q18KI | Source = Service Control Manager | ID = 7022
Description = Der Dienst "HP CUE DeviceDiscovery Service" wurde nicht ordnungsgemäß
 gestartet.
 
 
< End of report >
--- --- ---


4. CC Cleaner - Installierte Programme:

Code:
7-Zip 9.20                06.11.2011               
ACDSee 6.0 Standard        ACD Systems Ltd.        25.05.2008        29,4MB        6.0.0
Adobe Acrobat 7.1.0 Professional        Adobe Systems        01.01.1970                7.1.0
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        06.11.2011                10.0.12.36
Adobe Flash Player 10 Plugin        Adobe Systems Incorporated        07.11.2011                10.3.181.26
Adobe Shockwave Player 11        Adobe Systems, Inc.        06.11.2011                11
Agere Systems PCI Soft Modem                               
AirPlus G        D-Link        09.02.2009               
ANIO Service                               
ANIWZCS2 Service                06.11.2011               
Apple Application Support        Apple Inc.        17.09.2010        44,5MB        1.3.2
Apple Mobile Device Support        Apple Inc.        17.09.2010        20,1MB        3.2.0.47
Apple Software Update        Apple Inc.        17.08.2008        2,16MB        2.1.1.116
Ashampoo Burning Studio Elements 10.0.9        Ashampoo GmbH & Co. KG        01.08.2011                3.1.1
ATI - Software Uninstall Utility                06.11.2011                6.14.10.1022
ATI Catalyst Control Center                                2.008.0512.1132
ATI Display Driver                06.11.2011                8.493-080512a-063030C-ATI
Audible Download Manager        Audible, Inc.        06.11.2011                6.6.0.15
Auslogics Disk Defrag        Auslogics Software Pty Ltd        31.08.2009                version 2.1
C-Media High Definition Audio Driver                06.11.2011               
CCleaner        Piriform        07.11.2011                3.12
Conduit Engine        Conduit Ltd.        06.11.2011               
Diablo II                06.11.2011               
FLV Player 2.0, build 24        Martijn de Visser        06.11.2011                2.0, build 24
Free Audio CD Burner version 1.4        DVDVideoSoft Limited.        17.09.2010               
GoodSync        Siber Systems        06.11.2011                8.6.9.9
Google Chrome        Google Inc.        06.11.2011                15.0.874.106
Google Toolbar for Internet Explorer        Google Inc.        19.05.2009                7.1.2003.1856
HP Customer Participation Program 9.0        HP        06.11.2011                9.0
HP Imaging Device Functions 9.0        HP        06.11.2011                9.0
HP OCR Software 9.0        HP        06.11.2011                9.0
HP Photosmart All-In-One Software 9.0        HP        06.11.2011                9.0
HP Photosmart Essential 2.01        HP        06.11.2011                2.01
HP Smart Web Printing        Ihr Firmenname        08.06.2008        7,58MB        2.15.7.0
HP Solution Center 9.0        HP        06.11.2011                9.0
HP Update        Hewlett-Packard        07.09.2008        3,71MB        4.000.011.006
HPSSupply        Ihr Firmenname        08.06.2008        0,96MB        2.2.0.0000
iTunes        Apple Inc.        17.09.2010        135,9MB        10.0.0.68
Java(TM) 6 Update 26        Sun Microsystems, Inc.        04.12.2008        90,5MB        6.0.260
Java(TM) 6 Update 6        Sun Microsystems, Inc.        11.06.2008        114,3MB        1.6.0.60
Java(TM) 6 Update 7        Sun Microsystems, Inc.        10.08.2008        114,3MB        1.6.0.70
K-Lite Codec Pack 4.1.4 (Full)                23.09.2008                4.1.4
Logitech Desktop Messenger                06.11.2011               
Logitech Print Service                06.11.2011               
Logitech QuickCam        Logitech, Inc.        20.07.2008        229MB        8.20.0000
Logitech® Camera-Treiber                06.11.2011               
Malwarebytes' Anti-Malware Version 1.51.2.1300        Malwarebytes Corporation        03.11.2011                1.51.2.1300
McAfee AntiVirus Plus        McAfee, Inc.        07.11.2011                11.0.623
McAfee Security Scan Plus        McAfee, Inc.        06.11.2011                2.0.181.2
Microsoft .NET Framework 2.0 Service Pack 2        Microsoft Corporation        17.10.2011        184,4MB        2.2.30729
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU        Microsoft Corporation        16.02.2009        6,30MB        2.2.30729
Microsoft .NET Framework 3.0 Service Pack 2        Microsoft Corporation        22.06.2010        207MB        3.2.30729
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU        Microsoft Corporation        16.02.2009        37,5MB        3.2.30729
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        06.11.2011               
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        16.10.2010               
Microsoft Compression Client Pack 1.0 for Windows XP        Microsoft Corporation        30.06.2008                1
Microsoft Office Enterprise 2007        Microsoft Corporation        17.10.2011                12.0.6425.1000
Microsoft Office File Validation Add-In        Microsoft Corporation        17.10.2011        11,2MB        14.0.5130.5003
Microsoft Silverlight        Microsoft Corporation        17.10.2011        207MB        4.0.60831.0
Microsoft SQL Server Compact 3.5 SP1 English        Microsoft Corporation        19.04.2011        2,60MB        3.5.5692.0
Microsoft User-Mode Driver Framework Feature Pack 1.0        Microsoft Corporation        30.06.2008               
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053        Microsoft Corporation        10.08.2009        0,11MB        8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        17.06.2011        5,28MB        8.0.61001
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        14.05.2011        10,2MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        19.04.2011        10,2MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        17.06.2011        10,2MB        9.0.30729.6161
MobileMe Control Panel        Apple Inc.        04.10.2009        7,33MB        2.6.0.29
Mozilla Firefox 7.0.1 (x86 de)        Mozilla        07.11.2011                7.0.1
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        27.06.2008        2,62MB        4.20.9848.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        2,67MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        04.12.2009        2,77MB        4.20.9876.0
MyAshampoo Toolbar        MyAshampoo        06.11.2011                6.3.2.90
Nero Suite                06.11.2011               
PowerDVD                06.11.2011               
PPStream        PPStream.com        23.08.2009               
QuickTime        Apple Inc.        17.09.2010        73,7MB        7.67.75.0
RealPlayer        RealNetworks        06.11.2011               
Recover My Files        GetData Pty Ltd        31.08.2009                3.9.8.6472
Runes of Magic        Frogster Interactive Pictures        15.05.2009                2.0.0.1821
SAMSUNG Mobile Composite Device Software                06.11.2011               
SAMSUNG Mobile Modem Driver Set                06.11.2011               
Samsung Mobile phone USB driver Software                06.11.2011               
SAMSUNG Mobile USB Modem 1.0 Software                06.11.2011               
SAMSUNG Mobile USB Modem Software                06.11.2011               
Samsung PC Studio 3        Samsung Electronics Co., Ltd.        26.02.2009                3.2.3.90502
Samsung PC Studio 3 USB Driver Installer        Samsung Electronics Co., Ltd.        26.02.2009                3.2.0.70701
Security Update for Windows Search 4 - KB963093        Microsoft Corporation        09.06.2009               
Skype™ 4.2        Skype Technologies S.A.        29.06.2010        31,7MB        4.2.169
SopCast 3.2.9        www.sopcast.com        06.11.2011                3.2.9
Spybot - Search & Destroy        Safer Networking Limited        03.11.2011                1.6.2
TVAnts 1.0                06.11.2011               
TVUPlayer 2.3.4.1        TVU networks        06.11.2011                2.3.4.1
UUSEE 4.2.21 °æ        ÓÆÊÓÍø        06.11.2011               
Veetle TV Player 0.9.11        Veetle, Inc        06.11.2011                0.9.11
VLC media player 1.1.4        VideoLAN        06.11.2011                1.1.4
VoipCheapCom        Finarea S.A. Switzerland        06.11.2011                3.02 build 424
Windows Internet Explorer 8        Microsoft Corporation        28.05.2009                20090308.140743
Windows Live Anmelde-Assistent        Microsoft Corporation        19.02.2009        1,93MB        5.000.818.5
Windows Live Essentials        Microsoft Corporation        19.02.2009                14.0.8064.0206
Windows Live-Uploadtool        Microsoft Corporation        19.02.2009        0,22MB        14.0.8014.1029
Windows Media Format 11 runtime                07.11.2011               
Windows Media Player 11                07.11.2011               
Windows Search 4.0        Microsoft Corporation        11.12.2008                04.00.6001.503
Windows XP Service Pack 3        Microsoft Corporation        25.05.2008                20080414.031514
Windows-Sicherungsprogramm        Microsoft Corporation        16.09.2008        1,24MB        5.1
WinFuture xp-Iso-Builder 3.0.7        Tobias Schiek        29.05.2009               
WinZip 11.2        WinZip Computing, S.L.        08.06.2008        11,7MB        11.2.8094
X10 Hardware(TM)                06.11.2011               
XING-Plugin        (c) XING AG        28.09.2009        6,40MB        3.4.0

kira 08.11.2011 07:57
Zitat:
Zitat von jc36206 (Beitrag 718344)
1. Ich habe Unhide.exe laufen lassen - leider keine Änderung, d.h. Taskleiste und alle Icons sind nicht sichtbar.
sind die entfernten oder verlorenen Daten (verschoben oder gelöscht durch Trojaner) zu wiederherstellen nicht mehr möglich
außerdem:

die Ursachen für die Verseuchung mit Malware wurden bereits gefunden, also Du wirst wohl dein System neu aufsetzen müssen...
Zitat:
(Riskware.Tool.CK)
Das Installieren von "nicht legal erworbene Software" ist eine ziemlich sichere Methode, ein Rechner zu infizieren:
Einen durch Keygen [Key Generator/Keymaker] verseuchten PC und eventuell gespeicherte externe Daten auf SB Sticks, ext.Platte etc,, sollte formatiert und neu aufgesetzt werden, da durch gecrackte oder mit Viren verseuchte Software wie auch immer, ein Angreifer erfolgreich in dein System eingedrungen ist:-> *Technische Kompromittierung*
Denn die angebotenen Programme und Dateien enthalten jede erdenkliche Art von Malware/Schadprogramm wie z.B. Backdoors, Rootkits etc, die dann den PC unter Kontrolle nehmen und die Administratorrolle übernehmen können
Weil dieses `selbstzerrstörerischem Verhalten `illegal` ist bzw verstößt gegen das Gesetz, wir dürfen Dir nicht weiter helfen. Aus diesem Grund sehen wir uns gezwungen den Thread zu schließen:-> Forumregel!
Also Du kannst Dir viel Ärger und unnötige Zeitverschwendung ersparen, indem du dein System und auch die externe potenziell verseuchte Platte, USB-Stick etc neu installierst! Aber wenigstens hast Du dann nach einer Neuinstallation wieder ein sauberes System und hoffentlich hast Du was draus gelernt und in Zukunft lässt die Finger von...
http://www.world-of-smilies.com/wos_...eschlossen.gif

jc36206 08.11.2011 22:13
ja dann "danke" (zur info:...bewusst habe ich keine illegale software eingesetzt...)


Alle Zeitangaben in WEZ +1. Es ist jetzt 03:07 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130