defogger log Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:16 on 07/01/2012 (admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- OTL Extras Code:
OTL Extras logfile created on: 07.01.2012 15:27:05 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und
Einstellungen\admin\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -
Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:
dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,88 Gb Available Physical Memory |
88,70% Memory free
5,09 Gb Paging File | 4,93 Gb Available in Paging File | 96,87% Paging
File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Programme
Drive C: | 298,08 Gb Total Space | 257,09 Gb Free Space | 86,25% Space
Free | Partition Type: NTFS
Computer Name: NAME-xxx | User Name: Administrator | Logged in as
Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name
Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe
(Mozilla Corporation) ========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe"
%1 (Microsoft Corporation)
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe"
-requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe"
-requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe
%SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [dm Fotowelt] -- "C:\Programme\dm\dm Fotowelt\dm Fotowelt.exe"
"%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft
Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L
(Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security
Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2 ========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung -
Kompatibilitätsmodus (HTTP eingehend) ========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe" =
C:\Programme\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop
Messenger -- (Logitech Inc.)
"C:\DATEV\PROGRAMM\SWS\Limaservice.exe" =
C:\DATEV\PROGRAMM\SWS\LimaService.exe:*:Enabled:LimaService.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe" =
C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe:*:Enabled:DATEVAddMan.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" =
C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Enabled:ExecDllExe.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\Install\Uninstal.exe" =
C:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaServer.exe" =
C:\DATEV\PROGRAMM\SWS\LimaServer.exe:*:Enabled:LimaServer.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0001356\mIDentity.exe" =
C:\DATEV\PROGRAMM\B0001356\mIDentity.exe:*:Enabled:mIDentity.exe
"C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe" =
C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe:*:Enabled:SiPaHost.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000391\Datev.Security.Dokumentenschutz.exe" =
C:\DATEV\PROGRAMM\B0000391\Datev.Security.Dokumentenschutz.exe:*:Enabled:Datev.Security.Dokumentenschutz.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe" =
C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe:*:Enabled:DcManag.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe" =
C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe:*:Enabled:DfueMan.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\DFUEISDN\SecClt\SecClt.exe" =
C:\DATEV\PROGRAMM\DFUEISDN\SecClt\SecClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:SecClt.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\SSLClt.exe" =
C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\SSLClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:SSLClt.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe" =
C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Enabled:mntbna.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe" =
C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe:*:Enabled:ccsrv2.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe" =
C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe:*:Enabled:callauferst.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe" =
C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe:*:Enabled:DfueSammlerDienst.exe
-- ()
"C:\DATEV\PROGRAMM\RZKOMM\funktest.exe" =
C:\DATEV\PROGRAMM\RZKOMM\funktest.exe:*:Enabled:funktest.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe" =
C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe:*:Enabled:funkt_fv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\empftest.exe" =
C:\DATEV\PROGRAMM\RZKOMM\empftest.exe:*:Enabled:empftest.exe -- (DATEV eG)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe" =
C:\Programme\Gemeinsame
Dateien\Acronis\Agent\agent.exe:*:Enabled:Acronis Remote Agent -- (Acronis)
"C:\Programme\Acronis\LicenseServer\LicenseServerConsole.exe" =
C:\Programme\Acronis\LicenseServer\LicenseServerConsole.exe:*:Enabled:LicenseServerConsole
-- ()
"C:\Programme\Acronis\TrueImageEchoWorkstation\TrueImage.exe" =
C:\Programme\Acronis\TrueImageEchoWorkstation\TrueImage.exe:*:Enabled:Acronis
True Image -- (Acronis)
"C:\Programme\Gemeinsame Dateien\Acronis\TrueImage\TrueImageService.exe"
= C:\Programme\Gemeinsame
Dateien\Acronis\TrueImage\TrueImageService.exe:*:Enabled:Acronis True
Image Service -- (Acronis)
"C:\Programme\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe" =
C:\Programme\Logitech\Desktop
Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop
Messenger -- (Logitech Inc.)
"C:\DATEV\PROGRAMM\SWS\Limaservice.exe" =
C:\DATEV\PROGRAMM\SWS\LimaService.exe:*:Enabled:LimaService.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe" =
C:\DATEV\PROGRAMM\B0000195\ADDMAN\DATEVAddMan.exe:*:Enabled:DATEVAddMan.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\Install\Uninstal.exe" =
C:\DATEV\PROGRAMM\Install\Uninstal.exe:*:Enabled:Uninstal.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\SWS\LimaServer.exe" =
C:\DATEV\PROGRAMM\SWS\LimaServer.exe:*:Enabled:LimaServer.exe -- (DATEV eG)
"C:\Programme\Microsoft Office\Office\1031\WFXMSRVR.EXE" =
C:\Programme\Microsoft
Office\Office\1031\WFXMSRVR.EXE:*:Disabled:WFXMSRVR -- ()
"C:\DATEV\PROGRAMM\B0000391\Datev.Security.Dokumentenschutz.exe" =
C:\DATEV\PROGRAMM\B0000391\Datev.Security.Dokumentenschutz.exe:*:Enabled:Datev.Security.Dokumentenschutz.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe" =
C:\DATEV\PROGRAMM\RZKOMM\callauferst.exe:*:Disabled:callauferst.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe" =
C:\DATEV\PROGRAMM\RZKOMM\ccsrv2.exe:*:Disabled:ccsrv2.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe" =
C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe:*:Disabled:DcManag.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe" =
C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DfueMan.exe:*:Disabled:DfueMan.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe" =
C:\DATEV\PROGRAMM\RZKOMM\DfueSammlerDienst.exe:*:Disabled:DfueSammlerDienst.exe
-- ()
"C:\DATEV\PROGRAMM\RZKOMM\empftest.exe" =
C:\DATEV\PROGRAMM\RZKOMM\empftest.exe:*:Disabled:empftest.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe" =
C:\DATEV\PROGRAMM\Install\ExecDll\ExecDllExe.exe:*:Disabled:ExecDllExe.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe" =
C:\DATEV\PROGRAMM\RZKOMM\funkt_fv.exe:*:Disabled:funkt_fv.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\RZKOMM\funktest.exe" =
C:\DATEV\PROGRAMM\RZKOMM\funktest.exe:*:Disabled:funktest.exe -- (DATEV eG)
"C:\DATEV\PROGRAMM\B0001356\mIDentity.exe" =
C:\DATEV\PROGRAMM\B0001356\mIDentity.exe:*:Disabled:mIDentity.exe
"C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe" =
C:\DATEV\PROGRAMM\DFUEWS\MNTBNA\mntbna.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Disabled:mntbna.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\DFUEISDN\SecClt\SecClt.exe" =
C:\DATEV\PROGRAMM\DFUEISDN\SecClt\SecClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Disabled:SecClt.exe
-- (DATEV eG)
"C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe" =
C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe:*:Disabled:SipaHost.exe --
(DATEV eG)
"C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\SSLClt.exe" =
C:\DATEV\PROGRAMM\DFUEISDN\SSLClt\SSLClt.exe:10.0.0.0/255.0.0.0,172.16.0.0/255.240.0.0,192.168.0.0/255.255.0.0:Disabled:SSLClt.exe
-- (DATEV eG) ========== HKEY_LOCAL_MACHINE Uninstall List
==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000
Professional
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005
Express Edition (DATEV_CL_DE01)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5
Language Pack SP1 - deu
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das
Microsoft SQL Server-Setup (Englisch)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4
Extended
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D0EEFA0-463D-4DE0-B855-80B902DDC477}" = DATALINE Office
"{16E7ADEA-748B-C433-FD49-D54BDEC05610}" = CCC Help Greek
"{175FD306-B4E3-74E4-B08A-A4BA29144837}" = CCC Help Spanish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1B93BD78-CF9B-BBF4-C607-683F6029FD66}" = Catalyst Control Center
Localization German
"{1D3EBA0E-F29F-53A9-0978-D62B08A2E7D7}" = Catalyst Control Center Core
Implementation
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.4148
"{22F786F1-A517-F15F-4284-1FD1373C7B4A}" = ccc-core-static
"{258AF117-E673-486F-AECD-1B5C9C125E5A}" = Acronis License Server
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 21
"{2813B282-026F-EDEC-6A35-932F3BD97CA5}" = ccc-core-preinstall
"{291E051D-BE66-4A35-B1A5-2233DC1768C3}" = DATALINE Office
"{2A556AE6-CF1E-412F-89F3-6E224B9FFD56}" = Skins
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery Zweckform DesignPro
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4
Client Profile
"{3ED07A82-39A8-4D1A-BB36-23FCABD2AC9A}" = Acronis True Image Echo
Workstation
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{421D2422-B744-E3A5-A6F5-6C5B578664D2}" = Catalyst Control Center
Graphics Previews Common
"{43EDF0B8-2B5E-CC4D-C506-AAC8BA77BBEF}" = Catalyst Control Center
Graphics Light
"{455B0AC4-7C7E-440D-8B1E-19967C87C31B}_" = DATALINE Olümp
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30411
"{5FCFEBE0-EBDA-42A5-BC6E-67B94A47D6F0}" = kobdfu x64x86 driver installation
"{649CB064-0E77-D3F7-8560-3DCFC1543BE4}" = Catalyst Control Center
Localization Hungarian
"{686B876A-B5CC-4AE3-9DE5-5F7699B57008}" = DATALINE Office
"{71649C44-99E4-4355-883A-18B5CF876D30}_" = DATALINE Olümp
"{7171189A-FBA1-47EE-B368-C91C59405EBF}" = Microsoft SQL Server Native
Client
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{74B0C29B-AC88-3945-61F8-126CC39AA7F8}" = ccc-utility
"{7AC157FF-123A-49B1-B4F3-CB87EB9E270C}" = DATALINE Office
"{7CE979C6-E5FF-41C5-B6CC-4EE18071563B}" = SierraAddressBook 3.0
"{7FA3650A-9F3A-4A15-9630-42C48939CC04}" = Microsoft SQL Server VSS Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005
Redistributable
"{891D0B03-05DF-4CD1-B267-268FDA1C1031}" = Nero 8 Essentials
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{909B62B0-8ACA-4061-A83B-09CAEF609619}" = MSXML 6.0 Parser
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation
Foundation Language Pack (DEU)
"{94124936-2036-47C9-A73F-F15420EA38C4}" = DATALINE Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008
Redistributable - x86 9.0.30729.17
"{9E7CAD7A-3CD0-DA5A-9D8C-4D7759FF74BB}" = Catalyst Control Center
Localization Polish
"{A234F78A-9ACD-ADD7-92B8-84F9B0903B23}" = Catalyst Control Center
Localization Greek
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0
Service Pack 2
"{A759C116-F7BD-4998-84CC-C35FEE3CDDB2}" = Avery Zweckform Assistent 4
"{A93BCB4C-257F-3E72-AC72-390C5E27E745}" = CCC Help Italian
"{AAD87524-CD0D-4BAC-B4C0-D7A9BFE4DC70}_" = DATALINE Olümp
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{B49E04E3-701B-A139-BC40-1303983E3DA2}" = CCC Help Portuguese
"{B4FC780C-94E2-41CB-970D-4B61C1905E5E}" = SQLXML4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD38DA74-0512-8483-0171-4F6EC98231B6}" = Catalyst Control Center
Graphics Full New
"{BDDC6360-A196-49D8-89A2-DCDC84FD4D57}" = DATALINE Olümp
"{BDDC6360-A196-49D8-89A2-DCDC84FD4D57}_" = DATALINE Olümp
"{BEA94637-6F6D-92D9-FAF9-FB63C85426B4}" = CCC Help English
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0
Service Pack 2
"{C2298951-2BFF-E1ED-2C66-F171F4A4F3C1}" = CCC Help Polish
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0
Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0
Service Pack 2 Language Pack - DEU
"{C47CA59E-9750-5F1C-72E7-CEE25A3A6B72}" = Catalyst Control Center
Graphics Full Existing
"{C5CBEBFF-3DB4-4271-A706-757BBE3BD5AE}" = KOBIL CCID driver x64x86
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4
Extended DEU Language Pack
"{C96DC6D3-8DE7-8946-7DA1-771BAF0D7350}" = Catalyst Control Center
Localization Spanish
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6520397-35C8-512A-3C93-F2B90A8BEA30}" = Catalyst Control Center
Localization Portuguese
"{D6CD0E8A-7B68-77E8-B871-9E86CF88E8C1}" = Catalyst Control Center
Localization Italian
"{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}" = kikin plugin 2.11
"{E6CF8F7C-C57D-8B76-CC84-48D60D7171B8}" = CCC Help German
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1
German Language Pack
"{E9F68739-E2A9-40A9-B4B9-15E423E37C80}" = DATALINE Office
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010
x86 Redistributable - 10.0.40219
"{F0CC9176-6473-ABAA-5A62-F59D516CC7D1}" = CCC Help French
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio
Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0
German Language Pack
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4
Client Profile DEU Language Pack
"{F8AEA743-A9CB-453C-9B3C-53D7F1D0CC22}" = B1315AppGuid
"{F9D5B560-B1EA-B196-13A5-2C94FC684FA9}" = CCC Help Hungarian
"{F9F037B4-36F1-0569-E245-90CEEABC37E0}" = Catalyst Control Center
Localization French
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center -
Branding
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVM ISDN CAPI Port" = AVM ISDN CAPI Port
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CCleaner" = CCleaner
"DATEVB00000482.0" = DATEV Installation V.2.8
"dm Fotowelt" = dm Fotowelt
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FRITZ! 2.0" = AVM FRITZ!
"FTDICOMM" = FTDI USB Serial Converter Drivers
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names
Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version
1.60.0.1800
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET
Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET
Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4
Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" =
Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET
Framework 4 Extended DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PERFIDIA Standalone" = PERFIDIA Standalone
"Print Artist 10" = SierraHome Print Artist 10
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"Winsol_is1" = Winsol 1.20
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 ========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.01.2012 04:14:24 | Computer Name = NAME-878FEC4E2B | Source =
PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die
Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in
DWORD 0.
[ System Events ]
Error - 07.01.2012 09:53:42 | Computer Name = NAME-878FEC4E2B | Source =
Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (DATEV_CL_DE01)" wurde mit
folgendem dienstspezifischem
Fehler beendet: 3414 (0xD56).
Error - 07.01.2012 10:04:22 | Computer Name = NAME-878FEC4E2B | Source =
Service Control Manager | ID = 7024
Description = Der Dienst "SQL Server (DATEV_CL_DE01)" wurde mit
folgendem dienstspezifischem
Fehler beendet: 3414 (0xD56).
Error - 07.01.2012 10:14:30 | Computer Name = NAME-xxx | Source =
DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der
Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu
verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 07.01.2012 10:15:37 | Computer Name = NAME-878FEC4E2B | Source =
Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist
fehlgeschlagen:
avipbb avkmgr Fips i8042prt intelppm SASDIFSV SASKUTIL ssmdrv
Error - 07.01.2012 10:24:49 | Computer Name = NAME-878FEC4E2B | Source =
DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der
Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu
verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report > --- --- ---
[/code]
OTL Logfile: Code:
OTL logfile created on: 07.01.2012 15:27:05 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und
Einstellungen\admin\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -
Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format:
dd.MM.yyyy
3,25 Gb Total Physical Memory | 2,88 Gb Available Physical Memory |
88,70% Memory free
5,09 Gb Paging File | 4,93 Gb Available in Paging File | 96,87% Paging
File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Programme
Drive C: | 298,08 Gb Total Space | 257,09 Gb Free Space | 86,25% Space
Free | Partition Type: NTFS
Computer Name: NAME-xxx | User Name: Administrator | Logged in as
Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name
Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ==========
PRC - [2012.01.07 14:57:11 | 000,584,192 | ---- | M] (OldTimer Tools) --
C:\Dokumente und Einstellungen\admin\Eigene Dateien\Downloads\OTL.exe
PRC - [2011.12.04 17:39:04 | 000,924,632 | ---- | M] (Mozilla
Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.09.20 19:32:02 | 000,116,608 | ---- | M]
(SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft
Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ==========
MOD - [2011.12.24 20:42:28 | 008,527,008 | ---- | M] () --
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.12.04 17:39:04 | 001,989,592 | ---- | M] () --
C:\Programme\Mozilla Firefox\mozjs.dll ========== Win32 Services (SafeList) ==========
SRV - [2011.12.15 14:59:48 | 000,086,224 | ---- | M] (Avira Operations
GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir
Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.15 14:59:38 | 000,110,032 | ---- | M] (Avira Operations
GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir
Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.20 19:32:02 | 000,116,608 | ---- | M]
(SUPERAntiSpyware.com) [Auto | Running] --
C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010.12.10 02:47:00 | 000,155,232 | ---- | M] (DATEV eG)
[On_Demand | Stopped] -- C:\DATEV\PROGRAMM\INSTALL\DvInesASDSvc.Exe --
(DATEV Update-Service)
SRV - [2010.12.08 02:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto |
Stopped] -- C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService)
SRV - [2010.12.01 09:03:10 | 002,407,520 | ---- | M] (DATEV eG) [Auto |
Stopped] -- C:\DATEV\PROGRAMM\B0000150\ScServer\DVckService.exe --
(DVckService)
SRV - [2010.09.22 16:47:22 | 000,292,960 | ---- | M] (DATEV eG) [Auto |
Stopped] -- C:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardService.exe --
(SCardService)
SRV - [2010.09.08 16:48:12 | 000,271,456 | ---- | M] (Datev eG) [Auto |
Stopped] -- C:\DATEV\PROGRAMM\B0000398\SiPaHostService.exe --
(Sicherheitspaket-Dienst)
SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto
| Stopped] -- C:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DVSmartCardLogon)
SRV - [2010.09.03 14:50:22 | 000,406,112 | ---- | M] (DATEV e.G.) [Auto
| Stopped] -- C:\DATEV\PROGRAMM\B0001364\DtvScSer.exe -- (DATEV Logon
Service)
SRV - [2010.08.25 07:54:06 | 000,194,144 | ---- | M] (KOBIL Systems
GmbH) [Auto | Stopped] -- C:\DATEV\PROGRAMM\B0000404\msdisrv.exe --
(KOBIL_MSDI)
SRV - [2008.09.22 08:47:14 | 000,176,128 | ---- | M] (DATEV eG) [Auto |
Stopped] -- C:\DATEV\PROGRAMM\B0000000\DFUEMNGR\DcManag.exe -- (Dcmanag)
SRV - [2008.07.17 15:16:54 | 000,517,856 | ---- | M] (Acronis) [Auto |
Stopped] -- C:\Programme\Gemeinsame Dateien\Acronis\Agent\agent.exe --
(AcronisAgent)
SRV - [2008.07.17 13:18:40 | 000,455,960 | ---- | M] (Acronis) [Auto |
Stopped] -- C:\Programme\Gemeinsame
Dateien\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008.06.24 16:05:56 | 000,537,896 | ---- | M] (Nero AG)
[On_Demand | Stopped] -- C:\Programme\Gemeinsame
Dateien\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.)
[On_Demand | Stopped] -- C:\Programme\Gemeinsame
Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) ========== Driver Services (SafeList) ==========
DRV - [2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH)
[Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys --
(avipbb)
DRV - [2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH)
[File_System | Auto | Stopped] --
C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH)
[Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avkmgr.sys --
(avkmgr)
DRV - [2011.09.20 19:31:31 | 000,067,664 | ---- | M] (SUPERAdBlocker.com
and SUPERAntiSpyware.com) [Kernel | System | Stopped] --
C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011.09.20 19:31:30 | 000,012,880 | ---- | M] (SUPERAdBlocker.com
and SUPERAntiSpyware.com) [Kernel | System | Stopped] --
C:\Programme\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011.03.18 13:46:26 | 000,061,704 | ---- | M] (FTDI Ltd.) [Kernel
| On_Demand | Running] -- C:\WINDOWS\system32\drivers\ftdibus.sys --
(FTDIBUS)
DRV - [2011.03.18 13:46:10 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys --
(FTSER2K)
DRV - [2010.10.12 07:59:30 | 000,012,872 | ---- | M] (
SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand |
Stopped] -- C:\Programme\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010.07.08 11:19:22 | 000,073,072 | ---- | M] (Datev eG) [Kernel
| Auto | Stopped] -- C:\WINDOWS\system32\drivers\d3_kafm.sys -- (SC_Serv3D)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH)
[Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys --
(ssmdrv)
DRV - [2008.12.22 14:09:55 | 000,441,760 | ---- | M] (Acronis) [Kernel |
Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.12.22 14:09:55 | 000,044,384 | ---- | M] (Acronis)
[File_System | Auto | Stopped] --
C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.12.22 14:09:48 | 000,132,352 | ---- | M] (Acronis) [Kernel |
Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.11.12 14:54:00 | 000,037,376 | ---- | M] (Atheros
Communications, Inc.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\l151x86.sys -- (AtcL001)
DRV - [2008.10.13 17:26:10 | 004,879,360 | ---- | M] (Realtek
Semiconductor Corp.) [Kernel | On_Demand | Stopped] --
C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
Service for Realtek HD Audio (WDM)
DRV - [2008.10.01 14:32:20 | 000,082,272 | ---- | M] (JMicron Technology
Corp.) [Kernel | Boot | Running] --
C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2008.09.24 04:09:07 | 003,331,072 | ---- | M] (ATI Technologies
Inc.) [Kernel | On_Demand | Stopped] --
C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.05.21 00:53:36 | 000,093,696 | ---- | M] (ATI Research Inc.)
[Kernel | On_Demand | Stopped] --
C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.)
[Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.)
[Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 03:12:48 | 000,020,240 | ---- | M] (Logitech, Inc.)
[Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2004.11.24 00:00:00 | 000,548,864 | ---- | M] (AVM Berlin)
[Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\fpcibase.sys -- (fpcibase)
DRV - [2004.11.24 00:00:00 | 000,053,248 | ---- | M] (AVM GmbH) [Kernel
| On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys --
(AVMCOWAN)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel |
On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.05.24 13:35:06 | 000,059,520 | ---- | M] (AVM Berlin)
[Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\avmport.sys --
(AVMPORT)
DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel
| On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmwan.sys -- (AVMWAN) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0 ========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:
C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin:
C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5:
c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation
Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components
[2011.12.04 17:39:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox
8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2012.01.06 17:16:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird
8.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components
[2011.09.03 21:04:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird
8.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2012.01.07 15:25:14 | 000,000,000 | ---D | M] (No name found) --
C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2011.12.04 17:39:10 | 000,000,000 | ---D | M] (No name found) --
C:\Programme\Mozilla Firefox\extensions
[2011.12.04 17:39:04 | 000,134,104 | ---- | M] (Mozilla Foundation) --
C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.07.17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.)
-- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.04 17:39:02 | 000,001,392 | ---- | M] () --
C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.04 17:39:02 | 000,002,252 | ---- | M] () --
C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.04 17:39:02 | 000,001,153 | ---- | M] () --
C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.04 17:39:02 | 000,006,805 | ---- | M] () --
C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.04 17:39:02 | 000,001,178 | ---- | M] () --
C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.04 17:39:02 | 000,001,105 | ---- | M] () --
C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) -
C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -
C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
(Adobe Systems Incorporated)
O2 - BHO: (no name) - {557F4852-8868-44dd-B5E9-9890AC4B1FD5} - No CLSID
value found.
O2 - BHO: (DtvIePwdSafeBHO Class) -
{6EF6B546-25FB-455B-801F-FDB3B3D39F9E} -
C:\DATEV\PROGRAMM\B0000397\DtvIePwdSafe.dll (DATEV eG)
O2 - BHO: (SCardBHOEvent Class) - {AF8CD625-E04A-4A8F-A90A-0C74846C2E30}
- C:\DATEV\SYSTEM\DVCCSASCardBHO002.dll (DATEV eG)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} -
C:\Programme\kikin\ie_kikin.dll (kikin)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) -
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Programme\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [36X Raid Configurer]
C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame
Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor]
C:\Programme\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame
Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor
Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATALINE Office Updater] C:\Programme\DATALINE Office
Update\updctrl.exe (DATALINE GmbH & Co. KG)
O4 - HKLM..\Run: [DATEV_SCardMan]
C:\DATEV\PROGRAMM\B0000347\ScMgmt\SCardManager.exe (DATEV eG)
O4 - HKLM..\Run: [DVCCSAWTSSetEntryNTE]
C:\DATEV\PROGRAMM\B0000150\ScWTS\DVCCSAWTSSetEntryNTE.exe (DATEV eG)
O4 - HKLM..\Run: [Easy-PrintToolBox]
C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer]
C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero
BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame
Dateien\Nero\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PDVD8LanguageShortcut]
c:\Programme\CyberLink\PowerDVD8\Language\Language.exe File not found
O4 - HKLM..\Run: [RemoteControl8]
c:\Programme\CyberLink\PowerDVD8\PDVD8Serv.exe File not found
O4 - HKLM..\Run: [SiPaHost] C:\DATEV\PROGRAMM\B0000398\SiPaHost.exe
(DATEV eG)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI
Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame
Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe]
C:\Programme\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame
Dateien\Nero\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\SkyUserDevmode-Update.lnk =
C:\DATEV\PROGRAMM\B0001401\UpdateDevmode.exe (DATEV eG)
O4 - Startup: C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\Symantec Fax Starter
Edition-Anschluss.lnk = C:\Programme\Microsoft
Office\Office\1031\OLFSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All
Users\Startmenü\Programme\Autostart\Winsol_Autostart.lnk =
C:\Programme\Heizung\Technische Alternative\Winsol\Winsol.exe
(Technische Alternative)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : My kikin -
{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Programme\kikin\ie_kikin.dll
(kikin)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
(Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
(Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
(Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
192.168.2.1
O17 -
HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C15B3C93-174B-4A23-9960-39FCBF4E8369}:
DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bwfile-8876480
{9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop
Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\ipp\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001
{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb
{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame
Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe
(Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe)
-C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName -
(C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) -
C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) -
C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DVCCSA: DllName - (DVCCSAnotify002.dll) -
C:\WINDOWS\System32\DVCCSAnotify002.dll (DATEV eG)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame
dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame
Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} -
C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft
Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} -
C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap)
-C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.09 14:40:28 | 000,000,000 | ---- | M] () -
C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET
Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {0F1D198F-E5EA-4542-930E-2FB2B099F3F3} - LanaConfigTool_3383
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering
(VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows
Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET
Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} -
%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic
HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET
Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user
/install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java
Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows
Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe
advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer
Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows
Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT
/user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n
/i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} -
C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} -
c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core
Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory
Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} -
C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} -
C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} -
C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -
"C:\WINDOWS\system32\rundll32.exe"
"C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} -
%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0
CREATERESTOREPOINT
Error creating restore point. ========== Files/Folders - Created Within 30 Days
==========
[2012.01.07 15:26:28 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2012.01.07 15:26:28 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Adobe
[2012.01.07 15:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2012.01.07 15:25:13 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2012.01.07 15:14:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und
Einstellungen\Administrator\IETldCache
[2012.01.07 15:13:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2012.01.06 17:09:56 | 000,000,000 | ---D | C] --
C:\Programme\Gemeinsame Dateien\Adobe
[2012.01.06 17:09:56 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2012.01.06 16:10:12 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.06 14:27:36 | 000,000,000 | ---D | C] --
C:\WINDOWS\System32\WindowsPowerShell
[2012.01.06 14:27:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\winrm
[2012.01.06 14:27:29 | 000,000,000 | -H-D | C] --
C:\WINDOWS\$968930Uinstall_KB968930$
[2012.01.06 14:26:22 | 000,000,000 | ---D | C] -- C:\Programme\Windows
Media Connect 2
[2012.01.06 14:24:23 | 000,000,000 | ---D | C] --
C:\WINDOWS\System32\drivers\UMDF
[2012.01.06 14:24:23 | 000,000,000 | ---D | C] --
C:\WINDOWS\System32\LogFiles
[2012.01.06 13:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Startmenü\Programme\CCleaner
[2012.01.06 12:38:31 | 000,000,000 | ---D | C] -- C:\Temp
[2012.01.02 09:36:57 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.12.28 15:21:30 | 000,000,000 | ---D | C] --
C:\Programme\Gemeinsame Dateien\INDAC
[2011.12.28 15:09:58 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Startmenü\Programme\Avira
[2011.12.28 14:53:05 | 000,028,520 | ---- | C] (Avira GmbH) --
C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.12.28 14:53:02 | 000,134,856 | ---- | C] (Avira GmbH) --
C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.28 14:53:02 | 000,074,640 | ---- | C] (Avira GmbH) --
C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.28 14:53:02 | 000,036,000 | ---- | C] (Avira GmbH) --
C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.28 14:53:01 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.12.20 16:24:24 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2011.12.20 16:23:25 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\DATALINE Office
[2011.12.20 16:21:59 | 000,000,000 | ---D | C] -- C:\Dokumente und
Einstellungen\All Users\Startmenü\Programme\DATALINE Office
[1999.03.12 01:22:04 | 000,099,840 | ---- | C] (Symantec Corp.) --
C:\Programme\Gemeinsame Dateien\IRAABOUT.DLL
[1998.12.09 10:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter
Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAREG.DLL
[1998.12.09 10:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter
Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAMDMTR.DLL
[1998.12.09 10:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter
Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRALPTTR.DLL
[1998.12.09 10:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter
Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAWEBTR.DLL
[1998.12.09 10:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) --
C:\Programme\Gemeinsame Dateien\IRASRIAL.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ==========
[2012.01.07 15:14:14 | 000,001,158 | ---- | M] () --
C:\WINDOWS\System32\wpa.dbl
[2012.01.07 15:13:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.07 15:03:57 | 000,055,160 | ---- | M] () --
C:\WINDOWS\System32\ativvaxx.cap
[2012.01.06 17:39:59 | 000,000,210 | -HS- | M] () -- C:\boot.ini
[2012.01.06 17:16:11 | 000,001,709 | ---- | M] () -- C:\Dokumente und
Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2012.01.06 15:27:02 | 000,609,986 | ---- | M] () --
C:\WINDOWS\System32\perfh007.dat
[2012.01.06 15:27:02 | 000,550,110 | ---- | M] () --
C:\WINDOWS\System32\perfh009.dat
[2012.01.06 15:27:02 | 000,139,918 | ---- | M] () --
C:\WINDOWS\System32\perfc007.dat
[2012.01.06 15:27:02 | 000,106,748 | ---- | M] () --
C:\WINDOWS\System32\perfc009.dat
[2012.01.06 14:26:46 | 000,023,392 | ---- | M] () --
C:\WINDOWS\System32\nscompat.tlb
[2012.01.06 14:26:46 | 000,016,832 | ---- | M] () --
C:\WINDOWS\System32\amcompat.tlb
[2012.01.06 14:24:28 | 000,000,000 | -H-- | M] () --
C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.12.28 15:09:58 | 000,001,671 | ---- | M] () -- C:\Dokumente und
Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2011.12.20 16:21:59 | 000,001,475 | ---- | M] () -- C:\Dokumente und
Einstellungen\All Users\Desktop\Dataline Office.lnk
[2011.12.20 16:09:17 | 000,000,403 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.12.15 15:00:00 | 000,134,856 | ---- | M] (Avira GmbH) --
C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.15 15:00:00 | 000,074,640 | ---- | M] (Avira GmbH) --
C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.15 15:00:00 | 000,036,000 | ---- | M] (Avira GmbH) --
C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.14 20:01:24 | 000,321,928 | ---- | M] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes
Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ==========
[2012.01.06 17:39:58 | 000,000,932 | ---- | C] () -- C:\Dokumente und
Einstellungen\All Users\Startmenü\Programme\Autostart\Symantec Fax
Starter Edition-Anschluss.lnk
[2012.01.06 17:39:58 | 000,000,847 | ---- | C] () -- C:\Dokumente und
Einstellungen\All Users\Startmenü\Programme\Autostart\Winsol_Autostart.lnk
[2012.01.06 17:11:19 | 000,001,709 | ---- | C] () -- C:\Dokumente und
Einstellungen\All Users\Desktop\Adobe Reader 8.lnk
[2012.01.06 17:11:18 | 000,002,347 | ---- | C] () -- C:\Dokumente und
Einstellungen\All Users\Startmenü\Programme\Adobe Reader 8.lnk
[2012.01.06 14:24:28 | 000,000,000 | -H-- | C] () --
C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.12.28 14:53:15 | 000,001,671 | ---- | C] () -- C:\Dokumente und
Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2011.01.21 20:08:10 | 000,703,078 | ---- | C] () -- C:\Dokumente und
Einstellungen\LocalService\Lokale
Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-4038210848-50836512-215213560-1005-0.dat
[2011.01.21 20:08:09 | 000,308,234 | ---- | C] () -- C:\Dokumente und
Einstellungen\LocalService\Lokale
Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2010.09.22 16:48:26 | 000,032,352 | ---- | C] () --
C:\WINDOWS\System32\JNILibrary.dll
[2010.09.22 16:48:06 | 000,114,272 | ---- | C] () --
C:\WINDOWS\System32\INetCert.dll
[2009.12.20 14:15:59 | 000,086,082 | R--- | C] () --
C:\WINDOWS\System32\ftdiunin.exe
[2009.12.20 14:15:59 | 000,000,110 | R--- | C] () --
C:\WINDOWS\System32\ftdiun2k.ini
[2009.06.30 17:08:48 | 000,000,085 | -HS- | C] () -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.01.21 07:41:27 | 000,000,069 | ---- | C] () --
C:\WINDOWS\NeroDigital.ini
[2009.01.12 18:10:22 | 000,000,021 | ---- | C] () --
C:\WINDOWS\DvInesKurusOleServer003.INI
[2008.12.22 21:00:42 | 000,000,488 | ---- | C] () -- C:\WINDOWS\WINLABEL.INI
[2008.12.22 20:50:54 | 000,000,216 | ---- | C] () -- C:\WINDOWS\Sierra.ini
[2008.12.22 15:51:39 | 000,008,704 | ---- | C] () --
C:\WINDOWS\System32\CNMVS78.DLL
[2008.12.22 13:57:42 | 000,053,248 | ---- | C] () --
C:\WINDOWS\System32\TSLV.dll
[2008.12.22 13:57:41 | 000,266,240 | ---- | C] () --
C:\WINDOWS\System32\ExportModeller.dll
[2008.12.22 13:57:41 | 000,016,473 | ---- | C] () --
C:\WINDOWS\System32\SELF32.INI
[2008.12.22 13:47:52 | 000,015,128 | ---- | C] () --
C:\WINDOWS\System32\skypdfmonpro.dll
[2008.12.22 13:47:52 | 000,013,080 | ---- | C] () --
C:\WINDOWS\System32\skypdfmonuipro.dll
[2008.12.22 13:41:56 | 000,000,021 | ---- | C] () --
C:\WINDOWS\DvInesKurusOleServer002.INI
[2008.12.22 13:41:49 | 000,000,107 | ---- | C] () --
C:\WINDOWS\dvinesinstart001.INI
[2008.12.22 13:41:49 | 000,000,107 | ---- | C] () --
C:\WINDOWS\dvinesinstalllocation001.INI
[2008.12.22 13:41:40 | 000,000,108 | ---- | C] () -- C:\WINDOWS\Startup.INI
[2008.12.19 10:50:22 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.19 10:50:22 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008.12.19 10:50:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2008.12.16 12:30:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.12.10 15:38:39 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.12.09 15:06:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2008.12.09 15:04:00 | 000,593,920 | ---- | C] () --
C:\WINDOWS\System32\ati2sgag.exe
[2008.12.09 14:50:47 | 000,000,146 | ---- | C] () -- C:\Dokumente und
Einstellungen\Administrator\Lokale
Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.12.09 14:48:24 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2008.12.09 14:41:29 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.12.09 14:38:49 | 000,021,740 | ---- | C] () --
C:\WINDOWS\System32\emptyregdb.dat
[2008.12.09 14:34:47 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.09 14:34:18 | 000,321,928 | ---- | C] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2008.12.09 14:30:13 | 003,107,788 | ---- | C] () --
C:\WINDOWS\System32\ativvaxx.dat
[2008.12.09 14:30:13 | 003,107,788 | ---- | C] () --
C:\WINDOWS\System32\ativva5x.dat
[2008.12.09 14:30:13 | 000,887,724 | ---- | C] () --
C:\WINDOWS\System32\ativva6x.dat
[2008.12.09 14:30:13 | 000,176,918 | ---- | C] () --
C:\WINDOWS\System32\atiicdxx.dat
[2008.12.09 14:30:13 | 000,090,112 | ---- | C] () --
C:\WINDOWS\System32\atibrtmon.exe
[2008.12.09 14:30:13 | 000,081,920 | ---- | C] () --
C:\WINDOWS\System32\ATIODE.exe
[2008.12.09 14:30:13 | 000,040,960 | ---- | C] () --
C:\WINDOWS\System32\ATIODCLI.exe
[2008.12.09 14:30:08 | 000,002,480 | ---- | C] () --
C:\WINDOWS\System32\oeminfo.ini
[2008.12.09 14:30:06 | 000,609,986 | ---- | C] () --
C:\WINDOWS\System32\perfh007.dat
[2008.12.09 14:30:06 | 000,269,480 | ---- | C] () --
C:\WINDOWS\System32\perfi007.dat
[2008.12.09 14:30:06 | 000,139,918 | ---- | C] () --
C:\WINDOWS\System32\perfc007.dat
[2008.12.09 14:30:06 | 000,034,478 | ---- | C] () --
C:\WINDOWS\System32\perfd007.dat
[2008.12.09 14:30:04 | 000,004,569 | ---- | C] () --
C:\WINDOWS\System32\secupd.dat
[2008.12.09 14:30:03 | 000,550,110 | ---- | C] () --
C:\WINDOWS\System32\perfh009.dat
[2008.12.09 14:30:03 | 000,272,128 | ---- | C] () --
C:\WINDOWS\System32\perfi009.dat
[2008.12.09 14:30:03 | 000,106,748 | ---- | C] () --
C:\WINDOWS\System32\perfc009.dat
[2008.12.09 14:30:03 | 000,028,626 | ---- | C] () --
C:\WINDOWS\System32\perfd009.dat
[2008.12.09 14:30:02 | 013,107,200 | ---- | C] () --
C:\WINDOWS\System32\oembios.bin
[2008.12.09 14:30:02 | 000,004,518 | ---- | C] () --
C:\WINDOWS\System32\oembios.dat
[2008.12.09 14:30:02 | 000,000,741 | ---- | C] () --
C:\WINDOWS\System32\noise.dat
[2008.12.09 14:30:01 | 000,673,088 | ---- | C] () --
C:\WINDOWS\System32\mlang.dat
[2008.12.09 14:30:01 | 000,046,258 | ---- | C] () --
C:\WINDOWS\System32\mib.bin
[2008.12.09 14:30:00 | 000,218,003 | ---- | C] () --
C:\WINDOWS\System32\dssec.dat
[2008.12.09 14:29:59 | 000,001,804 | ---- | C] () --
C:\WINDOWS\System32\Dcache.bin
[2008.12.09 14:28:42 | 000,005,810 | ---- | C] () --
C:\WINDOWS\System32\drivers\ASACPI.sys
[2008.05.26 22:23:36 | 000,016,834 | ---- | C] () --
C:\WINDOWS\System32\gthrctr.ini
[2008.05.26 22:23:34 | 000,024,188 | ---- | C] () --
C:\WINDOWS\System32\idxcntrs.ini
[2008.05.26 22:23:32 | 000,016,568 | ---- | C] () --
C:\WINDOWS\System32\gsrvctr.ini
[2008.05.26 21:59:42 | 000,018,904 | ---- | C] () --
C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008.05.26 21:59:40 | 000,106,605 | ---- | C] () --
C:\WINDOWS\System32\structuredqueryschema.bin
[2002.02.27 10:41:28 | 000,024,576 | ---- | C] () --
C:\WINDOWS\System32\nsldappr32v50.dll
[2002.02.27 10:41:26 | 000,040,960 | ---- | C] () --
C:\WINDOWS\System32\nsldapssl32v50.dll
[1999.01.23 02:46:58 | 000,065,536 | ---- | C] () --
C:\WINDOWS\System32\MSRTEDIT.DLL
[1999.01.19 15:18:30 | 000,110,080 | ---- | C] () --
C:\WINDOWS\System32\LFPNG60N.DLL
[1999.01.19 15:18:30 | 000,046,080 | ---- | C] () --
C:\WINDOWS\System32\LFTIF60N.DLL
[1999.01.19 15:18:30 | 000,043,008 | ---- | C] () --
C:\WINDOWS\System32\LTFIL60N.DLL
[1999.01.19 15:18:30 | 000,020,480 | ---- | C] () --
C:\WINDOWS\System32\LFPSD60N.DLL
[1999.01.19 15:18:30 | 000,019,968 | ---- | C] () --
C:\WINDOWS\System32\LFTGA60N.DLL
[1999.01.19 15:18:30 | 000,019,456 | ---- | C] () --
C:\WINDOWS\System32\LFWPG60N.DLL
[1999.01.19 15:18:30 | 000,019,456 | ---- | C] () --
C:\WINDOWS\System32\LFWMF60N.DLL
[1999.01.19 15:18:28 | 000,176,128 | ---- | C] () --
C:\WINDOWS\System32\LFFAX60N.DLL
[1999.01.19 15:18:28 | 000,141,824 | ---- | C] () --
C:\WINDOWS\System32\LFCMP60N.DLL
[1999.01.19 15:18:28 | 000,023,552 | ---- | C] () --
C:\WINDOWS\System32\LFPCX60N.DLL
[1999.01.19 15:18:28 | 000,022,528 | ---- | C] () --
C:\WINDOWS\System32\LFPCT60N.DLL
[1999.01.19 15:18:28 | 000,022,528 | ---- | C] () --
C:\WINDOWS\System32\LFEPS60N.DLL
[1999.01.19 15:18:28 | 000,022,016 | ---- | C] () --
C:\WINDOWS\System32\LFBMP60N.DLL
[1999.01.19 15:18:28 | 000,018,432 | ---- | C] () --
C:\WINDOWS\System32\LFMSP60N.DLL
[1999.01.19 15:18:28 | 000,017,920 | ---- | C] () --
C:\WINDOWS\System32\LFMAC60N.DLL
[1995.02.15 00:11:00 | 000,017,920 | ---- | C] () --
C:\WINDOWS\System32\IMPLODE.DLL ========== LOP Check ==========
[2008.12.09 15:05:09 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search
[2008.12.22 14:12:55 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\Acronis
[2008.12.22 15:51:29 | 000,000,000 | -H-D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011.07.14 14:33:58 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\DatacardService
[2012.01.07 15:06:10 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\DATALINE Office
[2011.01.25 14:48:36 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\DATEV
[2008.12.22 16:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\ISDNWatch
[2011.12.20 16:24:24 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2008.12.22 13:47:55 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\SkyCom
[2008.12.09 15:08:02 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen\All Users\Anwendungsdaten\Temp ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. >
[2009.08.15 12:50:19 | 000,000,000 | ---D | M] --
C:\33556aca7f989cd838626f55
[2008.12.22 15:18:13 | 000,000,000 | ---D | M] -- C:\alt
[2008.12.22 14:24:49 | 000,000,000 | ---D | M] -- C:\alte
[2011.01.25 15:14:32 | 000,000,000 | ---D | M] -- C:\BACKUP
[2009.06.30 17:11:06 | 000,000,000 | ---D | M] -- C:\CloneDVDTemp
[2012.01.06 20:09:47 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.01.25 14:54:56 | 000,000,000 | ---D | M] -- C:\DATEV
[2012.01.06 15:28:53 | 000,000,000 | ---D | M] -- C:\Dokumente und
Einstellungen
[2009.05.26 20:23:10 | 000,000,000 | ---D | M] -- C:\download
[2008.05.21 10:10:06 | 000,000,000 | ---D | M] -- C:\i386
[2008.12.19 10:38:16 | 000,000,000 | ---D | M] -- C:\inst
[2008.12.09 15:03:27 | 000,000,000 | ---D | M] -- C:\Intel
[2012.01.06 17:09:56 | 000,000,000 | ---D | M] -- C:\Programme
[2008.12.09 15:35:25 | 000,000,000 | ---D | M] -- C:\RaidTool
[2008.12.16 12:24:21 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2008.12.22 20:49:26 | 000,000,000 | ---D | M] -- C:\Sierra
[2012.01.06 19:14:46 | 000,000,000 | -HSD | M] -- C:\System Volume
Information
[2012.01.06 12:38:31 | 000,000,000 | ---D | M] -- C:\Temp
[2008.12.10 15:38:14 | 000,000,000 | ---D | M] -- C:\Treiber
[2012.01.07 15:13:56 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2008.12.22 21:00:54 | 000,000,000 | ---D | M] -- C:\WINLAB20 < %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: AFD.SYS >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.14 13:00:00 | 000,138,112 | ---- | M] (Microsoft Corporation)
MD5=322D0E36693D6E24A2398BEE62A268CD --
C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=355556D9E580915118CD7EF736653A89 --
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=38D7B715504DA4741DF35E3594FE2099 --
C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=4D43E74F2A1239D53929B82600F1971C --
C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=7618D5218F2A614672EC61A80D854A37 --
C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=7E775010EF291DA96AD17CA4B17137D7 --
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=8D499B1276012EB907E7A9E0F4D8FDA4 --
C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=D6EE6014241D034E63C49A50CB2B442A --
C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation)
MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 --
C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation)
MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation)
MD5=418045A93CD87A352098AB7DABE1B53E --
C:\WINDOWS\system32\dllcache\explorer.exe < MD5 for: IPSEC.SYS >
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation)
MD5=23C74D75E36E7158768DD63D92789A91 --
C:\WINDOWS\system32\dllcache\ipsec.sys
[2008.04.14 13:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation)
MD5=23C74D75E36E7158768DD63D92789A91 --
C:\WINDOWS\system32\drivers\ipsec.sys < MD5 for: REGEDIT.EXE >
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation)
MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\i386\REGEDIT.EXE
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation)
MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation)
MD5=AD9226BF3CED13636083BB9C76E9D2A2 --
C:\WINDOWS\system32\dllcache\regedit.exe < MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation)
MD5=788F95312E26389D596C0FA55834E106 --
C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation)
MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE >
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] ()
MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes'
Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation)
MD5=F09A527B422E25C478E38CAA0E44417A --
C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation)
MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe <
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23
15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe
ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On
SubSystemType=Windows ServerDll=basesrv,1
ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off
MaxRequestThreads=16 <
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
> <
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto
Update\Results\Install\\LastSuccessTime: 2011-12-14 17:24:20 ========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\WINDOWS:CA59BB5B2E71B7B7
< End of report > --- --- ---
[/code]
Malwarebytes log Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.07.03
Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
Administrator :: NAME-xxx [administrator]
07.01.2012 15:39:57
mbam-log-2012-01-07 (15-39-57).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System |
Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 300447
Time elapsed: 24 minute(s), 16 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end) Der Log vom ESET folgt, wenn erstellt.
MAM Log, war nur noch dieser vorhanden. |