Programme starten nicht mehr: Meldung:C:\WINDOWS\system32\rundll3 |
||
---|---|---|
#0
| ||
12.12.2011, 19:08
...neu hier
Beiträge: 5 |
||
|
||
12.12.2011, 22:24
Moderator
Beiträge: 5694 |
#2
Herzlich Willkommen auf dem Protecus Forum
Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden. • Bitte arbeite alle Schritte der Reihe nach ab. • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben. • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst. • Bitte kein Crossposting (posten in mehreren Foren). • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert. • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst. • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten. Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist. Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Teatimer abstellen Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung. Schritt 2 Downloade Dir bitte Malwarebytes • Installiere das Programm in den vorgegebenen Pfad. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen. • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen. • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl. • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread. • Nachträglich kannst du den Bericht unter "Log Dateien" finden. Schritt 3 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop • Starte bitte die OTL.exe. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Kopiere nun den Inhalt in die Textbox. Code activex• Schliesse bitte nun alle Programme. (Wichtig) • Klicke nun bitte auf den Quick Scan Button. • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread |
|
|
||
13.12.2011, 20:51
...neu hier
Themenstarter Beiträge: 5 |
#3
Zuerst mal danke für die Antwort
Ich kann leider nicht in den Thred antworten, erscheind ein Fehler "Du kannst diesen Post nicht mehr editieren. (Zeitlimit überschritten) " Deshalb werde ich hier weiter machen. Malwarebytes Logfile Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8365 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 13.12.2011 20:44:41 mbam-log-2011-12-13 (20-44-41).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 178442 Laufzeit: 8 Minute(n), 57 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 97 Infizierte Registrierungswerte: 5 Infizierte Dateiobjekte der Registrierung: 6 Infizierte Verzeichnisse: 22 Infizierte Dateien: 23 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{09325003-167C-483d-A4BA-8B3122ABB432} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{F1A1892C-2A6C-4817-98B4-FF81443CBA20} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{E25DA6D6-C365-46CF-ABAF-DC5893135D7A} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbGuru.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbGuru (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{100EB1FD-D03E-47fd-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{E343EDFC-1E6C-4cb5-AA29-E9C922641C80} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{D8560AC2-21B5-4C1A-BDD4-BD12BC83B082} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{20EA9658-6BC3-4599-A87D-6371FE9295FC} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{2721A8E5-BFDB-4562-9912-9E0531CA616C} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{5FE0CEAE-CB69-40af-A323-40F94257DACB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{65A16874-2ED0-460E-A547-5FE2EC3A13A7} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaPSExecuter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{396CFC12-932D-496b-A0A8-5D7201E105E1} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{573F4ABB-A1A2-44ed-9BA9-A8DAD40AAC46} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{71E02280-5212-45C3-B174-4D5A35DA254F} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.MozillaNvgtnTrpr (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{60DA826C-B1C6-4358-BDEC-4837CED45470} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.KOPFF.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.KOPFF (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{6DD76B7B-6423-4df0-9A07-84A6CAD973A0} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Dwnldr.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Dwnldr (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{74C22317-5B90-471f-9AD2-FEC049870A16} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Scopes.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Scopes (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{7F6CFB6A-9227-4bb8-B941-F2B067E76F51} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiateOrRandomTS (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A16AD1E9-F69A-45af-9462-B1C286708842} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{AB0EE208-DF60-4fa7-A617-C4269760033E} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Reporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C1089F63-7AFC-4538-B0EB-BEA0F4225A57} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.Stock (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{C9CCBB35-D123-4a31-AFFC-9B2933132116} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CC7BD6F1-565C-47ce-A5BB-9C935E77B59D} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{02AED140-2B62-4B49-8B3B-179020CC39B9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{17BF1E05-C0E8-413C-BD1F-A481EEA3B8E9} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDic (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{CFC16189-8A92-4a29-A940-60248385F426} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.CntntDisp (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{DEE758B4-C3FB-4a5b-9939-848B9C77A2FB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E12AEAB6-7D12-4c07-8E36-5892EFB4DAFB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerImmidiate (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{E2F2C137-A782-4fb5-81AF-086156F5EB0A} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.AsyncReporter (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{F1D06C9F-51F0-4476-BEDE-5DDF91BE304E} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.ReportData.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.ReportData (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{F3A32DF2-7413-4fb1-B575-1AC920A17B76} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay.1 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ShopperReports.TriggerOnceInDay (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{CDCA70D8-C6A6-49EE-9BED-7429D6C477A2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8AD9AD05-36BE-4E40-BA62-5422EB0D02FB} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{D136987F-E1C4-4CCC-A220-893DF03EC5DF} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4A02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\AH (Rogue.MultipleAV) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShopperReportsSA (Adware.ShopperReports) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\ah\Content Type (Rogue.MultipleAV) -> Value: Content Type -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790775B676545336A198 (Malware.Trace) -> Value: SRS_IT_E8790775B676545336A198 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions\ShopperReports@ShopperReports.com (ShopperReports) -> Value: ShopperReports@ShopperReports.com -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: HKEY_CLASSES_ROOT\.exe\(default) (PUM.HijackExefiles) -> Bad: (ah) Good: (exefile) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\crb.exe" -a "C:\Programme\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully. Infizierte Verzeichnisse: c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\db (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\dwld (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\report (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\res1 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0 (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\all users\startmenü\programme\shopperreports (Adware.ShopperReports) -> Quarantined and deleted successfully. Infizierte Dateien: c:\programme\shopperreports3\bin\3.0.517.0\cntntcntr.dll (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\Firefox\cs\res1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\Config.xml (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\db\Aliases.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\db\Sites.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\dwld\whitelist.xip (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\report\aggr_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\report\send_storage.xml (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\admin\anwendungsdaten\shopperreports3\IE\cs\res1\whitelist.dbs (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\link.ico (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome.manifest (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\install.rdf (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\chrome\firefoxtoolbar.jar (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\programme\shopperreports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.xpt (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\all users\startmenü\programme\shopperreports\About Us.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\all users\startmenü\programme\shopperreports\customer support.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. c:\dokumente und einstellungen\all users\startmenü\programme\shopperreports\shopperreports uninstall instructions.lnk (Adware.ShopperReports) -> Quarantined and deleted successfully. OTL.TXT OTL logfile created on: 13.12.2011 21:08:39 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1023.48 Mb Total Physical Memory | 395.02 Mb Available Physical Memory | 38.60% Memory free 2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.49% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97.65 Gb Total Space | 19.81 Gb Free Space | 20.28% Space Free | Partition Type: NTFS Drive E: | 479.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 127.99 Gb Total Space | 18.50 Gb Free Space | 14.45% Space Free | Partition Type: NTFS Drive G: | 698.63 Gb Total Space | 596.72 Gb Free Space | 85.41% Space Free | Partition Type: NTFS Drive H: | 1.94 Gb Total Space | 1.91 Gb Free Space | 98.10% Space Free | Partition Type: FAT Drive J: | 232.88 Gb Total Space | 199.39 Gb Free Space | 85.62% Space Free | Partition Type: NTFS Computer Name: ZOLLET-SRJBT7G7 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2011.12.13 20:59:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL (1).exe PRC - [2011.11.15 06:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.19 16:56:04 | 000,047,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\updrgui.exe PRC - [2011.10.19 16:56:03 | 000,577,488 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\update.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.05.25 08:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.02.15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2010.05.21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe PRC - [2010.02.18 11:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.09.13 15:54:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe PRC - [2007.04.23 04:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2007.04.11 15:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.exe PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2011.11.15 06:39:54 | 000,420,920 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll MOD - [2011.11.15 06:39:53 | 003,702,840 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll MOD - [2011.11.15 06:38:16 | 000,122,952 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\avutil-51.dll MOD - [2011.11.15 06:38:15 | 000,222,280 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\avformat-53.dll MOD - [2011.11.15 06:38:14 | 001,746,504 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\avcodec-53.dll MOD - [2011.11.15 03:36:18 | 008,593,056 | ---- | M] () -- C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll MOD - [2011.10.19 16:56:01 | 000,133,584 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\scewxmlw.dll MOD - [2011.05.04 23:02:46 | 001,123,432 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvwimg.dll MOD - [2011.05.04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nvShell.dll MOD - [2011.05.04 23:02:42 | 001,558,120 | ---- | M] () -- C:\Programme\NVIDIA Corporation\nView\nView.dll MOD - [2011.02.15 02:33:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.02.15 02:32:52 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.11.03 16:52:20 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007.09.13 15:54:10 | 000,643,142 | ---- | M] () -- C:\WINDOWS\aticlocklib.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.05.25 08:25:59 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2007.09.13 15:54:10 | 000,258,560 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService) SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - [2011.12.09 19:54:51 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2010.09.03 09:20:18 | 006,139,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.08 19:30:10 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2010.03.04 11:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2010.03.04 11:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2009.11.18 00:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 00:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.11.12 13:48:56 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx) DRV - [2008.04.14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2007.09.13 15:54:14 | 000,012,416 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asusgsb.sys -- (asusgsb) DRV - [2007.09.13 15:54:14 | 000,010,752 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Video3D32.sys -- (Video3D) DRV - [2007.09.13 15:54:12 | 000,012,288 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO) DRV - [2007.09.13 15:54:10 | 000,011,136 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt) DRV - [2007.04.11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2007.04.11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007.04.11 15:32:30 | 000,020,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2007.01.29 17:12:52 | 000,018,432 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AsusVRC.sys -- (ASUSVRC) DRV - [2006.08.14 14:51:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\nvata.sys -- (nvata) DRV - [2001.08.18 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb) DRV - [2001.08.18 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx) DRV - [2001.08.18 04:33:54 | 000,908,352 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "Bing" FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.ch/" FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3 FF - prefs.js..extensions.enabledItems: finderquery@finderquery.com:1.5 FF - prefs.js..extensions.enabledItems: ShopperReports@ShopperReports.com:3.0.517.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "http://finderquery.com/?clid=85f1efa2d3144a74a4606f9658e3bd4f&prt=finderquerybho3ff&tmp=karmaklick_results_v3&keywords=" FF - prefs.js..keyword.enabled: false FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\html5video [2011.03.26 17:25:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Programme\DivX\DivX Plus Web Player\firefox\wpa [2011.03.26 17:25:16 | 000,000,000 | ---D | M] [2010.11.26 17:32:44 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Extensions [2011.12.10 20:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\mc5gjktv.default\extensions [2010.12.05 19:17:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\mc5gjktv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.11.16 20:16:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\mc5gjktv.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.12.10 20:48:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\mc5gjktv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.07.23 14:03:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\mc5gjktv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.05.15 19:56:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\mc5gjktv.default\extensions\engine@conduit.com [2010.12.11 13:11:25 | 000,001,819 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\mc5gjktv.default\searchplugins\bing.xml [2011.11.13 20:44:59 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.12 21:35:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.03.21 20:15:35 | 000,000,000 | ---D | M] (FinderQuery Extension) -- C:\Programme\Mozilla Firefox\extensions\finderquery@finderquery.com [2011.03.26 17:25:16 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video> -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.03.26 17:25:16 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAMME\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2010.12.12 21:35:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF File not found (No name found) -- C:\PROGRAMME\SHOPPERREPORTS3\BIN\3.0.517.0\FIREFOX\FIREFOXTOOLBAR\EXTENSIONS [2010.12.12 21:35:17 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [color=#E56717]========== Chrome ==========[/color] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Programme\Google\Chrome\Application\15.0.874.121\pdf.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: NPCIG.dll (Enabled) = C:\Programme\Canon\ZoomBrowser EX\Program\NPCIG.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Programme\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: DivX HiQ = C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2011.05.07 14:27:45 | 000,001,817 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 adobe.activate.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 5 more lines... O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [DriverScanner] "C:\Programme\Uniblue\DriverScanner\launcher.exe" delay 20000 File not found O4 - Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1290631781452 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1290631890499 (MUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1AB0438-27C5-443E-969D-48D32305FBA1}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.11.24 20:25:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001.08.18 13:00:00 | 000,000,112 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2010.02.18 20:05:59 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.03.01 15:10:30 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ] O32 - Unable to obtain root file information for disk G:\ O33 - MountPoints2\{cc3e0d06-3ec1-11e0-9a75-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{cc3e0d06-3ec1-11e0-9a75-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{cc3e0d06-3ec1-11e0-9a75-806d6172696f}\Shell\AutoRun\command - "" = H:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - DOTNETFRAMEWORKS ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - File not found NetSvcs: HidServ - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2011.12.13 21:00:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL (1).exe [2011.12.13 20:24:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Malwarebytes [2011.12.13 20:23:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2011.12.13 20:23:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2011.12.13 20:23:28 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2011.12.13 20:23:28 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.12.12 19:37:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\admin\Desktop\HijackThis.exe [2011.12.12 17:24:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WiseFixer [2011.12.10 20:48:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft [2011.12.08 22:18:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy [2011.12.06 20:47:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Desktop\rails [2011.12.05 21:34:26 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft [2011.11.28 20:45:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Opera [2011.11.28 20:45:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Opera [2011.11.28 20:45:30 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2011.11.26 22:27:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.26 12:19:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Avira [2011.11.26 12:12:20 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software [2011.11.26 12:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2011.11.26 12:10:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira [2011.11.26 12:10:28 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys [2011.11.26 12:10:26 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.11.26 12:10:26 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2011.11.26 12:10:26 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys [2011.11.26 12:10:25 | 000,000,000 | ---D | C] -- C:\Programme\Avira [2011.11.26 12:10:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2011.11.16 19:01:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Apple Computer [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2011.12.13 21:02:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.12.13 21:02:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.12.13 20:59:27 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\admin\Desktop\OTL (1).exe [2011.12.13 20:32:45 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.12.13 20:23:33 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.13 19:59:11 | 000,013,002 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.12.12 19:00:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\tasks\RMSchedule.job [2011.12.12 17:35:41 | 000,000,468 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WiseFixer.lnk [2011.12.11 21:49:21 | 000,011,672 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\absenz...odt [2011.12.11 21:28:50 | 000,000,524 | ---- | M] () -- C:\hpfr5550.xml [2011.12.09 19:54:51 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.12.09 18:36:57 | 000,014,402 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\miy712fu1rox4 [2011.12.09 18:36:57 | 000,014,402 | -HS- | M] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\miy712fu1rox4 [2011.12.05 21:36:51 | 000,000,906 | ---- | M] () -- C:\Dokumente und Einstellungen\admin\Desktop\DVDVideoSoft Free Studio.lnk [2011.11.30 16:11:40 | 000,138,160 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011.11.30 16:11:33 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2011.11.29 21:40:56 | 000,271,200 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0 [2011.11.28 20:45:38 | 000,001,456 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2011.11.27 20:18:05 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2011.11.26 22:29:05 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2011.11.26 12:10:44 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2011.11.19 17:34:50 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk [2011.11.16 19:04:35 | 000,019,560 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2011.12.13 20:23:33 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.12 17:24:27 | 000,000,468 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\WiseFixer.lnk [2011.12.11 21:49:19 | 000,011,672 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Eigene Dateien\absenz...odt [2011.12.08 20:46:14 | 000,014,402 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\miy712fu1rox4 [2011.12.08 20:46:14 | 000,014,402 | -HS- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\miy712fu1rox4 [2011.12.05 21:36:51 | 000,000,906 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Desktop\DVDVideoSoft Free Studio.lnk [2011.11.28 20:45:38 | 000,001,462 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk [2011.11.28 20:45:38 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2011.11.26 22:29:04 | 000,002,347 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk [2011.11.26 22:29:04 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk [2011.11.26 12:10:43 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk [2011.07.09 15:54:01 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.06.01 20:03:41 | 000,035,802 | ---- | C] () -- C:\WINDOWS\p69-a6b-Do21159.dll [2011.05.11 17:46:31 | 000,035,802 | ---- | C] () -- C:\WINDOWS\p69-a6b-21159.dll [2011.05.10 16:58:12 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2011.05.10 16:45:20 | 000,000,076 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2011.05.01 12:16:18 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\setup_ldm.iss [2011.03.25 21:27:10 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2011.03.13 16:07:19 | 000,138,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011.03.13 16:07:19 | 000,022,328 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\PnkBstrK.sys [2011.03.13 16:07:06 | 000,271,200 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2011.03.13 16:06:50 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2011.03.13 16:06:49 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2010.12.12 19:55:55 | 000,019,560 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.11.30 18:31:55 | 000,027,648 | ---- | C] () -- C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.29 21:45:35 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2010.11.26 17:32:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.11.25 22:05:22 | 000,274,224 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2010.11.25 22:05:20 | 000,274,232 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2010.11.25 22:05:20 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2010.11.25 20:07:06 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin [2010.11.24 21:25:37 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2010.11.24 21:25:23 | 000,643,142 | ---- | C] () -- C:\WINDOWS\aticlocklib.dll [2010.11.24 21:25:23 | 000,196,653 | ---- | C] () -- C:\WINDOWS\System32\drivers\aVivid.bin [2010.11.24 21:25:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nVivid.bin [2010.11.24 21:25:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nStandard.bin [2010.11.24 21:25:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAsmedia.bin [2010.11.24 21:25:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\nAdvanced.bin [2010.11.24 21:25:23 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAdvanced.bin [2010.11.24 21:25:23 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aStandard.bin [2010.11.24 21:25:23 | 000,196,582 | ---- | C] () -- C:\WINDOWS\System32\drivers\aAsmedia.bin [2010.11.24 21:25:23 | 000,110,592 | ---- | C] () -- C:\WINDOWS\R5ClkLib.dll [2010.11.24 21:25:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\HyperDrive.exe [2010.11.24 21:25:23 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini [2010.11.24 21:25:22 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.11.24 21:25:22 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.11.24 21:25:22 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\asfrench.dll [2010.11.24 21:25:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asrussian.dll [2010.11.24 21:25:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\asgerman.dll [2010.11.24 21:25:22 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\aseng.dll [2010.11.24 21:25:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\askorean.dll [2010.11.24 21:25:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\asjapan.dll [2010.11.24 21:25:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\ASCHT.dll [2010.11.24 21:25:22 | 000,045,568 | ---- | C] () -- C:\WINDOWS\System32\aschs.dll [2010.11.24 20:26:16 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2010.11.24 20:22:58 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2010.11.24 20:13:08 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2010.11.24 20:11:47 | 000,124,520 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007.09.16 18:07:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2004.10.11 11:19:00 | 000,092,672 | ---- | C] () -- C:\WINDOWS\System32\ASUSASV2.DLL [2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2001.08.18 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2001.08.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2001.08.18 13:00:00 | 000,515,730 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2001.08.18 13:00:00 | 000,492,614 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2001.08.18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2001.08.18 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2001.08.18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2001.08.18 13:00:00 | 000,100,120 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2001.08.18 13:00:00 | 000,083,262 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2001.08.18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2001.08.18 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2001.08.18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2001.08.18 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2001.08.18 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2001.08.18 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [color=#E56717]========== LOP Check ==========[/color] [2010.11.29 21:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Canneverbe Limited [2010.12.11 13:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Canon [2011.05.10 18:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\com.adobe.downloadassistant.AdobeDownloadAssistant [2011.03.26 17:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DDMSettings [2011.12.10 20:48:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoft [2011.02.24 21:25:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\DVDVideoSoftIEHelpers [2011.05.20 20:13:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\GetRightToGo [2011.08.24 20:09:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\gtk-2.0 [2011.05.10 17:27:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\GuthCAD [2010.11.24 21:44:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\InterTrust [2011.07.16 22:53:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\nView_Wallpaper [2010.12.12 21:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OpenOffice.org [2011.11.28 20:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Opera [2011.11.28 20:34:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\PriceGong [2011.03.04 19:55:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Publish Providers [2011.04.09 18:15:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Shareaza [2011.06.16 19:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Soft Gold [2011.03.04 19:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Sony [2010.11.29 21:26:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Uniblue [2011.11.29 21:07:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\admin\Anwendungsdaten\uTorrent [2011.11.27 20:18:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2010.11.29 21:45:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010.12.05 19:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters [2011.03.03 21:41:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2011.04.09 23:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2010.12.05 19:51:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UAB [2010.11.26 18:12:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.12.12 19:00:00 | 000,000,246 | ---- | M] () -- C:\WINDOWS\Tasks\RMSchedule.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] [2010.12.02 20:42:15 | 000,000,000 | ---D | M] -- C:\97aece48fada54bcd249eae7ba9a0ad8 [2011.11.28 19:55:40 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.04.24 14:56:27 | 000,000,000 | ---D | M] -- C:\ConversionOutput [2011.07.09 15:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2010.11.25 22:04:32 | 000,000,000 | ---D | M] -- C:\NVIDIA [2011.02.22 21:26:29 | 000,000,000 | ---D | M] -- C:\Program Files [2011.12.13 20:44:40 | 000,000,000 | R--D | M] -- C:\Programme [2010.11.25 19:52:19 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2010.11.25 18:05:58 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.08 21:45:36 | 000,000,000 | ---D | M] -- C:\WINDOWS [color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] Invalid Environment Variable: LOCALAPPDATA [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004.08.04 08:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] [2004.08.04 00:58:10 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2004.08.04 08:58:09 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2004.08.04 08:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\userinit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2004.08.04 08:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\SoftwareDistribution\Download\84e71ea11258afcace4e790f6b073745\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-28 17:01:30 [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 16 bytes -> C:\Dokumente und Einstellungen\admin\Eigene Dateien\Shareaza Downloads:Shareaza.GUID @Alternate Data Stream - 104 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP1B5B4F1 < End of report > [b]Extras.Txt OTL Extras logfile created on: 13.12.2011 21:08:39 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\admin\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy 1023.48 Mb Total Physical Memory | 395.02 Mb Available Physical Memory | 38.60% Memory free 2.40 Gb Paging File | 1.69 Gb Available in Paging File | 70.49% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 97.65 Gb Total Space | 19.81 Gb Free Space | 20.28% Space Free | Partition Type: NTFS Drive E: | 479.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive F: | 127.99 Gb Total Space | 18.50 Gb Free Space | 14.45% Space Free | Partition Type: NTFS Drive G: | 698.63 Gb Total Space | 596.72 Gb Free Space | 85.41% Space Free | Partition Type: NTFS Drive H: | 1.94 Gb Total Space | 1.91 Gb Free Space | 98.10% Space Free | Partition Type: FAT Drive J: | 232.88 Gb Total Space | 199.39 Gb Free Space | 85.62% Space Free | Partition Type: NTFS Computer Name: ZOLLET-SRJBT7G7 | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [MediaMonkey.1Play] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.) Directory [MediaMonkey.2PlayNext] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.) Directory [MediaMonkey.3Enqueue] -- "C:\Programme\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNetisabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNetisabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNetisabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNetisabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.) "C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- () "C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabledaemonu.exe -- (NVIDIA Corporation) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0AEAD68A-813F-4CF0-9929-77F02D27F665}" = 3DCrafter "{0D71EC64-26F3-4622-B01C-8311DB5303A8}" = A9Converter "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint "{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Gamer OSD "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.22 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{56415658-366E-4E28-A6BD-68EC63E560E0}" = Vegas Pro 9.0 "{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{66336E9B-5482-B5FB-94F0-405874EE3541}" = Adobe Download Assistant "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer "{900C2AB5-3F37-4F84-B58C-893FA5F42D7D}_is1" = WiseFixer 3.5 "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update "{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2 "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{F0207194-35B9-4476-B02E-395EE52B5960}" = ASUS nVidia Driver "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes "{F784C4A8-2D71-4376-9E47-F9F8AABC377E}" = ASUS Utilities "Adobe Acrobat 5.0" = Adobe Acrobat 5.0 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Aide PDF to DXF Converter_is1" = Aide PDF to DXF Converter 9.6 "ASIO4ALL" = ASIO4ALL "Avira AntiVir Desktop" = Avira Free Antivirus "CAD Viewer 9.0" = CAD Viewer 9.0 "CadStd" = CadStd "CAL" = Canon Camera Access Library "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX "CameraWindowLauncher" = Canon Utilities CameraWindow "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "CSCLIB" = Canon Camera Support Core Library "DivX Setup.divx.com" = DivX-Setup "DPP" = Canon Utilities Digital Photo Professional 3.7 "Drumaxx" = Drumaxx "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "EOS Utility" = Canon Utilities EOS Utility "FL Studio 9" = FL Studio 9 "Free Studio_is1" = Free Studio version 5.3.1 "gCAD3D" = gCAD3D 1.60-win32 "Google Chrome" = Google Chrome "Hardcore" = Hardcore "HijackThis" = HijackThis 2.0.2 "hp deskjet 5550 series_Driver" = hp deskjet 5550 series "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "IL Download Manager" = IL Download Manager "IL DrumSynth Live" = IL DrumSynth Live "IL Gross Beat" = IL Gross Beat "IL Harmless" = IL Harmless "InstallShield_{7A529246-912F-4C40-A82A-E608DB702FD7}" = ASUS VideoSecurity Online "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300 "McAfee Security Scan" = McAfee Security Scan Plus "MediaMonkey_is1" = MediaMonkey 3.2 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Morphine" = Morphine "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MyCamera" = Canon Utilities MyCamera "N.I Pro-53 v3.0-OxYGeN" = N.I Pro-53 v3.0-OxYGeN "Native Instruments Pro-53 Demo" = Native Instruments Pro-53 Demo "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA Drivers" = NVIDIA Drivers "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager "Opera 11.52.1100" = Opera 11.52 "Original Data Security Tools" = Canon Utilities Original Data Security Tools "PDF-XChange 3_is1" = PDF-XChange 3 "PhotoStitch" = Canon Utilities PhotoStitch "Picture Style Editor" = Canon Utilities Picture Style Editor "PoiZone" = PoiZone "pstoedit and importps_is1" = pstoedit and importps 3.45 "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX "Sakura" = Sakura "Sawer" = Sawer "Toxic Biohazard" = Toxic Biohazard "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "WFTK" = Canon Utilities WFT-E1/E2/E3/E4/E5 Utility "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.00 (32-Bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "xvid" = XviD MPEG-4 Video Codec "Xvid_is1" = Xvid 1.2.1 final uninstall "Yahoo! Companion" = Yahoo! Companion "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility [color=#E56717]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 13.12.2011 16:13:24 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.12.2011 16:13:24 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131083 Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 13.12.2011 16:13:25 | Computer Name = ZOLLET-SRJBT7G7 | Source = crypt32 | ID = 131080 Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer von <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> ist fehlgeschlagen mit dem Fehler: Der angegebene Server kann den angeforderten Vorgang nicht ausführen. . [ System Events ] Error - 09.12.2011 16:35:30 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 09.12.2011 17:35:29 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 09.12.2011 18:35:30 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 10.12.2011 16:49:43 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 12.12.2011 13:05:10 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 12.12.2011 14:05:10 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 12.12.2011 15:05:10 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 12.12.2011 16:05:11 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 12.12.2011 17:04:44 | Computer Name = ZOLLET-SRJBT7G7 | Source = nvgts | ID = 262149 Description = Ein Paritätsfehler wurde auf \Device\Scsi\nvgts1 gefunden. Error - 13.12.2011 16:02:30 | Computer Name = ZOLLET-SRJBT7G7 | Source = Service Control Manager | ID = 7026 Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen: nvata < End of report > Dieser Beitrag wurde am 13.12.2011 um 21:29 Uhr von bubble1 editiert.
|
|
|
||
14.12.2011, 19:01
Moderator
Beiträge: 5694 |
#4
Zitat O1 - Hosts: 127.0.0.1 activate.adobe.comWas ist das?!!! |
|
|
||
14.12.2011, 20:48
...neu hier
Themenstarter Beiträge: 5 |
#5
Gute frage, das weis ich auch nicht.
|
|
|
||
15.12.2011, 15:08
Moderator
Beiträge: 5694 |
#6
Hattest Du Adobe Photoshop auf dem System?
|
|
|
||
16.12.2011, 18:03
...neu hier
Themenstarter Beiträge: 5 |
#7
Nein, hab ich nicht, aber denn Adobe Reader X und Adobe Download Assistend.
|
|
|
||
18.12.2011, 19:39
Moderator
Beiträge: 5694 |
#8
Kommt die Meldung noch?
|
|
|
||
19.12.2011, 19:10
...neu hier
Themenstarter Beiträge: 5 |
#9
hab noch ein paar scanns mit antivirus programm gemacht, und siehe da der pc läuft wieder.
|
|
|
||
19.12.2011, 22:06
Moderator
Beiträge: 5694 |
#10
Was für Scans?
|
|
|
||
Ich habe vor einiger Zeit eine Virus eingefangen, und diesen mit Antivirenschutz entvernt. Seiter arbeiten meine Programme nicht mehr ordentlich. in einigen fällen erhalte ich die Meldung:C:\WINDOWS\system32\rundll32.exe Anwendung nicht gefunden:
Kann mir bitte jemand helfen?
Dieses Problem wurde in diesem Forum schon einmal erwänd.
Hier der Link: http://board.protecus.de/t19053.htm
Da das Thema bereits geschlossen ist, hab ich ein neues erstellt.