| |
| |||||||
Log-Analyse und Auswertung: Über 120 verschiedene Viren auf dem PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
| |
17.09.2011, 11:10
| #1 |
| |  Über 120 verschiedene Viren auf dem PC Hallo liebes Trojaner Board! Seit geraumer Zeit hat der PC meiner kleinen Schwester ein Virenproblem, um das sich nie wirklich jemand gekümmert hat. Die Viren wurden immer nur bei Avira in Quarantäne verschoben. Seit ein paar Wochen kommen aber täglich etwa 6-7 neue Viren hinzu. Das ist durch das Surfverhalten meiner Schwester aber keinesfalls zu erklären - sie ist da ziemlich vorsichtig... Da es aber mittlerweile weit über 120 Viren sind, würden wir uns freuen, wenn mal jemand drübergucken könnte, der etwas davon versteht  Problem ist, dass ich keine Liste der Viren posten kann, weil mein Vater kurzerhand die gesamte Quarantäne gelöscht hat. -.- Allerdings habe ich schonmal alle beschriebenen Scans gemacht und hoffe, dass das ein wenig hilft:OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.09.2011 11:29:36 - Run 1 OTL by OldTimer - Version 3.2.28.0 Folder = C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1023,48 Mb Total Physical Memory | 495,93 Mb Available Physical Memory | 48,45% Memory free 2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,54% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 93,89 Gb Total Space | 50,62 Gb Free Space | 53,92% Space Free | Partition Type: FAT32 Drive D: | 92,38 Gb Total Space | 87,70 Gb Free Space | 94,94% Space Free | Partition Type: FAT32 Computer Name: FRANK | User Name: Aileen | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia) PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\devolo\dlan\devolonetsvc.exe () PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola) PRC - C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) PRC - C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) PRC - C:\Acer\PSM.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\devolo\dlan\devolonetsvc.exe () MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll () MOD - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU () MOD - C:\Acer\PSM.exe () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\WinZip\WZSHLEXT.DLL () ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (DevoloNetworkService) -- C:\Programme\devolo\dlan\devolonetsvc.exe () SRV - (ServiceLayer) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe () SRV - (NasPmService) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (NPF_devolo) NetGroup Packet Filter Driver (devolo) -- C:\WINDOWS\system32\drivers\npf_devolo.sys (CACE Technologies) DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia) DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia) DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia) DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (IrBus) -- C:\WINDOWS\system32\drivers\IrBus.sys (Microsoft Corporation) DRV - (NEOFLTR_600_12733) Juniper Networks TDI Filter Driver (NEOFLTR_600_12733) -- C:\WINDOWS\system32\drivers\NEOFLTR_600_12733.sys (Juniper Networks) DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation) DRV - (RTL8023) -- C:\WINDOWS\system32\drivers\Rtlnic51.sys (Realtek Semiconductor Corporation ) DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology) DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider) DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology) DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.4: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.08 18:01:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.01 11:19:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.08.12 13:29:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.08.12 13:29:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Programme\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.01 11:19:56 | 000,000,000 | ---D | M] [2010.08.12 13:29:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.05.04 08:47:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.17 09:09:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.09.11 12:01:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:24 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll [2011.09.05 12:22:10 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml [2011.09.05 12:22:10 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.05 12:22:10 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.05 12:22:10 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2011.09.05 12:22:10 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2011.09.05 12:22:10 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml O1 HOSTS File: ([2004.08.10 20:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - No CLSID value found. O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found. O2 - BHO: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - No CLSID value found. O3: - HKCU\..\Toolbar\ShellBrowser - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\ALCWZRD.EXE (RealTek Semicoductor Corp.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [MPS] C:\Acer\PSM.exe () O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [Verknüpfung mit der High Definition Audio-Eigenschaftenseite] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ6\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ6\ICQ.exe File not found O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\DLink\Bluetooth Software\btsendto_ie.htm File not found O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\DLink\Bluetooth Software\btsendto_ie.htm File not found O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Programme\PartyGaming.Net\PartyPokerNet\RunPF.exe File not found O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Programme\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Juniper Networks\Secure Application Manager\samnsp.dll (Juniper Networks) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .csm - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .csml - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .cub - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .cube - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .dx - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .emb - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .embl - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .gau - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .jdx - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .mol - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .mop - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .pdb - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .rxn - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .scr - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .skc - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .spt - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .tgf - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O12 - Plugin for: .xyz - C:\Programme\Internet Explorer\PLUGINS\npchime.dll (MDL Information Systems, Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1207586854656 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} hxxp://arcade.icq.com/carlo/zuma/popcaploader_v5.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://portal.postbank.de/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://portal.postbank.de/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BDFC7388-8FA9-4F62-BE97-91B06C031F7C}: NameServer = 192.168.2.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/html - No CLSID value found O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.11.10 11:20:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904) ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1 ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906) ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447) ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494) ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3 ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE ActiveX: Microsoft Base Smart Card Crypto Provider Package - NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Programme\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Programme\Gemeinsame Dateien\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.17 11:20:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Windows Search [2011.09.17 11:14:17 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop\OTL.exe [2011.09.17 11:05:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Avira [2011.09.17 10:49:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Adobe [2011.09.17 10:49:26 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\PrivacIE [2011.09.17 10:49:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Apple Computer [2011.09.17 10:49:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Lokale Einstellungen\Anwendungsdaten\Apple Computer [2011.09.17 10:48:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\PC Suite [2011.09.12 21:41:41 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\IETldCache [2011.09.12 21:41:28 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Microsoft [2011.09.12 21:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\You've Got Pictures Screensaver [2011.09.12 21:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Symantec [2011.09.12 21:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Sun [2011.09.12 21:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Macromedia [2011.09.12 21:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Identities [2011.09.12 21:41:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\AOL [2011.09.12 21:41:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\SendTo [2011.09.12 21:41:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Recent [2011.09.12 21:41:27 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten [2011.09.12 21:41:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Startmenü\Programme\Zubehör [2011.09.12 21:41:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Favoriten [2011.09.12 21:41:27 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Startmenü\Programme\Autostart [2011.09.12 21:41:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Cookies [2011.09.12 21:41:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Netzwerkumgebung [2011.09.12 21:41:27 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Druckumgebung [2011.09.12 21:41:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop [2011.09.12 21:41:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Startmenü [2011.09.12 21:41:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Eigene Dateien\Eigene Musik [2011.09.12 21:41:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Eigene Dateien [2011.09.12 21:41:26 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Eigene Dateien\Eigene Bilder [2011.09.12 21:41:26 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Vorlagen [2011.09.12 21:41:26 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Lokale Einstellungen [2011.09.12 21:41:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Lokale Einstellungen\Anwendungsdaten\Microsoft [2011.09.12 21:41:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory [2011.09.12 21:41:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Lokale Einstellungen\Anwendungsdaten\{7148F0A6-6813-11D6-A77B-00B0D0142050} [2011.09.11 12:56:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Avira [2005.10.25 19:28:15 | 000,081,920 | ---- | C] (Lime Wire, LLC) -- C:\Programme\LimeWire.exe [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [2 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.17 11:20:58 | 000,002,509 | ---- | M] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop\Microsoft Office Word 2003.lnk [2011.09.17 11:14:20 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop\OTL.exe [2011.09.17 11:12:02 | 000,007,883 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2011.09.17 11:11:56 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.09.17 11:11:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.09.17 11:11:44 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys [2011.09.17 11:10:48 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat [2011.09.17 11:01:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.09.17 10:51:36 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\defogger_reenable [2011.09.17 10:50:56 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop\Defogger.exe [2011.09.17 10:46:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.09.16 08:11:54 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.09.08 21:36:14 | 000,557,320 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.09.08 21:36:14 | 000,506,996 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.09.08 21:36:14 | 000,117,284 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.09.08 21:36:14 | 000,089,790 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.08.27 20:43:14 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011.08.19 17:26:24 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2011.08.19 17:26:24 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ] [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.17 10:51:35 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\defogger_reenable [2011.09.17 10:50:59 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop\Defogger.exe [2011.09.16 08:11:50 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2011.09.12 21:41:46 | 000,000,685 | ---- | C] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Startmenü\Programme\Windows Media Player.lnk [2011.09.12 21:41:29 | 000,001,507 | ---- | C] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Startmenü\Programme\Remoteunterstützung.lnk [2011.09.12 21:41:29 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Startmenü\Programme\Internet Explorer.lnk [2011.09.12 21:41:29 | 000,000,631 | ---- | C] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Startmenü\Programme\Outlook Express.lnk [2011.09.12 21:41:29 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Aileen.FRANK\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2011.08.27 20:43:12 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010.09.22 18:06:57 | 000,062,496 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.06.30 21:45:03 | 000,581,064 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.06.06 18:28:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2009.05.31 15:06:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI [2009.05.31 13:17:16 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InkjetPrinter [2009.05.31 13:17:16 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdw.DAT [2009.05.31 13:17:16 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jingles [2009.05.07 17:15:04 | 000,014,319 | ---- | C] () -- C:\WINDOWS\UN060501.INI [2009.05.07 17:15:04 | 000,004,366 | ---- | C] () -- C:\WINDOWS\UN090415.INI [2008.12.23 17:33:18 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2008.05.26 22:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini [2008.05.26 22:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini [2008.05.26 22:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini [2008.05.26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin [2008.05.26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin [2008.04.15 18:20:15 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2008.03.26 11:29:52 | 000,000,125 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2007.10.05 12:32:52 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\srkey.exe [2007.10.05 12:22:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\fgkey.exe [2007.05.03 22:05:14 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat [2007.04.06 11:41:13 | 000,100,489 | ---- | C] () -- C:\WINDOWS\UninstallFirefox.exe [2007.04.06 11:40:55 | 000,003,224 | ---- | C] () -- C:\WINDOWS\mozver.dat [2007.03.22 20:17:46 | 000,005,152 | ---- | C] () -- C:\WINDOWS\ouwininit.exe [2007.03.14 20:39:22 | 000,000,062 | ---- | C] () -- C:\WINDOWS\psevd.ini [2007.03.14 20:35:10 | 000,000,107 | ---- | C] () -- C:\WINDOWS\addrbook.ini [2007.03.14 20:33:47 | 000,001,293 | ---- | C] () -- C:\WINDOWS\System32\msvtr.dll [2007.03.14 20:33:42 | 000,000,165 | ---- | C] () -- C:\WINDOWS\am3.ini [2007.02.26 19:08:01 | 000,033,533 | ---- | C] () -- C:\WINDOWS\System32\CoreVorbis-uninstall.exe [2006.12.29 17:22:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mngui.INI [2006.12.10 18:53:15 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.09.07 19:03:46 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat [2006.08.19 13:47:43 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL [2006.08.04 16:50:39 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll [2006.08.04 16:50:39 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll [2006.08.04 16:37:52 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll [2006.05.01 18:44:19 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\TXTUSER.EXE [2006.04.08 10:37:55 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.03.05 16:43:31 | 000,000,010 | ---- | C] () -- C:\WINDOWS\smdat32m.sys [2006.03.05 16:43:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\smdat32a.sys [2005.12.26 14:16:19 | 000,000,251 | ---- | C] () -- C:\Programme\wt3d.ini [2005.12.26 13:42:13 | 000,000,071 | ---- | C] () -- C:\WINDOWS\pex.INI [2005.12.26 13:41:05 | 000,000,147 | ---- | C] () -- C:\WINDOWS\Ulead32.ini [2005.12.03 13:35:46 | 000,000,237 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005.11.06 11:35:56 | 000,000,019 | ---- | C] () -- C:\WINDOWS\BibiFerien.ini [2005.09.03 21:11:20 | 000,081,920 | ---- | C] () -- C:\Programme\Unstopcp.exe [2005.01.20 13:14:15 | 000,544,256 | ---- | C] () -- C:\WINDOWS\System32\janGraphics.dll [2005.01.09 19:22:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\WDIRECT.INI [2004.12.30 17:14:58 | 000,000,346 | ---- | C] () -- C:\WINDOWS\Jcmkr32.INI [2004.12.27 17:32:57 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll [2004.12.27 17:32:57 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll [2004.12.27 17:32:57 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll [2004.12.27 17:32:57 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll [2004.12.27 17:32:57 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll [2004.12.27 17:32:57 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll [2004.12.27 17:32:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll [2004.12.27 17:32:57 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll [2004.12.27 17:32:57 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll [2004.12.27 17:32:57 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll [2004.12.27 17:32:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll [2004.12.27 17:32:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll [2004.12.27 17:32:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll [2004.12.27 17:32:57 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll [2004.12.27 17:32:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll [2004.12.27 17:32:57 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll [2004.12.27 17:32:57 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll [2004.12.27 17:32:57 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll [2004.12.27 17:32:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll [2004.12.27 17:32:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll [2004.12.27 17:32:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll [2004.12.27 17:31:00 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat [2004.12.26 14:23:36 | 000,000,015 | ---- | C] () -- C:\WINDOWS\WDZ2.ini [2004.12.26 14:21:00 | 000,000,506 | ---- | C] () -- C:\WINDOWS\MARTIN.ini [2004.12.26 14:17:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\lernpakt.ini [2004.12.26 14:11:26 | 000,000,195 | ---- | C] () -- C:\WINDOWS\MOTORS.INI [2004.12.26 14:06:01 | 000,000,107 | ---- | C] () -- C:\WINDOWS\compedia.ini [2004.12.24 18:30:20 | 000,001,062 | R--- | C] () -- C:\WINDOWS\KochRun.ini [2004.12.24 18:30:19 | 000,823,296 | R--- | C] () -- C:\WINDOWS\KochRun.exe [2004.12.18 18:03:06 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004.12.18 17:54:56 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS1N.DLL [2004.12.18 16:51:22 | 000,000,020 | ---- | C] () -- C:\WINDOWS\InfModM.ini [2004.12.18 16:46:41 | 000,000,015 | ---- | C] () -- C:\WINDOWS\wgedit.ini [2004.12.18 16:44:18 | 000,000,048 | ---- | C] () -- C:\WINDOWS\autmtst.ini [2004.12.18 16:44:12 | 000,126,976 | ---- | C] () -- C:\WINDOWS\autoras.exe [2004.11.10 22:42:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.11.10 11:30:43 | 000,000,347 | ---- | C] () -- C:\WINDOWS\System32\CreMan.ini [2004.11.10 11:27:30 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll [2004.11.10 11:27:06 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2004.11.10 11:27:06 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2004.11.10 11:25:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\RTCOMDLL.dll [2004.11.10 11:25:53 | 000,156,160 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2004.11.10 11:23:09 | 000,008,028 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.11.10 11:23:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE [2004.11.10 11:22:05 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2004.11.10 11:17:00 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2004.11.10 11:15:47 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2004.11.10 11:13:27 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2004.11.10 11:11:56 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004.11.10 11:11:12 | 000,292,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2004.07.18 10:39:45 | 000,061,502 | ---- | C] () -- C:\WINDOWS\System32\ODBCMON.DLL [2004.01.02 17:43:52 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002.10.14 08:11:38 | 000,000,703 | ---- | C] () -- C:\WINDOWS\UAWASSER.INI [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [1980.01.01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [1980.01.01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [1980.01.01 00:00:00 | 000,557,320 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [1980.01.01 00:00:00 | 000,506,996 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [1980.01.01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [1980.01.01 00:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [1980.01.01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [1980.01.01 00:00:00 | 000,117,284 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [1980.01.01 00:00:00 | 000,089,790 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [1980.01.01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [1980.01.01 00:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [1980.01.01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [1980.01.01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [1980.01.01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [1980.01.01 00:00:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll [1980.01.01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [1980.01.01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1980.01.01 00:00:00 | 000,000,083 | ---- | C] () -- C:\WINDOWS\ALaunch.ini ========== LOP Check ========== [2004.01.02 17:46:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2004.12.25 10:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Terzio [2005.12.26 13:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems [2006.08.19 13:47:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2007.01.10 15:58:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap [2008.03.26 11:30:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes [2008.03.26 11:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2008.05.23 18:14:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ElsterFormular [2009.05.31 13:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2009.05.31 13:17:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2009.06.06 18:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2009.06.06 18:22:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009.07.30 21:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Juniper Networks [2009.08.06 13:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ [2010.05.01 11:17:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OviInstallerCache [2010.09.22 17:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2011.09.17 10:48:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\PC Suite [2011.09.17 11:20:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Aileen.FRANK\Anwendungsdaten\Windows Search ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2004.08.10 20:00:00 | 000,000,000 | ---D | M] -- C:\i386 [2004.08.10 20:00:00 | 000,000,000 | ---D | M] -- C:\VALUEADD [2004.08.10 20:00:00 | 000,000,000 | ---D | M] -- C:\dotnetfx [2004.11.09 14:45:58 | 000,000,000 | ---D | M] -- C:\CMPNENTS [2004.11.10 10:55:30 | 000,000,000 | ---D | M] -- C:\GUIDE [2004.11.10 10:55:30 | 000,000,000 | ---D | M] -- C:\SYSINFO [2004.11.10 10:55:34 | 000,000,000 | ---D | M] -- C:\DRV [2003.05.05 10:31:58 | 000,000,000 | ---D | M] -- C:\WINDOWS [2004.11.10 11:11:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2004.11.10 11:18:52 | 000,000,000 | R--D | M] -- C:\Programme [2004.11.10 11:22:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2004.11.10 11:27:10 | 000,000,000 | ---D | M] -- C:\Program Files [2003.05.21 17:20:16 | 000,000,000 | ---D | M] -- C:\Acer [2004.11.10 11:48:42 | 000,000,000 | -HSD | M] -- C:\Recycled [2004.01.01 23:13:24 | 000,000,000 | ---D | M] -- C:\AcerSW [2010.12.09 16:15:08 | 000,000,000 | -H-D | M] -- C:\Recycle.Bin [2006.11.05 17:42:54 | 000,000,000 | ---D | M] -- C:\XP-Spiele [2011.05.04 08:47:44 | 000,000,000 | ---D | M] -- C:\Config.Msi [2007.05.15 14:58:16 | 000,000,000 | ---D | M] -- C:\Sierra [2007.05.15 15:03:50 | 000,000,000 | ---D | M] -- C:\SAVE [2004.12.18 17:54:18 | 000,000,000 | ---D | M] -- C:\TMP [2009.02.21 14:49:48 | 000,000,000 | ---D | M] -- C:\Pons - Französisch [2007.11.03 13:58:32 | 000,000,000 | ---D | M] -- C:\Klett [2009.02.21 15:17:04 | 000,000,000 | ---D | M] -- C:\Brockhaus in 3 Bänden [2010.12.09 16:15:08 | 000,000,000 | -H-D | M] -- C:\Systens.bin [2004.12.25 10:50:58 | 000,000,000 | ---D | M] -- C:\Spiele [2004.12.26 14:02:56 | 000,000,000 | ---D | M] -- C:\Terzio [2004.12.26 14:05:58 | 000,000,000 | ---D | M] -- C:\CHAMP [2004.12.27 18:03:32 | 000,000,000 | ---D | M] -- C:\KART [2005.03.29 14:41:22 | 000,000,000 | ---D | M] -- C:\Temp [2005.05.01 20:59:20 | 000,000,000 | ---D | M] -- C:\WINNT [2006.03.05 17:56:26 | 000,000,000 | -H-D | M] -- C:\DBBackup [2006.03.22 18:52:52 | 000,000,000 | ---D | M] -- C:\KOCH [2006.03.23 17:06:40 | 000,000,000 | ---D | M] -- C:\RIM < %PROGRAMFILES%\*.exe > [2005.09.03 21:11:20 | 000,081,920 | ---- | M] () -- C:\Programme\Unstopcp.exe [2005.10.25 19:28:16 | 000,081,920 | ---- | M] (Lime Wire, LLC) -- C:\Programme\LimeWire.exe Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > [6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < MD5 for: EXPLORER.EXE > [2004.08.10 20:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe [2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe [2007.06.13 15:21:46 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe < MD5 for: REGEDIT.EXE > [2004.08.10 20:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe [2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE > [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2004.08.10 20:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.10 20:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-09-16 06:22:20 < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.09.2011 11:29:36 - Run 1
OTL by OldTimer - Version 3.2.28.0 Folder = C:\Dokumente und Einstellungen\Aileen.FRANK\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1023,48 Mb Total Physical Memory | 495,93 Mb Available Physical Memory | 48,45% Memory free
2,40 Gb Paging File | 1,86 Gb Available in Paging File | 77,54% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 93,89 Gb Total Space | 50,62 Gb Free Space | 53,92% Space Free | Partition Type: FAT32
Drive D: | 92,38 Gb Total Space | 87,70 Gb Free Space | 94,94% Space Free | Partition Type: FAT32
Computer Name: FRANK | User Name: Aileen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung
"80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\devolo\easyshare\easyshare.exe" = C:\Programme\devolo\easyshare\easyshare.exe:*:Enabled:devolo EasyShare -- (devolo AG)
"C:\Programme\devolo\informer\devinf.exe" = C:\Programme\devolo\informer\devinf.exe:*:Enabled:devolo Informer -- (devolo AG)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite
"C:\Programme\Kazaa\kazaa.exe" = C:\Programme\Kazaa\kazaa.exe:*:Disabled:Kazaa Media Desktop
"C:\Programme\Kodak\Kodak EasyShare software\BIN\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\BIN\EasyShare.exe:*:Enabled:EasyShare
"C:\Programme\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Programme\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- (Juniper Networks)
"C:\Dokumente und Einstellungen\Aileen\Eigene Dateien\ICQ Lite\ICQ6\ICQ.exe" = C:\Dokumente und Einstellungen\Aileen\Eigene Dateien\ICQ Lite\ICQ6\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLDial.exe:*:Disabled:AOL Optimized Dial-In
"C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\AOL\ACS\AOLacsd.exe:*:Disabled:AOL Optimized Dial-In
"C:\Programme\Gemeinsame Dateien\AOL\1223200277\ee\aolsoftware.exe" = C:\Programme\Gemeinsame Dateien\AOL\1223200277\ee\aolsoftware.exe:*:Disabled:AOL Shared Components
"C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Juniper Networks\Juniper Citrix Services Client\dsCitrixProxy.exe" = C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Juniper Networks\Juniper Citrix Services Client\dsCitrixProxy.exe:*:Enabled:Juniper Citrix Services Client -- (Juniper Networks)
"C:\Programme\BUFFALO\NASNAVI\NasNavi.exe" = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- (BUFFALO INC.)
"E:\fsetup.exe" = E:\fsetup.exe:*:Enabled:AVM FSetup Application
"C:\Programme\devolo\dlan\devolonetsvc.exe" = C:\Programme\devolo\dlan\devolonetsvc.exe:*:Enabled:devolo dLAN Cockpit -- ()
"C:\Programme\FRITZ!\igd_finder.exe" = C:\Programme\FRITZ!\igd_finder.exe:LocalSubNet:Enabled:AVM FRITZ!fax for FRITZ!Box - igd_finder.exe
"C:\Programme\FRITZ!\FriFax32.exe" = C:\Programme\FRITZ!\FriFax32.exe:*:Enabled:FRITZ!fax
"C:\Programme\VideoLAN\VLC\vlc.exe" = C:\Programme\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1E9678A0-B4C1-11D2-863F-00C04F6E09F2}" = Microsoft Project 2000
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A8B7708-E99A-4CB2-ACDD-B9E696A8D43A}" = Piraten
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{627C5AC0-772C-4661-B696-42E04AEB1867}" = lingDIALOG
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05
"{7148F0A8-6813-11D6-A77B-00B0D0142080}" = Java 2 Runtime Environment, SE v1.4.2_08
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{816EA7C2-9B8D-48CA-A424-3DE3C80A5033}" = Motorola Driver Installation 4.2.0
"{838A1BC9-95CA-4880-9BE3-2A7D23600A2B}" = Macromedia Shockwave Player
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 2.10.509
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B480BD2A-F1BA-4FE6-8C8E-34C6111B72C9}" = ElsterFormular 2007/2008
"{B9C9DB4C-6D77-4AE9-AD1C-C708C23239A0}" = Nokia Connectivity Cable Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C49067A8-8212-4A82-A4D9-1519701644F0}" = Citrix Presentation Server Client - Nur Web
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D92008C5-B305-428F-8C3D-38449123D29E}" = MobiPocket Reader PC
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA56E55B-707F-442F-9F0E-BCBF8B0329A3}" = Rund um ... Chemie heute SI (Teil 2)
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA5E9826-466A-11D7-AA57-00E07DDCAF19}" = Der Zahlenteufel
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7A1E1C4F-CC6F-4BF0-BB81-7CFC3F655564" = GemMaster Mystic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon Setup Utility 2.0" = Canon Setup Utility 2.0
"CANONBJ_Deinstall_CNMCP78.DLL" = Canon iP4200
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_8D881025" = Acer Modem 56 Surf PCI
"CoreVorbis Audio Decoder" = CoreVorbis Audio Decoder (remove only)
"dlancockpit" = devolo dLAN Cockpit
"dlanconf" = devolo dLAN-Konfigurationsassistent
"dslmon" = devolo Informer
"DX-Ball 2 v1.2 Patch" = DX-Ball 2 v1.2 Patch
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem (06/01/2009 4.1)
"easyclean" = devolo EasyClean
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"easyshare" = devolo EasyShare
"ElsterFormular 11.4.1.4323" = ElsterFormular
"Evolution" = Evolution
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.3)
"ie8" = Windows Internet Explorer 8
"InstallShield_{4E074808-1B86-4230-A9EB-0904942EC4AE}" = LEGO Star Wars II
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
"Java Media Framework 2.1.1a" = Java Media Framework 2.1.1a
"Lernpaket" = Lernpaket
"Mathcad 8 Explorer" = Mathcad 8 Explorer
"MDL Chime/Chime Pro for Internet Explorer" = MDL Chime/Chime Pro for Internet Explorer
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"MNU 040907" = MNU Archiv 2004
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Neoteris_Secure_Application_Manager" = Juniper Networks Secure Application Manager
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Secunia PSI" = Secunia PSI (2.0.0.3003)
"Shockwave" = Shockwave
"UN060501" = BUFFALO NAS Navigator
"UN090415" = BUFFALO LinkStation(LS-CHL) Setup Guide
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.4
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 4.1 beta5
"WinRAR archiver" = WinRAR Archivierer
"WinZip" = WinZip
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.09.2011 10:29:44 | Computer Name = FRANK | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk
mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier
Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
Error - 16.09.2011 10:39:04 | Computer Name = FRANK | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk
mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier
Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
Error - 16.09.2011 10:41:15 | Computer Name = FRANK | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk
mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier
Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
Error - 16.09.2011 10:54:54 | Computer Name = FRANK | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk
mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier
Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
Error - 16.09.2011 11:00:04 | Computer Name = FRANK | Source = VSS | ID = 4001
Description = Volumeschattenkopie-Dienstfehler: Vergleichsbereiche können zum Erstellen
von Schattenkopien nicht gefunden werden. Fügen Sie mindestens ein NTFS-Laufwerk
mit ausreichend Speicherplatz dem System hinzu. Es sind mindestens 100 MB freier
Speicherplatz pro Volumesicherung bzw. -schattenkopie erforderlich.
Error - 17.09.2011 03:34:23 | Computer Name = FRANK | Source = Media Center Guide | ID = 0
Description = Ereignisinformation: Guide creation error. Prozess: DefaultDomain Objektname:
Media Center Guide
Error - 17.09.2011 03:34:45 | Computer Name = FRANK | Source = Media Center Guide | ID = 0
Description = Ereignisinformation: Guide creation error. Prozess: DefaultDomain Objektname:
Media Center Guide
Error - 17.09.2011 04:10:09 | Computer Name = FRANK | Source = Media Center Guide | ID = 0
Description = Ereignisinformation: Guide creation error. Prozess: DefaultDomain Objektname:
Media Center Guide
Error - 17.09.2011 04:49:24 | Computer Name = FRANK | Source = Media Center Guide | ID = 0
Description = Ereignisinformation: Guide creation error. Prozess: DefaultDomain Objektname:
Media Center Guide
Error - 17.09.2011 05:12:53 | Computer Name = FRANK | Source = Media Center Guide | ID = 0
Description = Ereignisinformation: Guide creation error. Prozess: DefaultDomain Objektname:
Media Center Guide
[ System Events ]
Error - 13.09.2011 13:12:36 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:12:42 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:12:47 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:12:53 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:12:58 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:13:04 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:13:09 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:13:14 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:13:20 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 13.09.2011 13:13:25 | Computer Name = FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Media Center-Empfängerdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
< End of report >
GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-17 11:44:38
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3200822AS rev.3.01
Running: i7ehc411.exe; Driver: C:\DOKUME~1\AILEEN~1.FRA\LOKALE~1\Temp\pgtdypow.sys
---- System - GMER 1.0.15 ----
SSDT F7E1D8AE ZwCreateKey
SSDT F7E1D8A4 ZwCreateThread
SSDT F7E1D8B3 ZwDeleteKey
SSDT F7E1D8BD ZwDeleteValueKey
SSDT F7E1D8C2 ZwLoadKey
SSDT F7E1D890 ZwOpenProcess
SSDT F7E1D895 ZwOpenThread
SSDT F7E1D8CC ZwReplaceKey
SSDT F7E1D8C7 ZwRestoreKey
SSDT F7E1D8B8 ZwSetValueKey
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 41269AC9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4125D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 411D46A6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41365337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41365269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413652D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4136519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413651FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ole32.dll!CoCreateInstance 774CF1AC 5 Bytes JMP 4126DB98 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ole32.dll!OleLoadFromStream 774F981B 5 Bytes JMP 4136569F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ws2_32.dll!getaddrinfo 71A12A6F 5 Bytes JMP 46CAE71D C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ws2_32.dll!closesocket 71A13E2B 5 Bytes JMP 46CAEEE9 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ws2_32.dll!socket 71A14211 5 Bytes JMP 46CAE59E C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ws2_32.dll!connect 71A14A07 5 Bytes JMP 46CAE62A C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ws2_32.dll!send 71A14C27 5 Bytes JMP 46CAE9ED C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[184] ws2_32.dll!recv 71A1676F 5 Bytes JMP 46CAF1C3 C:\Programme\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 41195505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 4126DB3C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 41365337 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 41365269 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 413652D4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 4136513A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 4136519C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 4136539A C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[316] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 413651FE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[2624] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip NEOFLTR_600_12733.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\Tcp NEOFLTR_600_12733.SYS (NetBIOS Redirector/Juniper Networks)
Device \Driver\prodrv06 \Device\ProDrv06 E1CB0008
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f prosync1.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\prohlp02 \Device\ProHlp02 E100E850
AttachedDevice \Driver\Tcpip \Device\Udp NEOFLTR_600_12733.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp NEOFLTR_600_12733.SYS (NetBIOS Redirector/Juniper Networks)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000d88acedab
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000d88acedab (not active ControlSet)
Reg HKLM\SOFTWARE\Classes\
---- EOF - GMER 1.0.15 ----
Liebe Grüße! Melinchen |
| Themen zu Über 120 verschiedene Viren auf dem PC |
| 0x00000001, antivir, avira, babylon, bho, bonjour, buffalo, c:\windows\system32\rundll32.exe, canon, crypto, error, fehler, firefox, fontcache, google earth, hdaudio.sys, helper, homepage, iexplore.exe, logfile, microsoft office word, nicht gefunden, object, plug-in, problem, prozess, realtek, registry, rundll, schattenkopien, sched.exe, secunia psi, security, security update, server, software, speicherplatz, starten, trojaner, trojaner board, version=1.0, viren, windows internet |
Baum-Darstellung