| |
| |||||||
Log-Analyse und Auswertung: Langsamer PC, Systemabstürze, Fehlermeldungen (Windows Search Indexerstellung wurde geschlossen,u.a)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.09.2011, 15:04
| #1 |
 |  Langsamer PC, Systemabstürze, Fehlermeldungen (Windows Search Indexerstellung wurde geschlossen,u.a) Hallo - dies ist mein erster Beitrag. ich habe mich schon seit längerem hier (und bei ähnlichen Foren) umgesehen, konnte mein Problem aber nicht eigenständig lösen. Seit etwa vier Wochen arbeitet mein Rechner quälend langsam. Programme bleiben hängen, stürzen ab, manchmal stürzt sogar das ganze System ab. Die Fehler sind leider schwer reproduzierbar. Was mir immerhin aufgefallen ist: sobald ich ein USB-Gerät (Maus oder Drucker) an einen beliebigen Anschluss hänge, wird der Rechner noch langsamer. Häufigste Fehlermeldung: Die Windows Search Indexerstellung wurde geschlossen (oder so ähnlich). Nachdem ich bei Google fündig geworden war, habe ich den Dienst deaktiviert, die Unterordner von C:\ProgramData\Microsoft\Search\Data gelöscht, das System neu gestartet und den Dienst wieder aktiviert. Leider hat das nichts gebracht. Eine neuere Fehlermeldung ist jetzt: Hostprozess für Windows-Dienste wurde beendet und geschlossen. Hier die Logfiles von Defogger, OTL und Gmer. Bei GMER hatte ich das Problem, dass der Computer mehrfach abstürzte, jedes Mal kurz nach Beginn des Scans. Ich habe es schließlich im abgesicherten Modus versucht. Ich poste noch ein älteres Logfile von Gmer, das ich vor einer Woche bereits erstellt hatte, damals ohne Absturz. Defogger: Nach dem Scan erfolgte (anders als in der Anleitung) keine Aufforderung zum Neustart. Habe dann noch mal ein zweites Mal gescannt - immer noch nichts. Daraufhin habe ich dann aber trotzdem den Rechner neu gestartet. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:25 on 21/09/2011 (Doro)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 21.09.2011 14:33:30 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Doro\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 60,09% Memory free 6,13 Gb Paging File | 5,03 Gb Available in Paging File | 82,14% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 454,56 Gb Total Space | 202,07 Gb Free Space | 44,45% Space Free | Partition Type: NTFS Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS Computer Name: ZERBINETTA | User Name: Doro | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.09.21 14:01:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Doro\Desktop\OTL.exe PRC - [2011.06.30 10:58:36 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.04.27 17:29:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.24 08:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Freecorder\FLVSrvc.exe PRC - [2010.11.05 19:29:26 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.03 16:37:57 | 000,154,112 | ---- | M] () -- C:\Program Files\ImagonShared\DierckeBrowserInterface.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe PRC - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files\FreePDF_XP\fpassist.exe PRC - [2009.07.21 22:33:32 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe PRC - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe PRC - [2009.04.22 23:06:52 | 000,206,120 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe PRC - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe PRC - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe PRC - [2008.10.09 07:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe PRC - [2008.09.25 19:42:24 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe PRC - [2008.09.25 19:41:44 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe PRC - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe ========== Modules (No Company Name) ========== MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2011.08.24 13:34:29 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\c50d9d540acecdef29c31201e203a331\System.Windows.Forms.ni.dll MOD - [2011.08.24 13:34:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\d8d83838f9840bde901df516ba3de588\System.Drawing.ni.dll MOD - [2011.08.24 09:18:59 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b9ea0d414c4861120bfb7365d8ec0939\System.ni.dll MOD - [2011.08.24 09:18:51 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll MOD - [2010.02.03 16:37:57 | 000,154,112 | ---- | M] () -- C:\Program Files\ImagonShared\DierckeBrowserInterface.exe MOD - [2010.01.13 19:13:20 | 000,133,120 | ---- | M] () -- C:\Program Files\Mobile Partner Manager\UIExec.exe MOD - [2009.04.22 22:53:22 | 000,267,656 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapEngine.dll MOD - [2009.04.22 22:53:22 | 000,124,288 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLSchMgr.dll MOD - [2009.04.22 22:53:22 | 000,038,184 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLCapSvcps.dll MOD - [2009.04.22 22:53:20 | 000,349,480 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\CLTinyDB.dll MOD - [2009.04.22 22:52:56 | 000,066,856 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\Common\MCEMediaStatus.dll MOD - [2008.09.25 19:42:26 | 000,881,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll MOD - [2007.08.14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2007.07.12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2007.07.12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security) SRV - [2011.06.30 10:58:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.27 17:29:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.01.13 19:14:00 | 000,247,296 | ---- | M] () [Auto | Running] -- C:\Program Files\Mobile Partner Manager\AssistantServices.exe -- (UI Assistant Service) SRV - [2009.07.21 22:33:32 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\stacsv.exe -- (STacSV) SRV - [2009.04.22 22:53:22 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS) SRV - [2009.04.22 22:53:22 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS) SRV - [2009.03.02 18:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_e2247046\AEstSrv.exe -- (AESTFilters) SRV - [2008.09.23 12:18:52 | 000,365,904 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows) SRV - [2008.02.03 12:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - [2011.06.30 10:58:36 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.06.30 10:58:36 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt) DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2009.10.29 19:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2009.10.29 19:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2009.10.03 06:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.07.21 22:33:32 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49}) DRV - [2008.08.06 05:29:26 | 000,044,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2008.07.22 17:42:34 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.07.21 12:53:02 | 000,100,184 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.04.29 03:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R) DRV - [2007.06.18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2005.09.06 15:33:46 | 001,342,138 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btkrnl.sys -- (BTKRNL) DRV - [2005.09.06 15:30:22 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwusb.sys -- (BTWUSB) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.wetteronline.de/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.16 22:09:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.17 07:36:33 | 000,000,000 | ---D | M] [2010.07.24 16:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doro\AppData\Roaming\mozilla\Extensions [2010.02.07 14:27:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doro\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.09.15 22:42:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions [2011.08.16 22:09:50 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} [2010.07.26 20:33:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.15 22:42:39 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\anttoolbar@ant.com [2011.03.12 21:31:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Doro\AppData\Roaming\mozilla\Firefox\Profiles\lhc9bnhm.default\extensions\personas@christopher.beard [2011.06.28 09:53:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.08.26 21:18:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.27 21:45:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.02 14:22:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.26 22:21:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.28 09:53:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.04.02 22:35:05 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262} [2011.08.16 22:09:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.31 11:09:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\PDFNetC.dll [2010.04.08 13:36:02 | 000,107,760 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll [2011.04.16 20:47:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.04.16 20:47:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.04.16 20:47:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.04.16 20:47:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.04.16 20:47:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.04.16 20:47:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files\SMART Technologies\SMART Notebook\NotebookPlugin.dll (SMART Technologies ULC.) O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UIExec] C:\Program Files\Mobile Partner Manager\UIExec.exe () O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O8 - Extra context menu item: &AOL Toolbar-Suche - C:\ProgramData\AOL\ieToolbar\resources\de-DE\local\search.html () O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files\ANYCOM\Blue USB-200-250\btsendto_ie_ctx.htm File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {2EF98DE5-183F-11D4-83EC-EC6A1DB6E213} hxxp://www.dynageo.de/download/dynageoviewer.cab (DynaGeoX Element) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4A55884-B978-4705-BC7C-9047C316C7B4}: NameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EFFD7B9D-FDD4-42AB-870F-12F1DD2A9DC3}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Doro\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Doro\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{484b7929-31c7-11de-b0b0-00235a31f89c}\Shell\AutoRun\command - "" = F:\Menu.exe O33 - MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{6a42a0bf-2113-11de-9e9c-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Einstiegsseite.exe O33 - MountPoints2\{762141d1-b50b-11de-8572-00235a31f89c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe O33 - MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\Shell - "" = AutoRun O33 - MountPoints2\{b857417f-6239-11df-b359-00235a31f89c}\Shell\AutoRun\command - "" = F:\Install.exe O33 - MountPoints2\{bba60099-11c5-11df-9d27-00235a31f89c}\Shell\AutoRun\command - "" = F:\StartPortableApps.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: ezSharedSvc - C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS) MsConfig - State: "services" - 0 MsConfig - State: "startup" - 0 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.09.21 14:01:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Doro\Desktop\OTL.exe [2011.09.21 11:14:01 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.09.04 17:03:00 | 000,000,000 | ---D | C] -- C:\Users\Doro\AppData\Roaming\FileZilla [2011.09.04 17:02:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client [2011.09.04 17:02:53 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client [2011.09.04 00:47:05 | 000,000,000 | ---D | C] -- C:\Users\Doro\Documents\My Albums [2011.09.04 00:42:02 | 000,000,000 | ---D | C] -- C:\Users\Doro\AppData\Roaming\jAlbum [2011.09.04 00:42:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jAlbum [2011.09.04 00:42:02 | 000,000,000 | ---D | C] -- C:\Program Files\jAlbum [2011.08.29 18:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\HijackThis [2011.02.02 16:03:23 | 000,250,544 | ---- | C] (KeyWorks Software) -- C:\Program Files\Common Files\keyhelp.ocx [2009.05.05 11:29:40 | 008,805,091 | ---- | C] (Macrovision Corporation) -- C:\Program Files\ISSetup.dll [2009.04.03 16:12:56 | 000,316,712 | ---- | C] (Macrovision Corporation ) -- C:\Program Files\setup.exe [2009.02.09 16:27:02 | 000,094,208 | ---- | C] ( ) -- C:\Program Files\SKUtil.dll [2008.08.14 20:58:56 | 000,094,208 | ---- | C] (CyberLink Corp.) -- C:\Program Files\VerCheck.dll [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.09.21 14:35:57 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.09.21 14:35:57 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.09.21 14:35:57 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.09.21 14:35:57 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.09.21 14:30:01 | 000,200,520 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.09.21 14:29:42 | 000,200,520 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.09.21 14:29:33 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.09.21 14:29:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.09.21 14:29:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.09.21 14:29:26 | 3186,577,408 | -HS- | M] () -- C:\hiberfil.sys [2011.09.21 14:27:46 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.09.21 14:06:17 | 000,000,000 | ---- | M] () -- C:\Users\Doro\defogger_reenable [2011.09.21 14:04:45 | 000,024,543 | ---- | M] () -- C:\Users\Doro\Desktop\AnleitungRootkitscan.odt [2011.09.21 14:01:42 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Doro\Desktop\OTL.exe [2011.09.21 13:48:53 | 000,028,187 | ---- | M] () -- C:\Users\Doro\Desktop\Fehler21_9_2011.JPG [2011.09.21 13:06:29 | 000,050,477 | ---- | M] () -- C:\Users\Doro\Desktop\Defogger.exe [2011.09.21 10:07:28 | 276,536,387 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.09.21 09:52:27 | 000,302,592 | ---- | M] () -- C:\Users\Doro\Desktop\fxelug8e.exe [2011.09.20 22:54:12 | 000,031,030 | ---- | M] () -- C:\Users\Doro\Desktop\Fehler_SearchIndexer.JPG [2011.09.19 22:41:29 | 000,021,546 | ---- | M] () -- C:\Users\Doro\Desktop\Kalender.ods [2011.09.18 22:56:28 | 000,038,017 | ---- | M] () -- C:\Users\Doro\Desktop\Kalender_Vorlage(b).ods [2011.09.16 23:27:40 | 000,036,792 | ---- | M] () -- C:\Users\Doro\Desktop\Kalender_Vorlage.ods [2011.09.16 22:25:16 | 000,019,378 | ---- | M] () -- C:\Users\Doro\Desktop\Adressen.ods [2011.09.12 16:33:32 | 000,010,931 | ---- | M] () -- C:\Users\Doro\Desktop\AblesungHeizkörper.ods [2011.09.11 23:05:59 | 000,028,851 | ---- | M] () -- C:\Users\Doro\Desktop\schulkalender20112012.ods [2011.09.11 21:36:06 | 000,502,004 | ---- | M] () -- C:\Users\Doro\Desktop\Schubert-Erlkönig_Op1.pdf [2011.09.11 21:35:30 | 000,054,749 | ---- | M] () -- C:\Users\Doro\Desktop\Fehlermeldung11_9_2011.JPG [2011.09.06 22:03:22 | 000,010,319 | ---- | M] () -- C:\Users\Doro\.recently-used.xbel [2011.09.06 22:03:14 | 000,082,285 | ---- | M] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2Rück.jpg [2011.09.06 21:57:15 | 001,473,974 | ---- | M] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2.jpg [2011.09.05 23:32:08 | 000,046,420 | ---- | M] () -- C:\Users\Doro\Desktop\Fehlermeldung5_9_2011.JPG [2011.09.04 17:30:43 | 000,425,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.09.04 00:42:31 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\jAlbum.lnk [2011.09.03 22:25:09 | 001,141,069 | ---- | M] () -- C:\Users\Doro\Documents\Bedienungsanleitung_Herd.pdf [2011.08.30 00:57:42 | 000,148,992 | ---- | M] () -- C:\Users\Doro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.08.29 08:05:54 | 000,042,435 | ---- | M] () -- C:\Users\Doro\Desktop\virenfund.JPG [2011.08.29 00:55:23 | 000,001,850 | ---- | M] () -- C:\Users\Doro\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.08.29 00:55:23 | 000,001,779 | ---- | M] () -- C:\Users\Doro\Desktop\Avira DE-Cleaner.lnk [2011.08.24 00:00:10 | 001,695,906 | ---- | M] () -- C:\Users\Doro\Documents\opencom30_bedienungsanleitung.pdf [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.09.21 14:06:17 | 000,000,000 | ---- | C] () -- C:\Users\Doro\defogger_reenable [2011.09.21 14:04:42 | 000,024,543 | ---- | C] () -- C:\Users\Doro\Desktop\AnleitungRootkitscan.odt [2011.09.21 13:48:51 | 000,028,187 | ---- | C] () -- C:\Users\Doro\Desktop\Fehler21_9_2011.JPG [2011.09.21 13:06:14 | 000,050,477 | ---- | C] () -- C:\Users\Doro\Desktop\Defogger.exe [2011.09.21 12:55:02 | 000,001,799 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DGO-Interface-01.lnk [2011.09.21 09:52:24 | 000,302,592 | ---- | C] () -- C:\Users\Doro\Desktop\fxelug8e.exe [2011.09.20 22:54:09 | 000,031,030 | ---- | C] () -- C:\Users\Doro\Desktop\Fehler_SearchIndexer.JPG [2011.09.18 22:56:27 | 000,038,017 | ---- | C] () -- C:\Users\Doro\Desktop\Kalender_Vorlage(b).ods [2011.09.16 23:23:47 | 000,036,792 | ---- | C] () -- C:\Users\Doro\Desktop\Kalender_Vorlage.ods [2011.09.16 23:23:25 | 000,021,546 | ---- | C] () -- C:\Users\Doro\Desktop\Kalender.ods [2011.09.12 16:32:13 | 000,010,931 | ---- | C] () -- C:\Users\Doro\Desktop\AblesungHeizkörper.ods [2011.09.11 23:05:59 | 000,028,851 | ---- | C] () -- C:\Users\Doro\Desktop\schulkalender20112012.ods [2011.09.11 21:36:06 | 000,502,004 | ---- | C] () -- C:\Users\Doro\Desktop\Schubert-Erlkönig_Op1.pdf [2011.09.11 21:35:30 | 000,054,749 | ---- | C] () -- C:\Users\Doro\Desktop\Fehlermeldung11_9_2011.JPG [2011.09.06 22:03:22 | 000,010,319 | ---- | C] () -- C:\Users\Doro\.recently-used.xbel [2011.09.06 22:03:14 | 000,082,285 | ---- | C] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2Rück.jpg [2011.09.06 21:56:07 | 001,473,974 | ---- | C] () -- C:\Users\Doro\Desktop\Umzugskarte_Playmobil2.jpg [2011.09.05 23:32:06 | 000,046,420 | ---- | C] () -- C:\Users\Doro\Desktop\Fehlermeldung5_9_2011.JPG [2011.09.04 00:42:31 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\jAlbum.lnk [2011.09.03 22:25:08 | 001,141,069 | ---- | C] () -- C:\Users\Doro\Documents\Bedienungsanleitung_Herd.pdf [2011.08.29 08:04:10 | 000,042,435 | ---- | C] () -- C:\Users\Doro\Desktop\virenfund.JPG [2011.08.29 00:55:23 | 000,001,850 | ---- | C] () -- C:\Users\Doro\Desktop\Entfernen des Avira DE-Cleaners.lnk [2011.08.29 00:55:23 | 000,001,779 | ---- | C] () -- C:\Users\Doro\Desktop\Avira DE-Cleaner.lnk [2011.08.24 00:00:10 | 001,695,906 | ---- | C] () -- C:\Users\Doro\Documents\opencom30_bedienungsanleitung.pdf [2011.06.08 12:59:41 | 000,006,931 | ---- | C] () -- C:\Users\Doro\AppData\Roaming\.freeciv-client-rc-2.2 [2011.06.03 16:17:56 | 000,000,172 | ---- | C] () -- C:\Users\Doro\AppData\Roaming\.ptbt0 [2011.05.17 18:59:27 | 000,946,519 | ---- | C] () -- C:\Windows\Diercke Globus Online Uninstaller.exe [2011.01.05 00:21:28 | 000,338,227 | ---- | C] () -- C:\Users\Doro\AppData\Roaming\mdbu.bin [2010.11.09 23:59:34 | 000,000,724 | ---- | C] () -- C:\Windows\wacam.ini [2010.08.02 20:01:43 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.08.02 20:01:43 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.08.02 20:01:43 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.08.02 20:01:43 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.08.02 20:01:43 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.08.02 20:01:43 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.08.02 20:01:43 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.08.02 20:01:43 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.08.02 20:01:43 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.08.02 20:01:43 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.08.02 20:01:43 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.08.02 20:01:43 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.08.02 20:01:43 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.08.02 20:01:43 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.08.02 20:01:43 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.08.02 20:01:43 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.08.02 20:01:43 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.08.02 20:01:43 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.08.02 20:01:43 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.06.13 22:26:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.06.13 22:26:42 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010.03.22 22:16:17 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2009.10.23 14:25:09 | 000,155,648 | ---- | C] () -- C:\Windows\System32\daspi32u.dll [2009.10.23 14:25:09 | 000,106,496 | ---- | C] () -- C:\Windows\System32\IO_PORT.DLL [2009.10.23 14:25:09 | 000,102,400 | ---- | C] () -- C:\Windows\System32\FVC.DLL [2009.10.23 14:25:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\SQ1394.DLL [2009.10.23 14:25:09 | 000,010,624 | ---- | C] () -- C:\Windows\System32\drivers\GENEUSB.SYS [2009.10.22 14:28:57 | 000,196,608 | ---- | C] () -- C:\Windows\System32\PSlide.dll [2009.10.22 14:28:57 | 000,049,152 | ---- | C] () -- C:\Windows\System32\PWiaExt.dll [2009.10.22 14:28:56 | 000,010,624 | ---- | C] () -- C:\Windows\System32\GENEUSB.SYS [2009.09.24 21:13:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.09.24 21:13:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.06.30 08:13:50 | 000,200,520 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.06.30 08:11:48 | 000,200,520 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.05.05 11:30:44 | 000,004,647 | ---- | C] () -- C:\Program Files\Cyberlink.MD5 [2009.05.05 11:30:26 | 000,000,244 | ---- | C] () -- C:\Program Files\info.ini [2009.05.05 11:30:26 | 000,000,185 | ---- | C] () -- C:\Program Files\ureg.ini [2009.05.05 11:30:24 | 000,000,495 | ---- | C] () -- C:\Program Files\Custom.ini [2009.05.05 11:30:22 | 004,010,496 | ---- | C] () -- C:\Program Files\MediaSmart TV.msi [2009.05.05 11:30:22 | 000,002,090 | ---- | C] () -- C:\Program Files\Setup.ini [2009.05.05 11:30:22 | 000,000,182 | ---- | C] () -- C:\Program Files\Product.ini [2009.05.05 11:30:20 | 000,034,304 | ---- | C] () -- C:\Program Files\1048.mst [2009.05.05 11:30:20 | 000,034,304 | ---- | C] () -- C:\Program Files\1026.mst [2009.05.05 11:30:20 | 000,033,280 | ---- | C] () -- C:\Program Files\1055.mst [2009.05.05 11:30:20 | 000,031,744 | ---- | C] () -- C:\Program Files\1054.mst [2009.05.05 11:30:20 | 000,003,584 | ---- | C] () -- C:\Program Files\1033.mst [2009.05.05 11:30:18 | 000,034,816 | ---- | C] () -- C:\Program Files\2070.mst [2009.05.05 11:30:18 | 000,034,816 | ---- | C] () -- C:\Program Files\1046.mst [2009.05.05 11:30:18 | 000,034,816 | ---- | C] () -- C:\Program Files\1045.mst [2009.05.05 11:30:18 | 000,033,280 | ---- | C] () -- C:\Program Files\1049.mst [2009.05.05 11:30:18 | 000,033,280 | ---- | C] () -- C:\Program Files\1044.mst [2009.05.05 11:30:18 | 000,032,768 | ---- | C] () -- C:\Program Files\1053.mst [2009.05.05 11:30:16 | 000,037,888 | ---- | C] () -- C:\Program Files\1032.mst [2009.05.05 11:30:16 | 000,037,376 | ---- | C] () -- C:\Program Files\1043.mst [2009.05.05 11:30:16 | 000,035,840 | ---- | C] () -- C:\Program Files\1038.mst [2009.05.05 11:30:16 | 000,035,840 | ---- | C] () -- C:\Program Files\1034.mst [2009.05.05 11:30:16 | 000,033,792 | ---- | C] () -- C:\Program Files\1029.mst [2009.05.05 11:30:16 | 000,033,280 | ---- | C] () -- C:\Program Files\1035.mst [2009.05.05 11:30:16 | 000,033,280 | ---- | C] () -- C:\Program Files\1030.mst [2009.05.05 11:30:14 | 000,038,912 | ---- | C] () -- C:\Program Files\1031.mst [2009.05.05 11:30:14 | 000,037,888 | ---- | C] () -- C:\Program Files\1040.mst [2009.05.05 11:30:14 | 000,037,376 | ---- | C] () -- C:\Program Files\1036.mst [2009.05.05 11:30:14 | 000,035,840 | ---- | C] () -- C:\Program Files\1041.mst [2009.05.05 11:30:14 | 000,031,744 | ---- | C] () -- C:\Program Files\1042.mst [2009.05.05 11:30:14 | 000,025,088 | ---- | C] () -- C:\Program Files\2052.mst [2009.05.05 11:30:14 | 000,024,576 | ---- | C] () -- C:\Program Files\1028.mst [2009.05.05 11:30:08 | 045,440,872 | ---- | C] () -- C:\Program Files\Data1.cab [2009.05.05 11:28:38 | 000,000,047 | ---- | C] () -- C:\Program Files\Define.ini [2009.05.05 11:26:46 | 000,000,622 | ---- | C] () -- C:\Program Files\HPTV.sim [2009.05.05 11:21:04 | 000,004,818 | ---- | C] () -- C:\Program Files\sp43595.cva [2009.04.23 23:30:01 | 000,000,268 | RH-- | C] () -- C:\Users\Doro\AppData\Roaming\BSD [2009.04.23 23:30:01 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Bass [2009.04.23 23:30:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdw.DAT [2009.04.23 23:30:01 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Bundle [2009.04.23 23:23:25 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Basic Track [2009.04.23 23:23:25 | 000,000,268 | RH-- | C] () -- C:\Users\Doro\AppData\Roaming\Automatic Filter [2009.04.23 23:23:25 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT [2009.04.23 23:23:25 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Booms [2009.04.04 23:26:44 | 000,148,992 | ---- | C] () -- C:\Users\Doro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.10.22 06:37:43 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.10.22 06:34:24 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.10.22 06:34:24 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.10.22 06:34:24 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.10.22 06:34:24 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.10.21 22:43:10 | 000,000,428 | ---- | C] () -- C:\Windows\System32\ezdigsgn.dat [2008.10.21 21:47:09 | 000,218,480 | ---- | C] () -- C:\ProgramData\SymUpdate.exe [2008.10.21 21:06:34 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2007.10.18 17:54:24 | 001,129,289 | ---- | C] () -- C:\Program Files\setup.isn [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,425,440 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.05.17 01:02:16 | 000,007,460 | ---- | C] () -- C:\Program Files\0x0408.ini [2006.05.17 01:02:16 | 000,007,242 | ---- | C] () -- C:\Program Files\0x040c.ini [2006.05.17 01:02:16 | 000,007,094 | ---- | C] () -- C:\Program Files\0x0407.ini [2006.05.17 01:02:16 | 000,007,022 | ---- | C] () -- C:\Program Files\0x040a.ini [2006.05.17 01:02:16 | 000,006,897 | ---- | C] () -- C:\Program Files\0x0410.ini [2006.05.17 01:02:16 | 000,006,833 | ---- | C] () -- C:\Program Files\0x0816.ini [2006.05.17 01:02:16 | 000,006,814 | ---- | C] () -- C:\Program Files\0x0413.ini [2006.05.17 01:02:16 | 000,006,715 | ---- | C] () -- C:\Program Files\0x0415.ini [2006.05.17 01:02:16 | 000,006,623 | ---- | C] () -- C:\Program Files\0x0411.ini [2006.05.17 01:02:16 | 000,006,569 | ---- | C] () -- C:\Program Files\0x0416.ini [2006.05.17 01:02:16 | 000,006,552 | ---- | C] () -- C:\Program Files\0x0402.ini [2006.05.17 01:02:16 | 000,006,512 | ---- | C] () -- C:\Program Files\0x0419.ini [2006.05.17 01:02:16 | 000,006,509 | ---- | C] () -- C:\Program Files\0x0405.ini [2006.05.17 01:02:16 | 000,006,489 | ---- | C] () -- C:\Program Files\0x040e.ini [2006.05.17 01:02:16 | 000,006,461 | ---- | C] () -- C:\Program Files\0x0406.ini [2006.05.17 01:02:16 | 000,006,419 | ---- | C] () -- C:\Program Files\0x0418.ini [2006.05.17 01:02:16 | 000,006,393 | ---- | C] () -- C:\Program Files\0x0414.ini [2006.05.17 01:02:16 | 000,006,355 | ---- | C] () -- C:\Program Files\0x041f.ini [2006.05.17 01:02:16 | 000,006,344 | ---- | C] () -- C:\Program Files\0x040b.ini [2006.05.17 01:02:16 | 000,006,153 | ---- | C] () -- C:\Program Files\0x041e.ini [2006.05.17 01:02:16 | 000,006,153 | ---- | C] () -- C:\Program Files\0x041d.ini [2006.05.17 01:02:16 | 000,006,129 | ---- | C] () -- C:\Program Files\0x0409.ini [2006.05.17 01:02:16 | 000,005,724 | ---- | C] () -- C:\Program Files\0x0412.ini [2006.05.17 01:02:16 | 000,004,315 | ---- | C] () -- C:\Program Files\0x0804.ini [2006.05.17 01:02:16 | 000,004,248 | ---- | C] () -- C:\Program Files\0x0404.ini [2006.03.09 11:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2011.07.23 13:54:53 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\.freeciv [2011.04.03 22:01:05 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\.smarttech-webinterface [2010.11.09 23:59:38 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\ACAMPREF [2011.06.05 23:38:42 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Audacity [2010.04.22 23:21:14 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Blender Foundation [2010.05.22 16:06:25 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Diercke Globus Online [2009.04.07 22:32:36 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\DynaGeo [2011.01.03 21:37:27 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\elsterformular [2011.09.04 17:13:21 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\FileZilla [2009.05.29 09:06:15 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\fotobuch.de AG [2011.09.06 22:03:22 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\gtk-2.0 [2011.09.04 01:09:09 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\jAlbum [2011.06.13 19:03:42 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\kompozer.net [2011.04.12 22:17:46 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\LibreOffice [2010.08.21 12:42:45 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\MakeMusic [2009.06.29 22:25:18 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\MPEG Streamclip [2009.09.06 12:25:37 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\MusE [2009.04.24 21:28:28 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Nikon [2009.04.07 16:37:25 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\OpenOffice.org [2009.10.22 14:42:01 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\PIE [2010.02.11 23:11:38 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\POV-Ray [2010.04.07 13:01:38 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\SMART Technologies [2010.04.07 12:38:09 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\SMART Technologies Inc [2009.12.04 14:17:05 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\streamripper [2011.04.04 22:34:19 | 000,000,000 | ---D | M] -- C:\Users\Doro\AppData\Roaming\Thunderbird [2011.09.21 14:27:48 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.01.31 22:51:52 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.06.25 23:18:13 | 000,000,000 | ---D | M] -- C:\783232d64fcf05751d [2009.09.24 23:15:42 | 000,000,000 | -HSD | M] -- C:\boot [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.04.04 16:29:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.07.27 23:12:58 | 000,000,000 | ---D | M] -- C:\DVDShrink [2009.04.04 16:31:38 | 000,000,000 | -H-D | M] -- C:\HP [2009.03.15 22:05:20 | 000,000,000 | ---D | M] -- C:\Intel [2011.08.08 14:02:00 | 000,000,000 | ---D | M] -- C:\Material [2008.10.21 22:29:49 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.09.04 17:02:53 | 000,000,000 | ---D | M] -- C:\Program Files [2011.05.14 12:45:56 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.04.04 16:29:38 | 000,000,000 | -HSD | M] -- C:\Programme [2010.08.21 12:41:22 | 000,000,000 | ---D | M] -- C:\PSFONTS [2010.04.22 23:26:21 | 000,000,000 | ---D | M] -- C:\Python26 [2011.08.08 18:15:01 | 000,000,000 | ---D | M] -- C:\Sound [2010.06.16 21:14:14 | 000,000,000 | ---D | M] -- C:\SwSetup [2011.09.21 14:36:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.04.04 16:32:07 | 000,000,000 | -H-D | M] -- C:\System.sav [2009.10.09 08:35:09 | 000,000,000 | ---D | M] -- C:\UninstallerData [2010.01.31 22:51:36 | 000,000,000 | R--D | M] -- C:\Users [2011.09.21 11:14:01 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > [2009.04.03 16:12:56 | 000,316,712 | ---- | M] (Macrovision Corporation ) -- C:\Program Files\setup.exe < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 670 bytes -> C:\Users\Doro\Documents\Training fürs Schülercoaching.eml:OECustomProperty @Alternate Data Stream - 64 bytes -> C:\Users\Public\Documents\Israel-Sound.mp3:TOC.WMV < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.09.2011 14:33:30 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Doro\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 60,09% Memory free
6,13 Gb Paging File | 5,03 Gb Available in Paging File | 82,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 454,56 Gb Total Space | 202,07 Gb Free Space | 44,45% Space Free | Partition Type: NTFS
Drive D: | 11,20 Gb Total Space | 1,84 Gb Free Space | 16,46% Space Free | Partition Type: NTFS
Computer Name: ZERBINETTA | User Name: Doro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "F:\PortableApps\Winamp\winamp.exe" /BOOKMARK "%1"
Directory [Winamp.Enqueue] -- "F:\PortableApps\Winamp\winamp.exe" /ADD "%1"
Directory [Winamp.Play] -- "F:\PortableApps\Winamp\winamp.exe" "%1"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BB7510F-9C4E-474F-88B1-5D7A273DB5E5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1E2A4177-D660-4F8C-94C5-3F3358A7E51C}" = rport=137 | protocol=17 | dir=out | app=system |
"{35BF7279-24BA-45BD-8E18-16D173B074A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3D2AC8ED-F680-420F-BFAF-D0132575C528}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3F0B7955-F478-459C-B2B3-F0FE4223A268}" = rport=445 | protocol=6 | dir=out | app=system |
"{4569A150-8DB0-4854-91D2-459AAF5352AB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{4D305746-8EE5-410C-B4D1-3317F9411335}" = rport=139 | protocol=6 | dir=out | app=system |
"{59819F46-2309-482F-9ADB-44EC61BCBC30}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{60D1E845-4936-43F9-A3FB-0542A7F665A4}" = rport=138 | protocol=17 | dir=out | app=system |
"{7EF3B57F-4D47-4EE5-98D6-800727C00B87}" = lport=137 | protocol=17 | dir=in | app=system |
"{7F389B02-1D9E-45DB-88AB-C5F101329C67}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8075A37A-8C0D-4AE4-AEB4-0E1CE0BEFF00}" = lport=138 | protocol=17 | dir=in | app=system |
"{8577CF2D-94E5-4E36-860B-140A28A33728}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{98A6421F-7A67-4AB1-B4F5-530D4A2D0EAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C5ECA23F-8F87-4CF8-A7DF-5AA3F22F2D2F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{CF0625B4-2BCE-4ED5-99B7-EF8D7CD62075}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DC462967-2470-444C-8FDE-C25CAB9783DF}" = lport=139 | protocol=6 | dir=in | app=system |
"{DFE57984-48E0-43CC-BD1A-9A8F70F36DAC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F68B8706-678B-4292-8514-9B8F6F0605AB}" = lport=12001 | protocol=17 | dir=in | name=smart webserver handshake multicast port |
"{F90DD6C2-9758-43BD-B47F-2394D6003A82}" = lport=445 | protocol=6 | dir=in | app=system |
"{FB04AA9A-FADF-4686-B4AF-C850B840696F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B01E87A-35B8-4223-AF40-FFA6FD5A4B0C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1221E528-364F-4479-9380-E3B91F6C99C8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{15F0FFC1-1FFF-45AB-B046-7C0C87BCBD1E}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
"{168FF081-5458-460C-A038-040F3DFA3735}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
"{20036EEC-8F9D-480E-8182-3F3B184DC2D9}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
"{2CCEC4A5-E8AC-47A9-85AC-E1926F8B9416}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{31982CA4-5179-48F4-A6D9-6BEF5434ACBF}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
"{384F0801-8E6B-4937-9B75-7B5A43B32A96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5E62F8D8-6AD9-4342-9E22-CF91231EE261}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\tsmagent.exe |
"{70A87530-96F0-4591-90A9-83CC4624603D}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qpservice.exe |
"{7C8DBEB2-2368-4B32-AEBE-4D2A542C6E01}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
"{838345EA-D7D3-4A42-9E75-D429DBDF847E}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{8A2783EF-150B-431D-8E61-03EF46E16DE6}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{96567975-2BEF-4662-AA15-3E7A3A616EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A740CC0C-AEF3-474E-B40E-5E25CE855A2F}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
"{A9B75FEC-D807-45F1-81A4-00DDA099E711}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B879F2FD-69A7-49DF-936A-DD0AEC78564E}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
"{CDD6F9CF-3D8A-437D-B3DD-ABBC92EAE126}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hpdvdsmart.exe |
"{D57558FD-4C39-4EE3-9EF3-3F3C518A1AFF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E08823A6-5459-48B1-9428-53FC903F136E}" = dir=in | app=c:\program files\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
"{E318339D-622E-4CB5-A458-97B15E7FA24D}" = dir=in | app=c:\program files\hewlett-packard\media\tv\qp.exe |
"{ED91E18D-11AB-4D90-926D-D8C0F548A2AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FC6A6FA8-2AE2-41D7-B387-564F51E2A080}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FCFB09B9-E05E-4923-8CDC-0DA066FB951B}" = dir=in | app=c:\program files\hewlett-packard\touchsmart\media\tsmagent.exe |
"TCP Query User{12EDF2EA-9220-4626-B304-886138778D0B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{2ADFBAF3-2C9D-45D6-9700-E58D04311A0B}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"TCP Query User{5674DA3C-8765-46FF-B9C5-788D0AA48D21}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe |
"TCP Query User{7E2AD460-3A4C-4B1D-AFE7-DED5BD813C0B}C:\program files\smart technologies\smart product drivers\ucservice.exe" = protocol=6 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"TCP Query User{B57A35F4-6339-47A1-BC26-5933B65E78DA}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe |
"TCP Query User{C2AE6DF5-3CC3-45A3-8FEA-3931FCA81179}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe |
"TCP Query User{CAAC011D-406B-4BF2-96ED-4519D1D79574}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=6 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe |
"UDP Query User{53642092-CF89-4584-A125-950372F68995}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe |
"UDP Query User{6F4A618B-595B-4E94-932F-42A7A130152B}C:\program files\smart technologies\smart product drivers\ucservice.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\ucservice.exe |
"UDP Query User{885B8BC3-FF09-4ABC-A5C6-2342203C1BD6}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe |
"UDP Query User{A30CA5A4-6EE5-40A4-BEFB-49BC56D1482A}C:\program files\smart technologies\smart product drivers\smartsnmpagent.exe" = protocol=17 | dir=in | app=c:\program files\smart technologies\smart product drivers\smartsnmpagent.exe |
"UDP Query User{B55970FF-DFDE-46E1-B1CC-9446C5F8D312}C:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe" = protocol=17 | dir=in | app=c:\users\doro\appdata\local\freeciv-2.2.5-gtk2\freeciv-server.exe |
"UDP Query User{B7DC0B55-F96E-4FBC-A99C-8EC461C136BC}F:\portableapps\freecivportable\app\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=f:\portableapps\freecivportable\app\freeciv\freeciv-server.exe |
"UDP Query User{D0F3EF3C-FFA2-4E32-9518-94E08AE116D5}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{04830D0F-F980-4EC0-89F1-594F2FD2A1B5}" = ElsterFormular 2008/2009
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{10ABE49D-343A-463E-9753-C4C5A05ECEF9}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{149BBCB8-674F-48D2-969C-9D0EA88DA7D6}" = HP User Guides 0129
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20aa4150-b5f4-11de-8a39-0800200c9a66}_is1" = KompoZer 0.8b3
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{279DB581-239C-4E13-97F8-0F48E40BE75C}" = Windows Live Messenger
"{30D3B7BC-5798-45D9-822D-05CA18F39E99}" = HPTCSSetup
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415CD877-0970-4CB6-B178-1E72F7DC60E7}" = MyScript HWR (German)
"{4723f199-fa64-4233-8e6e-9fccc95a18ee}" = Python 2.6.5
"{47E6A509-37B7-4440-A252-7031E9A898D7}" = SMART Notebook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D067FE4-F477-437A-BB66-F013721E9EB4}" = jAlbum
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{58AEE3E0-8746-11DD-81B6-000AE67E2618}_is1" = grafstat4
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{7B15D70E-9449-4CFB-B9BC-798465B2BD5C}" = Norton Internet Security
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = Mobile Partner Manager
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B455DA2A-531A-4456-BA1C-3534DD327EFE}" = CyberView X Multiple-Slides Scanner v1.18a
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB71A20E-B1B4-4562-81FA-33E1DBD0342F}" = ProtectSmart Hard Drive Protection
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{CEE2613D-3B53-4447-BA2D-E88C08272581}" = LibreOffice 3.3
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{EFC5939F-470F-454E-B3DA-F51FDD83F6CE}" = HP MediaSmart SmartMenu
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Blender" = Blender (remove only)
"ClipGrab" = ClipGrab 2.0 Beta 2
"conduitEngine" = Conduit Engine
"Derive 6" = Derive 6
"Designer 2.0_is1" = Designer 2.0
"Diercke Globus Online" = Diercke Globus Online
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DynaGeo_is1" = DynaGeo 3.1f
"ElsterFormular 11.5.1.4843" = ElsterFormular
"Exact Audio Copy" = Exact Audio Copy 0.99pb4
"FileZilla Client" = FileZilla Client 3.5.1
"Finale Reader" = Finale Reader 2011
"FKC22150706_is1" = fotokasten comfort
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder4.12" = Freecorder 4
"FreePDF_XP" = FreePDF (Remove only)
"GeoGebra" = GeoGebra
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hotpot_is1" = HotPotatoes v 6.3.0.4
"Hugin" = Hugin 2010.4.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"Jahshaka" = Jahshaka
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Logic Fun 4.8" = Logic Fun 4.8
"Matrox VFW Software Codecs" = Matrox VFW Software Codecs, build 28
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 6.0 (x86 de)" = Mozilla Firefox 6.0 (x86 de)
"MuseScore" = MuseScore 1.1 MuseScore score typesetter
"NVIDIA Drivers" = NVIDIA Drivers
"OpenLibraries" = OpenLibraries
"PDFtoMusic" = PDFtoMusic
"QuicktimeAlt_is1" = QuickTime Alternative 1.81
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VIACAD_is1" = VIACAD
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Freeciv-2.2.5-gtk2" = Freeciv 2.2.5 (GTK+ client)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.07.2010 05:16:45 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2010 05:16:45 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 17.07.2010 05:17:16 | Computer Name = Zerbinetta | Source = WinMgmt | ID = 10
Description =
Error - 18.07.2010 04:32:53 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.07.2010 04:32:53 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.07.2010 04:33:08 | Computer Name = Zerbinetta | Source = WinMgmt | ID = 10
Description =
Error - 18.07.2010 05:39:59 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.07.2010 05:39:59 | Computer Name = Zerbinetta | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 18.07.2010 05:40:19 | Computer Name = Zerbinetta | Source = WinMgmt | ID = 10
Description =
Error - 18.07.2010 06:32:15 | Computer Name = Zerbinetta | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18928, Zeitstempel
0x4bdfa327, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x8c00302e, Prozess-ID 0x7d8, Anwendungsstartzeit
01cb2663f1755db1.
[ OSession Events ]
Error - 08.02.2010 18:36:19 | Computer Name = Zerbinetta | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.09.2011 07:52:07 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 21.09.2011 08:32:47 | Computer Name = Zerbinetta | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
Error - 21.09.2011 08:34:20 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD/MMC Host Controller" (PCI\VEN_197B&DEV_2382&SUBSYS_30F4103C&REV_00\4&120488ab&0&01E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X SD Host Controller" (PCI\VEN_197B&DEV_2381&SUBSYS_30F4103C&REV_00\4&120488ab&0&02E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X MS Host Controller" (PCI\VEN_197B&DEV_2383&SUBSYS_30F4103C&REV_00\4&120488ab&0&03E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
Error - 21.09.2011 08:34:21 | Computer Name = Zerbinetta | Source = PlugPlayManager | ID = 12
Description = Das Gerät "JMB38X xD Host Controller" (PCI\VEN_197B&DEV_2384&SUBSYS_30F4103C&REV_00\4&120488ab&0&04E4)
wurde ohne vorbereitende Maßnahmen vom System entfernt.
< End of report >
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-13 19:01:39
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60ZAT0 rev.01.01A01
Running: pnfcozef.exe; Driver: C:\Users\Doro\AppData\Local\Temp\pxdoikog.sys
---- System - GMER 1.0.15 ----
SSDT 8D2E1776 ZwCreateSection
SSDT 8D2E177B ZwSetContextThread
SSDT 8D2E1717 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828B4998 4 Bytes [76, 17, 2E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 56D 828B4CF0 4 Bytes [7B, 17, 2E, 8D]
.text ntkrnlpa.exe!KeSetEvent + 621 828B4DA4 4 Bytes [17, 17, 2E, 8D]
C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0xA191341C]
.clc C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0xA1914000, 0x1000, 0xE0000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186b8b69c
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186b8b69c (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-09-21 12:53:57
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000BEVT-60ZAT0 rev.01.01A01
Running: fxelug8e.exe; Driver: C:\Users\Doro\AppData\Local\Temp\pxdoikog.sys
---- System - GMER 1.0.15 ----
SSDT 8E2AF97E ZwCreateSection
SSDT 8E2AF983 ZwSetContextThread
SSDT 8E2AF91F ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 215 828EA998 4 Bytes [7E, F9, 2A, 8E]
.text ntkrnlpa.exe!KeSetEvent + 56E 828EACF1 3 Bytes [F9, 2A, 8E]
.text ntkrnlpa.exe!KeSetEvent + 621 828EADA4 4 Bytes [1F, F9, 2A, 8E]
C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl entry point in "" section [0x80F1341C]
.clc C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl unknown last code section [0x80F14000, 0x1000, 0xE0000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186b8b69c
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186b8b69c (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Es wäre toll, wenn mit jemand helfen könnte! Vielen Dank schon im Voraus, Doro |
| Themen zu Langsamer PC, Systemabstürze, Fehlermeldungen (Windows Search Indexerstellung wurde geschlossen,u.a) |
| alternate, antivir, avira, bho, c:\windows\system32\rundll32.exe, clipgrab, computer, conduit, downloader, entfernen, error, excel, firefox, google, helper, hijack, home, hängen, iexplore.exe, intranet, launch, maus, maßnahme, microsoft office word, neustart., nvlddmkm.sys, plug-in, problem, realtek, security, senden, software, svchost.exe, system, system neu, vista, windows |
Baum-Darstellung