Home » Spyware & Browser Hijacker Support Forum » Hartnäckiger TR/Graftor eingefangen, stellt sich selbst wieder her » Themenansicht
Hartnäckiger TR/Graftor eingefangen, stellt sich selbst wieder her |
||
|---|---|---|
| #0
| ||
|
15.03.2012, 22:23
Member
Beiträge: 37 |
||
 
|
|
|
|
16.03.2012, 10:59
Member
Beiträge: 420 |
#2
Hi
Das sieht nach ZeroAccess aus  1. Lade aswmbr von avast! herunter http://public.avast.com/~gmerek/aswMBR.exe Starte das Programm wähle "Ja" bei der Frage nach avast-Engine. Klicke auf Scan Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (nichts "Fixen") |
|
|
|
|
|
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!
bitte erst » hier kostenlos registrieren!!
Folgende Themen könnten Dich auch interessieren:
Seite(n): 1
Copyright © 2024, Protecus.de - Protecus Team - Impressum / Mediadaten
Habe seit ca 2 Wochen das Problem, das a) der Rechner sehr langsam im Netz unterwegs ist, dazu gibt es auf diversen Seiten die ich besuche stets den Ton als wenn Windows irgendwas bestätigt, allerdings tut sich nichts auf dem Desktop. Dazu ohne Erlaubnis oder mein dazutun öffnet er neue Tabs mit super langen Pfaden, die Seite bleibt weiß.
Avira neu installiert, da sagt er mir, ich hätte den Trojaner TR/Graftor mit diversen Nummern dahinter... nach Löschvorgang baut er sich allerdings immer wieder selbst zusammen.
Hier das otl txt und extra txt:
OTL logfile created on: 15.03.2012 22:00:51 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Dokumente und Einstellungen\Gabriele\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 502,39 Mb Available Physical Memory | 49,49% Memory free
2,38 Gb Paging File | 1,94 Gb Available in Paging File | 81,24% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,99 Gb Total Space | 35,48 Gb Free Space | 44,36% Space Free | Partition Type: NTFS
Drive D: | 61,20 Gb Total Space | 53,47 Gb Free Space | 87,36% Space Free | Partition Type: NTFS
Computer Name: GABISBABY | User Name: Gabriele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.03.15 21:56:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gabriele\Desktop\OTL.exe
PRC - [2012.01.31 08:56:34 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.08.16 20:48:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.06.09 12:06:06 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2008.09.03 18:49:56 | 000,311,296 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
PRC - [2008.09.02 19:32:00 | 000,593,920 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008.09.02 19:28:14 | 000,106,496 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe
PRC - [2008.05.21 00:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe
PRC - [2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012.01.31 08:56:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.10.05 22:05:23 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.08.16 20:48:54 | 001,850,328 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.08.21 13:32:44 | 000,098,304 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2007.01.04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.01.31 08:56:33 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.01.31 08:56:33 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.08.13 20:50:10 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.18 12:06:58 | 000,106,624 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2009.08.18 12:06:58 | 000,059,648 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2009.08.18 12:06:58 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2009.04.09 12:38:32 | 000,110,592 | R--- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2009.04.09 12:38:32 | 000,105,344 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.04.09 12:38:32 | 000,104,960 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.04.09 12:38:32 | 000,007,680 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter.sys -- (massfilter)
DRV - [2009.03.08 16:21:59 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008.08.12 15:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.07.24 16:37:16 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.07.24 16:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.07.24 16:37:04 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.05.30 10:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.04.08 14:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008.03.28 16:38:16 | 000,625,024 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008.03.11 18:37:00 | 000,036,864 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008.03.10 17:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008.02.04 16:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008.02.04 16:57:30 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007.09.11 04:39:16 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hmvmdm.sys -- (MobileAdapter)
DRV - [2007.05.03 03:00:58 | 000,546,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2002.10.15 22:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.startup.homepage: "http://www.t-online.de"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Dokumente und Einstellungen\Gabriele\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.08.16 20:49:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.25 21:59:44 | 000,000,000 | ---D | M]
[2009.07.08 20:16:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Extensions
[2012.03.15 07:56:20 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\extensions
[2012.01.24 22:14:59 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.20 14:12:07 | 000,000,000 | ---D | M] (PitchDark) -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.04.09 15:44:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
[2010.03.02 13:32:42 | 000,002,299 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\bing.xml
[2012.03.08 04:44:31 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\icqplugin.xml
[2010.02.09 18:15:18 | 000,005,393 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\Search.xml
[2010.03.03 08:19:05 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\sweetim.xml
[2010.03.02 13:32:42 | 000,024,003 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\{28DF4DA4-223F-4A8C-BBCA-3D1F1C9CCC2E}.xml
[2010.03.02 13:32:42 | 000,002,486 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\{2B9C6529-0B97-4E92-8433-2A06C1DC3DD3}.xml
[2010.03.02 13:32:42 | 000,001,834 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\{489FB0B8-AB80-4B62-ACC9-72FFC24DC00C}.xml
[2010.03.02 13:32:42 | 000,002,152 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\{73D37304-D721-48EF-9DC4-ECD4609C6CCC}.xml
[2010.03.02 13:32:42 | 000,002,041 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Mozilla\Firefox\Profiles\iq6twpfg.default\searchplugins\{ED78C617-56BC-4828-A369-77E8608CF325}.xml
[2011.10.25 17:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.04.09 15:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.11 14:47:28 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Programme\Mozilla Firefox\extensions\{9ea24a38-f0ee-86cc-6480-aa19f148c7ab}(2)
[2011.05.12 20:04:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.05.25 20:28:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.21 23:07:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.10.25 17:52:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011.05.12 20:04:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.16 20:48:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.06 19:00:06 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.27 16:12:27 | 000,002,310 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011.05.06 19:00:06 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2010.03.02 13:33:25 | 000,001,779 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\clipfish.xml
[2010.03.02 13:33:25 | 000,001,013 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\conrad.xml
[2010.03.02 13:33:25 | 000,002,487 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\discount24.xml
[2011.05.06 19:00:06 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:00:06 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.03.02 13:33:25 | 000,001,047 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\musicload.xml
[2010.03.02 13:33:25 | 000,002,120 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\myvideo.xml
[2010.03.02 13:33:25 | 000,002,023 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\otto.xml
[2010.03.02 13:33:25 | 000,000,758 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\quelle.xml
[2010.03.02 13:33:25 | 000,001,329 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\telefonbuch-de.xml
[2011.05.06 19:00:06 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:00:06 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
[2010.03.02 13:33:25 | 000,005,375 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yodl.xml
O1 HOSTS File: ([2012.02.06 15:14:13 | 000,000,761 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\SuperHybridEngine.lnk = C:\Programme\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - mswsock.dll File not found
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} http://www.srtest.com/srl_bin/sysreqlab_ind.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0314BC46-8964-4E06-80DC-91D0B077FA68}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.11 15:19:26 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c3edfb2-5bce-11de-8f73-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{0c3edfb2-5bce-11de-8f73-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c3edfb2-5bce-11de-8f73-0022435e6960}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\windefence32.exe
O33 - MountPoints2\{0c3edfb2-5bce-11de-8f73-0022435e6960}\Shell\Open\command - "" = RECYCLER\S-1-5-21-1482476501-3352491937-682996330-1013\windefence32.exe
O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5151e45e-67bf-11dd-865e-806d6172696f}\Shell\AutoRun\command - "" = F:\setup.exe
O33 - MountPoints2\{7046a014-8d5e-11de-8fe2-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{7046a014-8d5e-11de-8fe2-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7046a014-8d5e-11de-8fe2-0022435e6960}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7046a015-8d5e-11de-8fe2-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{7046a015-8d5e-11de-8fe2-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7046a015-8d5e-11de-8fe2-0022435e6960}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{7462f068-9cd8-11e0-936e-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{7462f068-9cd8-11e0-936e-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7462f068-9cd8-11e0-936e-0022435e6960}\Shell\AutoRun\command - "" = E:\DIYWriter.exe
O33 - MountPoints2\{90c7d2da-56c8-11de-8f6d-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{90c7d2da-56c8-11de-8f6d-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{90c7d2da-56c8-11de-8f6d-0022435e6960}\Shell\AutoRun\command - "" = E:\VFPcAssistant.exe
O33 - MountPoints2\{a77bc6fa-6585-11de-8f87-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{a77bc6fa-6585-11de-8f87-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a77bc6fa-6585-11de-8f87-0022435e6960}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a77bc6fb-6585-11de-8f87-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{a77bc6fb-6585-11de-8f87-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a77bc6fb-6585-11de-8f87-0022435e6960}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ac286a52-64cf-11de-8f82-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{ac286a52-64cf-11de-8f82-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac286a52-64cf-11de-8f82-0022435e6960}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{ac75c4fe-9fae-11de-900b-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{ac75c4fe-9fae-11de-900b-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ac75c4fe-9fae-11de-900b-0022435e6960}\Shell\AutoRun\command - "" = E:\setup.exe AUTORUN=1
O33 - MountPoints2\{e40aedaf-649d-11df-9125-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{e40aedaf-649d-11df-9125-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e40aedaf-649d-11df-9125-0022435e6960}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{ec6875bc-443d-11de-8f4c-0022435e6960}\Shell - "" = AutoRun
O33 - MountPoints2\{ec6875bc-443d-11de-8f4c-0022435e6960}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ec6875bc-443d-11de-8f4c-0022435e6960}\Shell\AutoRun\command - "" = E:\VFPcAssistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "MSIServer"
MsConfig - Services: "mnmsrvc"
MsConfig - Services: "Lavasoft Ad-Aware Service"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^ICQ-Tools.de Launcher.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^McAfee Security Scan Plus.lnk - C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Gabriele^Startmenü^Programme^Autostart^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: a-squared - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Eraser - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MobileConnect - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Programme\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: RegistryBooster - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SimpleScreenshot - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Programme\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012.03.15 21:56:30 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gabriele\Desktop\OTL.exe
[2012.03.15 09:08:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Avira
[2012.03.15 09:03:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2012.03.15 09:02:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2012.03.15 09:02:55 | 000,137,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.03.15 09:02:55 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2012.03.15 09:02:53 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2012.03.15 09:02:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2012.03.12 15:16:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Sun
[2012.03.12 15:06:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2012.03.12 15:06:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2012.02.26 14:14:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabriele\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2012.02.20 20:38:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Casual Box
[2012.02.20 14:42:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HijackThis
[2012.02.17 14:24:00 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Gabriele\IETldCache
[2012.02.17 14:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2012.02.17 08:19:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2012.02.17 08:17:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012.03.15 21:56:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Gabriele\Desktop\OTL.exe
[2012.03.15 21:28:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.15 20:30:11 | 000,001,030 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-229824946-744880041-4251956847-1006UA.job
[2012.03.15 16:09:13 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.15 14:30:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-229824946-744880041-4251956847-1006Core.job
[2012.03.15 09:03:20 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.15 07:10:28 | 000,304,416 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.03.14 23:59:50 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.03.13 10:31:43 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.03.10 07:04:29 | 000,031,758 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Desktop\bookmarks-2012-03-10.json
[2012.03.05 17:12:55 | 000,000,012 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\gamesave.bin
[2012.03.05 17:00:14 | 000,000,418 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\log.html
[2012.03.05 15:40:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.28 22:36:43 | 000,000,138 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\default.pls
[2012.02.25 21:59:45 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.02.24 19:29:40 | 023,404,180 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\3642181899Neurologie.pdf
[2012.02.20 14:42:37 | 000,001,698 | ---- | M] () -- C:\Dokumente und Einstellungen\Gabriele\Desktop\HijackThis.lnk
[2012.02.20 14:13:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.02.17 08:06:45 | 000,429,958 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.17 08:06:45 | 000,412,904 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.17 08:06:45 | 000,079,786 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.17 08:06:45 | 000,066,044 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012.03.15 09:03:20 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2012.03.12 15:20:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.03.10 07:04:28 | 000,031,758 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriele\Desktop\bookmarks-2012-03-10.json
[2012.03.05 17:12:55 | 000,000,012 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriele\gamesave.bin
[2012.03.05 17:00:14 | 000,000,418 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriele\log.html
[2012.02.25 21:59:45 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader X.lnk
[2012.02.25 21:59:44 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2012.02.25 20:03:07 | 023,404,180 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\3642181899Neurologie.pdf
[2012.02.20 14:42:37 | 000,001,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriele\Desktop\HijackThis.lnk
[2012.02.17 14:24:08 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Gabriele\Startmenü\Programme\Internet Explorer.lnk
[2012.02.16 16:28:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.16 16:28:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2011.11.06 21:32:30 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.02.27 18:09:22 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011.02.27 18:09:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011.02.27 18:09:22 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Lffpx90n.dll
[2010.09.01 07:45:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\{E3B99F3D-9856-482A-9048-305E28E2510C}.ini
[2010.09.01 07:39:06 | 000,000,218 | ---- | C] () -- C:\WINDOWS\{E3B99F3D-9856-482A-9048-305E28E2510C}.ini
[color=#E56717]========== LOP Check ==========[/color]
[2009.10.02 10:13:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aliasworlds
[2009.07.21 11:53:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Awem
[2011.11.06 21:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2009.05.19 07:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2009.02.09 22:46:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2010.10.24 11:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fighters
[2010.04.09 15:48:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.02.10 00:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Intenium
[2010.01.05 19:06:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2009.11.06 22:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2009.03.17 15:41:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Recisio
[2009.09.01 16:14:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games
[2009.10.21 20:38:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenSeven
[2012.02.20 20:39:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.09.29 21:02:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TERMINAL Studio
[2010.05.21 19:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.11.16 19:14:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vodafone
[2009.03.07 21:41:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom
[2010.04.09 15:47:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}
[2010.05.21 18:40:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011.11.23 13:05:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\.minecraft
[2009.06.30 14:37:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Ancient Quest of Saqqarah__bfg
[2009.02.27 17:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Ancient Quest of Saqqarah__cminion
[2009.10.26 08:35:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\ASCOMP Software
[2011.11.06 21:32:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Babylon
[2010.01.05 19:26:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Beauty
[2012.02.20 20:38:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Casual Box
[2009.03.06 16:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\cerasus.media
[2012.01.25 17:06:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\DVDVideoSoft
[2012.01.25 17:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\DVDVideoSoftIEHelpers
[2009.06.30 14:07:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\EPSON
[2011.04.25 20:19:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Exsaut
[2012.03.14 08:39:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\ICQ
[2009.02.09 21:51:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\InterVideo
[2009.09.10 15:26:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\MagicBall4
[2009.02.27 17:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\MagicMatch
[2010.01.05 19:21:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\MakeUpPilot
[2010.04.09 15:48:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\McLoad
[2009.09.10 14:06:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\md studio
[2009.11.06 22:29:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\NCH Swift Sound
[2009.11.09 12:05:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\OCS
[2011.05.12 20:15:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\OpenOffice.org
[2009.11.09 12:05:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Opera
[2010.05.31 14:00:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Playrix Entertainment
[2009.03.09 13:21:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Registry Cleaner
[2009.02.27 16:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Saqqarah
[2009.05.08 17:00:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\SimpleScreenshot
[2009.02.27 17:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\StoneLoops!
[2009.03.20 18:57:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\TuneUp Software
[2011.04.16 23:25:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Ucah
[2010.08.22 21:19:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Uniblue
[2010.05.21 07:01:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Gabriele\Anwendungsdaten\Vodafone
[2012.03.15 14:30:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-229824946-744880041-4251956847-1006Core.job
[2012.03.15 20:30:11 | 000,001,030 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-229824946-744880041-4251956847-1006UA.job
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Custom Scans ==========[/color]
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2009.10.22 20:49:32 | 000,000,000 | ---D | M] -- C:\02efa6075de7a200146ae0
[2010.06.29 09:02:09 | 000,000,000 | ---D | M] -- C:\32a536e3958d219cd3c2c6
[2009.10.22 20:41:15 | 000,000,000 | ---D | M] -- C:\43114a310254799654bfdc77
[2012.03.15 12:00:58 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.09.14 17:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.02.25 19:54:11 | 000,000,000 | ---D | M] -- C:\Downloads
[2009.11.18 21:41:17 | 000,000,000 | ---D | M] -- C:\Drivers
[2008.08.11 16:57:31 | 000,000,000 | ---D | M] -- C:\Intel
[2009.02.10 12:50:59 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.03.15 09:02:53 | 000,000,000 | ---D | M] -- C:\Programme
[2009.02.09 21:25:25 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2009.02.10 02:40:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.11.08 17:00:22 | 000,000,000 | ---D | M] -- C:\temp
[2012.03.15 08:51:12 | 000,000,000 | ---D | M] -- C:\WINDOWS
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[2008.05.07 15:34:00 | 015,523,560 | ---- | M] (Macrovision Corporation) -- C:\Programme\U1 Setup.exe
Invalid Environment Variable: LOCALAPPDATA
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\I386\REGEDIT.EXE
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\system32\dllcache\regedit.exe
[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-03-15 11:00:59
[color=#E56717]========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========[/color]
[C:\WINDOWS\$NtUninstallKB25895$] -> Error: Cannot create file handle -> Unknown point type
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 121 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:20C3AB27
@Alternate Data Stream - 117 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:E6708F08
< End of report >
OTL Extras logfile created on: 15.03.2012 22:00:51 - Run 1
OTL by OldTimer - Version 3.2.37.0 Folder = C:\Dokumente und Einstellungen\Gabriele\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 502,39 Mb Available Physical Memory | 49,49% Memory free
2,38 Gb Paging File | 1,94 Gb Available in Paging File | 81,24% Paging File free
Paging file location(s): C:\pagefile.sys 1522 1522 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 79,99 Gb Total Space | 35,48 Gb Free Space | 44,36% Space Free | Partition Type: NTFS
Drive D: | 61,20 Gb Total Space | 53,47 Gb Free Space | 87,36% Space Free | Partition Type: NTFS
Computer Name: GABISBABY | User Name: Gabriele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"57014:TCP" = 57014:TCP:*:Enabled:emule
"25741:UDP" = 25741:UDP:*:Enabled:emule
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Programme\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"C:\Programme\Easy Web Cam\easywebcam.exe" = C:\Programme\Easy Web Cam\easywebcam.exe:*
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*
"C:\Programme\ICQ7.4\ICQ.exe" = C:\Programme\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4 -- (ICQ, LLC.)
"C:\Dokumente und Einstellungen\Gabriele\Desktop\SweetImSetup.exe" = C:\Dokumente und Einstellungen\Gabriele\Desktop\SweetImSetup.exe:*:Enabled:SweetIM Installer
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher
"C:\Programme\World of Warcraft\Launcher.patch.exe" = C:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\World of Warcraft\BackgroundDownloader.exe" = C:\Programme\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader
"C:\Dokumente und Einstellungen\Gabriele\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe" = C:\Dokumente und Einstellungen\Gabriele\Lokale Einstellungen\Anwendungsdaten\Facebook\Video\Skype\FacebookVideoCalling.exe:*:Enabled:Facebook Video Calling Plugin -- (Skype Limited)
"C:\Dokumente und Einstellungen\Gabriele\Eigene Dateien\Spiele\Jazz2\Jazz2.exe" = C:\Dokumente und Einstellungen\Gabriele\Eigene Dateien\Spiele\Jazz2\Jazz2.exe:*
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5C52CED3-D45C-4DA9-932F-B91BD44BB461}" = Adabas D 13.01.00
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6E4DAE31-7CF3-441A-B6E5-B014D63C80CD}" = Eee Instant Key
"{70AB1576-7883-2313-C650-7A71270B1031}" = Nero 7 Ultra Edition
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90260407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office XP Web Components
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CleanUp!" = CleanUp!
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.15.1228
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"KaraFun_is1" = KaraFun 1.18
"MAGIX FunPix Maker D" = MAGIX FunPix Maker 1.0.0.0 (D)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"QuickTime" = QuickTime
"Secure Eraser_is1" = Secure Eraser v3.1
"SimpleScreenshot" = SimpleScreenshot 1.40
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 0.9.8a
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner Free 5.53
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"YTdetect" = Yahoo! Detect
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab PDF Creator" = FoxTab PDF Creator
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
[ Application Events ]
Error - 10.03.2012 18:17:05 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 10.03.2012 19:26:25 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 11.03.2012 18:43:01 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 12.03.2012 00:54:20 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 12.03.2012 02:11:52 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 12.03.2012 06:00:15 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 12.03.2012 17:34:49 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 13.03.2012 00:59:52 | Computer Name = GABISBABY | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung , Version 0.0.0.0, fehlgeschlagenes Modul
unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 15.03.2012 12:11:40 | Computer Name = GABISBABY | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 15.03.2012 16:28:34 | Computer Name = GABISBABY | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 15.03.2012 14:56:54 | Computer Name = GABISBABY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066
Error - 15.03.2012 14:56:57 | Computer Name = GABISBABY | Source = Workstation | ID = 5727
Description = Gerätetreiber RDR konnte nicht geladen werden.
Error - 15.03.2012 14:57:00 | Computer Name = GABISBABY | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
Fehler beendet: 2250 (0x8CA).
Error - 15.03.2012 14:57:00 | Computer Name = GABISBABY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066
Error - 15.03.2012 16:28:26 | Computer Name = GABISBABY | Source = Workstation | ID = 5727
Description = Gerätetreiber RDR konnte nicht geladen werden.
Error - 15.03.2012 16:29:26 | Computer Name = GABISBABY | Source = Workstation | ID = 5727
Description = Gerätetreiber RDR konnte nicht geladen werden.
Error - 15.03.2012 16:29:56 | Computer Name = GABISBABY | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
Fehler beendet: 2250 (0x8CA).
Error - 15.03.2012 16:29:56 | Computer Name = GABISBABY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066
Error - 15.03.2012 16:29:56 | Computer Name = GABISBABY | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Arbeitsstationsdienst" wurde mit folgendem dienstspezifischem
Fehler beendet: 2250 (0x8CA).
Error - 15.03.2012 16:29:56 | Computer Name = GABISBABY | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Arbeitsstationsdienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1066
< End of report >
Ach ja, der letzte Pfad des angezeigten Trojaners war: Die Datei 'C:\WINDOWS\system32\drivers\mrxsmb.sys'
enthielt einen Virus oder unerwünschtes Programm 'TR/Graftor.1739325' [trojan].
Hoffe ihr könnt mir helfen...
Danke Gabi