| |
| |||||||
Log-Analyse und Auswertung: Nach lautem Piepton geht nichts mehrWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
01.08.2011, 09:04
| #1 |
 |  Nach lautem Piepton geht nichts mehr Guten Morgen! Ich hab seit längerem das Problem, zwar nicht oft, aber immer wieder, dass mein Laptop einen lauten Piepton von sich gibt und dann nichts mehr geht. Auch lädt er sich oft nicht richtig hoch, sondern bleibt bei dem Fenster stehen, in dem zwischen abgesichertem oder normalem Modus gewählt werden kann. Als Virenprogramm benutze ich Avira. Das hat bei mir vor zwei Wochen Malware oder Ähnliches auf dem Rechner geortet In der Datei 'C:\Users\Anette\AppData\Local\Temp\CSMECD3.tmp' wurde ein Virus oder unerwünschtes Programm 'ADWARE/Agent.205440' [adware] gefunden. Ausgeführte Aktion: Zugriff erlauben Jetzt habe ich eure Schritte befolgt und die Logfiles erstellt: OTL.TxtOTL Logfile: Code:
ATTFilter OTL logfile created on: 31.07.2011 22:17:25 - Run 2 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Anette\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,40% Memory free 6,20 Gb Paging File | 5,10 Gb Available in Paging File | 82,37% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 72,76 Gb Free Space | 48,82% Space Free | Partition Type: NTFS Drive D: | 137,32 Gb Total Space | 119,82 Gb Free Space | 87,25% Space Free | Partition Type: NTFS Drive E: | 3,58 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HEIM-PC | User Name: Anette | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Anette\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files\XSManager\WTGService.exe () PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files\VIA\VIAudioi\VDeck\VDECK.EXE (VIA) PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\audiodg.exe (Microsoft Corporation) PRC - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.) PRC - C:\Program Files\ASUS\ATK Hotkey\HControl.exe (ASUS) PRC - C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files\ASUS\SmartLogon\smartlogon.exe (ASUS) PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS) PRC - C:\Program files\P4G\BatteryLife.exe (ATK) PRC - C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe (ASUS) PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) PRC - C:\Program Files\ASUS\ATK Hotkey\MsgTranAgt.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\KBFiltr.exe (ASUS) PRC - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe () PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe () PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK) ========== Modules (SafeList) ========== MOD - C:\Users\Anette\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Elantech\ETDApix.dll (ELAN Microelectronic Corp.) ========== Win32 Services (SafeList) ========== SRV - (Norton Internet Security) -- File not found SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (MAGIX StartUp Analyze Service) -- C:\Program Files\MAGIX\PC_Check_Tuning_Free_2011\MXSAS.exe (MAGIX AG) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe () SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (SRS_VolSync_Service) -- C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe (SRS Labs, Inc.) SRV - (ASLDRService) -- C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe () SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe () SRV - (AVM IGD CTRL Service) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector) DRV - (smsbda) -- C:\Windows\System32\drivers\smsbda.sys (Siano) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (ASUSTek Computer Inc) DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV - (SRS_PremiumSound_Service) -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys () DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( ) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider) DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices Inc.) DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.) DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia) DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (CRFILTER) -- C:\Windows\System32\drivers\CRFILTER.sys (Generic) DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys () DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.searchcompletion.com/?si=10195&home=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = hxxp://search.searchcompletion.com/?si=10195&home=1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Complitly" FF - prefs.js..browser.search.defaultenginename: "Complitly" FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo" FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Complitly" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:3.3.3.2 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js..keyword.URL: "hxxp://search.searchcompletion.com/?bs=1&si=10195&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.08 09:45:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.31 09:57:43 | 000,000,000 | ---D | M] [2010.10.31 23:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anette\AppData\Roaming\mozilla\Extensions [2011.07.31 19:01:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions [2011.07.13 20:39:02 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2011.06.28 23:20:38 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2011.07.02 19:10:13 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.07.31 19:01:19 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.06.02 02:37:49 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.10 14:13:28 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@conduit.com [2011.06.02 02:48:02 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\engine@plasmoo.com [2011.05.13 12:44:50 | 000,000,000 | ---D | M] (Gutscheinrausch.de) -- C:\Users\Anette\AppData\Roaming\mozilla\Firefox\Profiles\3v3ywhrc.default\extensions\mail@gutscheinrausch.de [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Anette\AppData\Roaming\Mozilla\Firefox\Profiles\3v3ywhrc.default\searchplugins\plasmoo.xml [2011.07.30 22:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.05.01 21:36:21 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.07.01 11:25:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011.07.13 20:37:33 | 000,000,000 | ---D | M] (eBay-Toolbar by AB-Tools.com) -- C:\Program Files\mozilla firefox\extensions\toolbarebay@ab-tools.com File not found (No name found) -- () (No name found) -- C:\USERS\ANETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V3YWHRC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\ANETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V3YWHRC.DEFAULT\EXTENSIONS\CIUVO-EXTENSION@BILLIGER.DE.XPI () (No name found) -- C:\USERS\ANETTE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3V3YWHRC.DEFAULT\EXTENSIONS\FINDER@MEINGUTSCHEINCODE.DE.XPI [2010.11.02 10:50:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.06.27 22:28:13 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.07.01 11:25:03 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.08 12:24:04 | 000,103,168 | ---- | M] (Midasplayer Ltd) -- C:\Program Files\mozilla firefox\plugins\npmidas.dll [2011.07.11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.07.13 20:39:00 | 000,003,195 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Complitly.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Anette\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Winload Toolbar) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - C:\Program Files\Winload\prxtbWinl.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files\ASUS\Wireless Console 3\wcourier.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Anette\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Anette\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {B2A5AE26-618F-7FAA-A70C-2F9D1FCE0A36} - Browser Customizations ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{567C654B-7FE9-4970-8323-56E8191D1941}\_71A97E24F422AA49EDBF39.exe - () MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\PROGRA~1\MCAFEE~1\20DEB9~1.181\SSSCHE~1.EXE - (McAfee, Inc.) MsConfig - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.) MsConfig - StartUpReg: ASUS Camera ScreenSaver - hkey= - key= - C:\Windows\AsScrProlog.exe () MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig - StartUpReg: ATKMEDIA - hkey= - key= - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUS) MsConfig - StartUpReg: ATKOSD2 - hkey= - key= - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) MsConfig - StartUpReg: CloneCDTray - hkey= - key= - File not found MsConfig - StartUpReg: DisableS3S4 - hkey= - key= - File not found MsConfig - StartUpReg: EA Core - hkey= - key= - File not found MsConfig - StartUpReg: HControlUser - hkey= - key= - C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe (ASUS) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.07.31 00:11:48 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\dvdcss [2011.07.30 23:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011.07.30 23:35:07 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.07.30 23:13:34 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\MAGIX [2011.07.30 23:06:30 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\MAGIX_MxTray [2011.07.30 22:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\OnDemandDump [2011.07.30 22:58:04 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\CrashLog [2011.07.30 22:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2011.07.30 22:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2011.07.30 22:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX [2011.07.30 22:40:45 | 000,000,000 | ---D | C] -- C:\Users\Anette\Desktop\Desktop\Bilder [2011.07.30 22:38:08 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.07.25 23:26:46 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\vlc [2011.07.25 23:25:14 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2011.07.16 20:58:06 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\updater4g [2011.07.16 20:54:10 | 000,311,976 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\updater4g.exe [2011.07.16 20:54:10 | 000,159,912 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe [2011.07.16 20:54:07 | 000,052,128 | ---- | C] (Siano) -- C:\Windows\System32\drivers\smsbda.sys [2011.07.16 20:54:06 | 000,133,120 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_netamd.sys [2011.07.16 20:54:06 | 000,118,272 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_seramd.sys [2011.07.16 20:54:06 | 000,112,640 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_net32.sys [2011.07.16 20:54:06 | 000,103,680 | ---- | C] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_ser32.sys [2011.07.16 20:54:06 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\XSManager [2011.07.16 20:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager [2011.07.16 20:46:50 | 000,103,424 | ---- | C] (Mobile Connector) -- C:\Windows\System32\drivers\cmnsusbser.sys [2011.07.16 20:46:50 | 000,019,488 | ---- | C] (Siano) -- C:\Windows\System32\smsprops.dll [2011.07.16 20:46:48 | 000,000,000 | ---D | C] -- C:\Program Files\XSManager [2011.07.13 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Complitly [2011.07.13 20:38:57 | 000,000,000 | ---D | C] -- C:\Program Files\Complitly [2011.07.13 20:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SearchOnline [2011.07.13 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ahnenblatt [2011.07.13 20:38:25 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\Ahnenblatt [2011.07.13 20:38:20 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Ahnenblatt [2011.07.13 20:38:20 | 000,000,000 | ---D | C] -- C:\Program Files\Ahnenblatt [2011.07.13 20:37:52 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\SchnellSchreiben [2011.07.13 20:37:31 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\ABToolsToolbarEBay [2011.07.13 20:37:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Schnell Schreiben [2011.07.13 20:37:27 | 000,000,000 | ---D | C] -- C:\Program Files\AB-Tools.com [2011.07.13 20:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaloMa [2011.07.13 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\KaloMa [2011.07.13 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Anette\Documents\My Games [2011.07.13 20:17:51 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\My Games [2011.07.13 19:54:26 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games [2011.07.13 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Avira [2011.07.13 19:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.07.13 19:42:51 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2011.07.13 19:42:50 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.13 19:42:50 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.13 19:42:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.07.13 19:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2011.07.13 18:18:00 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\Winload [2011.07.13 18:17:55 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Local\ConduitEngine [2011.07.13 18:17:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes [2011.07.13 10:10:49 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\CyberLink [2011.07.13 10:00:15 | 000,722,416 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys [2011.07.13 09:59:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120% [2011.07.13 09:59:20 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft [2011.07.13 00:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\billigerde [2011.07.08 09:45:18 | 000,086,016 | ---- | C] (MindVision) -- C:\Windows\unvise32qt.exe [2011.07.08 09:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.07.08 09:43:18 | 000,000,000 | ---D | C] -- C:\Windows\System32\QuickTime [2011.07.08 09:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2011.07.08 09:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\QuickTime [2011.07.06 21:10:13 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.07.06 15:21:51 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs [2011.07.06 14:16:03 | 000,000,000 | ---D | C] -- C:\COKTEL [2011.07.06 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\Anette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Multimedia [2011.07.06 11:26:34 | 000,015,840 | ---- | C] (Thuridion Software Engineering, Inc.) -- C:\Windows\System\PICCLIP.VBX [2011.07.06 11:26:31 | 000,000,000 | ---D | C] -- C:\Windows\MSAPPS [2011.07.06 11:26:21 | 000,000,000 | ---D | C] -- C:\ENCARTA [2011.07.06 11:14:05 | 000,298,496 | ---- | C] (InstallShield Corporation, Inc.) -- C:\Windows\uninst.exe [2008.11.03 09:03:27 | 000,013,880 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys [2 C:\Users\Anette\Desktop\Desktop\*.tmp files -> C:\Users\Anette\Desktop\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.07.31 22:12:57 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCCT - MAGIX AG.job [2011.07.31 22:10:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.07.31 22:10:55 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.07.31 22:10:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.07.31 22:10:32 | 3220,299,776 | -HS- | M] () -- C:\hiberfil.sys [2011.07.31 09:58:59 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe [2011.07.31 01:13:45 | 000,000,020 | ---- | M] () -- C:\Users\Anette\defogger_reenable [2011.07.31 01:04:48 | 000,002,531 | ---- | M] () -- C:\Users\Anette\Desktop\Desktop\HiJackThis.lnk [2011.07.31 00:05:34 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.07.31 00:05:34 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.07.31 00:05:34 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.07.31 00:05:34 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.07.30 22:58:01 | 000,000,949 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX PC Check & Tuning Free 2011.lnk [2011.07.30 22:17:29 | 000,018,944 | ---- | M] () -- C:\Users\Anette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.07.26 09:43:01 | 000,000,104 | ---- | M] () -- C:\Users\Anette\Desktop\Desktop\Papierkorb - Verknüpfung.lnk [2011.07.16 20:46:51 | 000,101,056 | ---- | M] () -- C:\Windows\System32\drivers\dvb_nova_12mhz_b0.inp [2011.07.16 20:46:51 | 000,092,456 | ---- | M] () -- C:\Windows\System32\drivers\isdbt_nova_12mhz_b0.inp [2011.07.16 20:46:51 | 000,079,036 | ---- | M] () -- C:\Windows\System32\drivers\tdmb_nova_12mhz_b0.inp [2011.07.16 20:46:51 | 000,000,040 | ---- | M] () -- C:\Windows\System32\drivers\smsbda.cfg [2011.07.16 20:46:50 | 000,103,424 | ---- | M] (Mobile Connector) -- C:\Windows\System32\drivers\cmnsusbser.sys [2011.07.16 20:46:50 | 000,052,128 | ---- | M] (Siano) -- C:\Windows\System32\drivers\smsbda.sys [2011.07.16 20:46:50 | 000,019,488 | ---- | M] (Siano) -- C:\Windows\System32\smsprops.dll [2011.07.16 20:46:49 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_seramd.sys [2011.07.16 20:46:49 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_ser32.sys [2011.07.16 20:46:48 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_netamd.sys [2011.07.16 20:46:48 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\Windows\System32\drivers\cm_net32.sys [2011.07.15 23:29:52 | 000,771,698 | ---- | M] () -- C:\Users\Anette\Documents\Anleitung Gutscheine Schlecker-com.pdf [2011.07.14 19:37:21 | 000,379,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.07.13 19:46:18 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.07.13 19:46:18 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2011.07.13 18:17:55 | 000,000,166 | -HS- | M] () -- C:\ProgramData\.zreglib [2011.07.13 16:10:04 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.07.08 10:17:08 | 000,000,000 | ---- | M] () -- C:\Users\Public\Documents\PCD549.L!C [2011.07.06 11:26:36 | 000,000,294 | ---- | M] () -- C:\Windows\encarta.ini [2011.07.06 11:26:33 | 000,210,944 | ---- | M] () -- C:\Windows\System32\MSVCRT10.DLL [2011.07.06 11:26:33 | 000,065,692 | ---- | M] () -- C:\Windows\System\ARIAL.TTF [2011.07.06 11:26:33 | 000,064,516 | ---- | M] () -- C:\Windows\System\SYMBOL.TTF [2 C:\Users\Anette\Desktop\Desktop\*.tmp files -> C:\Users\Anette\Desktop\Desktop\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.07.31 01:13:20 | 000,000,020 | ---- | C] () -- C:\Users\Anette\defogger_reenable [2011.07.30 23:35:07 | 000,002,531 | ---- | C] () -- C:\Users\Anette\Desktop\Desktop\HiJackThis.lnk [2011.07.30 22:58:05 | 000,000,416 | ---- | C] () -- C:\Windows\tasks\PCCT - MAGIX AG.job [2011.07.30 22:58:01 | 000,000,949 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX PC Check & Tuning Free 2011.lnk [2011.07.26 09:42:41 | 000,000,104 | ---- | C] () -- C:\Users\Anette\Desktop\Desktop\Papierkorb - Verknüpfung.lnk [2011.07.16 20:54:06 | 000,101,056 | ---- | C] () -- C:\Windows\System32\drivers\dvb_nova_12mhz_b0.inp [2011.07.16 20:54:06 | 000,092,456 | ---- | C] () -- C:\Windows\System32\drivers\isdbt_nova_12mhz_b0.inp [2011.07.16 20:54:06 | 000,079,036 | ---- | C] () -- C:\Windows\System32\drivers\tdmb_nova_12mhz_b0.inp [2011.07.16 20:54:06 | 000,000,040 | ---- | C] () -- C:\Windows\System32\drivers\smsbda.cfg [2011.07.15 23:29:52 | 000,771,698 | ---- | C] () -- C:\Users\Anette\Documents\Anleitung Gutscheine Schlecker-com.pdf [2011.07.13 16:10:04 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf [2011.07.08 10:17:08 | 000,000,000 | ---- | C] () -- C:\Users\Public\Documents\PCD549.L!C [2011.07.06 11:26:34 | 000,022,532 | ---- | C] () -- C:\Windows\System\SPUSH.VBX [2011.07.06 11:26:34 | 000,011,264 | ---- | C] () -- C:\Windows\CATSTUB.EXE [2011.07.06 11:26:34 | 000,000,294 | ---- | C] () -- C:\Windows\encarta.ini [2011.07.06 11:26:33 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL [2011.07.06 11:26:33 | 000,065,692 | ---- | C] () -- C:\Windows\System\ARIAL.TTF [2011.07.06 11:26:33 | 000,064,516 | ---- | C] () -- C:\Windows\System\SYMBOL.TTF [2011.05.09 22:36:42 | 000,000,166 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.05.01 21:37:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.04.29 23:10:12 | 000,032,608 | ---- | C] () -- C:\Windows\king-uninstall.exe [2011.04.27 20:00:39 | 000,000,019 | ---- | C] () -- C:\Windows\Benrep.ini [2011.04.24 09:22:17 | 000,000,680 | ---- | C] () -- C:\Users\Anette\AppData\Local\d3d9caps.dat [2011.02.15 15:40:38 | 000,000,042 | ---- | C] () -- C:\Windows\SIMTOWN.INI [2010.12.14 22:00:54 | 000,000,141 | ---- | C] () -- C:\Windows\disney.ini [2010.11.17 21:43:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2010.11.17 21:43:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2010.11.17 21:43:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2010.11.17 21:43:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2010.11.17 21:43:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2010.11.17 21:43:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2010.11.17 21:43:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2010.11.17 21:43:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2010.11.17 21:43:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2010.11.17 21:43:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2010.11.17 21:43:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2010.11.17 21:43:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2010.11.17 21:43:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2010.11.17 21:43:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2010.11.17 21:43:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2010.11.17 21:43:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2010.11.17 21:43:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2010.11.17 21:43:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2010.11.17 21:43:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2010.11.17 21:19:57 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2010.11.14 13:32:24 | 000,000,032 | ---- | C] () -- C:\Windows\Milli2.ini [2010.11.01 11:27:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.11.01 11:27:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.10.25 21:51:51 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini [2010.10.25 21:47:18 | 000,018,944 | ---- | C] () -- C:\Users\Anette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.18 02:45:49 | 000,045,056 | ---- | C] () -- C:\Windows\System32\acovcnt.exe [2009.08.18 02:37:14 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe [2009.08.18 02:34:49 | 000,233,128 | ---- | C] () -- C:\Windows\System32\drivers\SRS_PremiumSound_i386.sys [2009.08.18 02:30:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.08.18 01:37:50 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.03.19 04:16:09 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.01.08 20:25:27 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2008.10.30 00:54:39 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2008.10.21 17:39:59 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2008.10.21 17:39:59 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2008.10.14 23:57:58 | 000,106,496 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll [2008.08.11 04:14:11 | 001,752,704 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg [2008.05.12 05:20:31 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.04.16 13:11:34 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.04.16 13:11:34 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.04.16 13:11:34 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.04.16 13:11:34 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2008.04.16 12:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini [2008.04.07 08:00:45 | 000,005,120 | ---- | C] () -- C:\Windows\System32\CRFILTER.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,379,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2000.02.10 01:00:00 | 000,047,104 | ---- | C] () -- C:\Windows\System32\wrkgadm.exe [2000.02.10 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL ========== LOP Check ========== [2011.07.13 20:37:33 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\ABToolsToolbarEBay [2011.07.31 09:57:45 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Ahnenblatt [2011.06.13 01:48:10 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Audacity [2011.07.13 20:38:57 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Complitly [2010.12.05 16:36:21 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2010.12.14 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Desperate Housewives [2011.06.02 02:46:31 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\DVDVideoSoft [2011.06.02 02:47:56 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\DVDVideoSoftIEHelpers [2010.12.06 15:46:52 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\FRITZ! [2010.12.07 11:26:07 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\FRITZ!fax für FRITZ!Box [2011.02.18 23:35:40 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\InterTrust [2011.07.30 23:13:34 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\MAGIX [2011.05.13 12:44:26 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\OpenCandy [2011.01.27 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\PhotoScape [2011.06.08 11:32:21 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\PixelPlanet [2011.07.01 11:23:47 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\Pogo Games [2011.07.13 20:38:58 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\SchnellSchreiben [2011.07.16 22:01:36 | 000,000,000 | ---D | M] -- C:\Users\Anette\AppData\Roaming\XSManager [2011.07.31 22:12:57 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCCT - MAGIX AG.job [2011.07.31 22:09:27 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.25 21:45:41 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2009.08.18 02:46:01 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT [2011.07.30 23:32:33 | 000,000,000 | -HSD | M] -- C:\Boot [2011.07.06 14:16:03 | 000,000,000 | ---D | M] -- C:\COKTEL [2011.07.30 23:38:27 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.07.06 11:26:53 | 000,000,000 | ---D | M] -- C:\ENCARTA [2011.06.23 20:08:20 | 000,000,000 | ---D | M] -- C:\hegames [2011.04.27 20:00:38 | 000,000,000 | ---D | M] -- C:\KIDDINX [2009.08.18 01:28:54 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.07.30 23:35:07 | 000,000,000 | R--D | M] -- C:\Program Files [2011.07.30 22:57:35 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.02.17 23:44:48 | 000,000,000 | ---D | M] -- C:\Programme [2011.02.15 15:41:00 | 000,000,000 | ---D | M] -- C:\SIMTOWN [2011.07.31 22:18:45 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.07.13 09:57:06 | 000,000,000 | ---D | M] -- C:\Terzio [2010.11.14 13:32:22 | 000,000,000 | ---D | M] -- C:\Tivola [2010.10.25 21:34:04 | 000,000,000 | R--D | M] -- C:\Users [2011.07.31 09:58:37 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.08.18 01:52:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2009.08.18 01:52:44 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2009.08.18 01:52:44 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2009.08.18 01:52:44 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-30 20:08:50 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 72 bytes -> C:\Windows:D17840BF2F5646D8 @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:588B60C7 < End of report > Extra.Txt und den scan von GMER sind angehängt. Ich war schon kurz davor Vista neu aufzusetzen, wollte aber vorher fragen, ob das überhaupt notwendig ist. Ganz lieben Dank schon mal für die Hilfe. LG Anette  |
| Themen zu Nach lautem Piepton geht nichts mehr |
| alternate, antivir, audiodg.exe, bho, bingbar, c:\windows\system32\rundll32.exe, conduit, converter, desktop, dsl, error, firefox, format, frage, gfnexsrv.exe, hijack, home, igdctrl.exe, intranet, malware, mp3, msvcrt, otl.txt, piepton, plug-in, problem, programm, realtek, registry, rundll, scan, sched.exe, security, security scan, senden, software, sptd.sys, start menu, stick, vdeck.exe, version=1.0, virus, vista, winload toolbar |
Baum-Darstellung