| Jetfrommars | 01.07.2012 15:03 |
73 Trojanerfunde in C:\WINDOWS\Driver Cache
Hallo zusammen, ich schlage mich nun seit einiger Zeit mit Viren rum.
Leider werden sie nicht immer von meinem Antivir erkannt, von Malwarebytes überhaupt nicht. Wie ich im Titel schrieb, befinden sie sich in der Driver Cache. Besonders auffällig ist der Trojaner TR/Crypt.XPACK.Gen, denn der wird fast nur gefunden. Antivir hat bei meinem letzten Suchlauf, bei dem die Trojaner erkannt wurden, nur einen davon in Quarantäne verschoben.
Ich weiß da nun nicht mehr weiter. Ich werde die Dinger einfach nicht los. :-(
Des weiteren macht mein Pc hin und wieder Probleme beim hochfahren. Es kommt dann gleich zu Anfang eine Fehlermeldung, dass er den Datenträger nicht lesen konnte. Jedoch bin ich mir nicht sicher, ob es wirklich an den Viren liegt.
defogger hat nichts besonderes gefunden.
OTL.Txt Code:
OTL logfile created on: 01.07.2012 15:45:45 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\Justine\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,44% Memory free
4,83 Gb Paging File | 3,96 Gb Available in Paging File | 81,98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 171,43 Gb Free Space | 87,77% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 255,09 Gb Free Space | 94,32% Space Free | Partition Type: NTFS
Computer Name: JUSSEL | User Name: Justine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.01 15:45:20 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Justine\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.06.30 15:51:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:38 | 000,981,680 | ---- | M] (Malwarebytes Corporation) -- F:\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2012.02.20 21:28:38 | 000,013,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe
PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.07.06 18:11:44 | 000,443,504 | ---- | M] (MSI CO.,LTD.) -- C:\Programme\MSI\Super-Charger\Super-Charger.exe
PRC - [2011.02.22 06:19:12 | 002,656,280 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 06:19:08 | 000,326,168 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.10.27 21:21:54 | 001,155,072 | ---- | M] (Last.fm) -- F:\Last.fm\LastFM.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.30 16:29:37 | 009,459,912 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012.06.30 15:51:17 | 002,000,352 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 14:56:53 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2516a49d10f4418f72e1c25f691815a8\System.ServiceProcess.ni.dll
MOD - [2012.05.23 10:59:52 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5ee8bf77e7b3e25cdbff6e1c299574fe\System.Xml.ni.dll
MOD - [2012.05.23 10:59:49 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\0c8e950df17a0abec10888e8ad966cbe\System.Configuration.ni.dll
MOD - [2012.05.23 10:59:48 | 009,090,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\6f399163bb35597da7141ccdb7f39d16\System.ni.dll
MOD - [2012.05.23 10:59:43 | 014,412,800 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll
MOD - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
MOD - [2012.04.16 23:11:02 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010.10.27 21:23:04 | 000,106,496 | ---- | M] () -- F:\Last.fm\srv_rtaudioplayback.dll
MOD - [2010.10.27 21:22:52 | 000,057,344 | ---- | M] () -- F:\Last.fm\ext_messengernotify.dll
MOD - [2010.10.27 21:22:42 | 000,058,880 | ---- | M] () -- F:\Last.fm\ext_skypenotify.dll
MOD - [2010.10.27 21:22:08 | 000,147,456 | ---- | M] () -- F:\Last.fm\srv_madtranscode.dll
MOD - [2010.10.27 21:22:00 | 000,028,160 | ---- | M] () -- F:\Last.fm\srv_httpinput.dll
MOD - [2010.10.27 21:19:28 | 000,372,736 | ---- | M] () -- F:\Last.fm\LastFmFingerprint1.dll
MOD - [2010.10.27 21:19:06 | 000,025,088 | ---- | M] () -- F:\Last.fm\breakpad.dll
MOD - [2010.10.27 21:18:50 | 000,180,224 | ---- | M] () -- F:\Last.fm\Moose1.dll
MOD - [2010.10.27 21:18:34 | 000,540,672 | ---- | M] () -- F:\Last.fm\LastFmTools1.dll
MOD - [2010.10.27 21:13:52 | 001,382,507 | ---- | M] () -- F:\Last.fm\libfftw3f-3.dll
MOD - [2010.10.27 21:13:52 | 000,074,240 | ---- | M] () -- F:\Last.fm\zlibwapi.dll
MOD - [2008.04.16 17:42:30 | 000,376,832 | ---- | M] () -- F:\Last.fm\QtNetwork4.dll
MOD - [2008.04.16 17:42:16 | 000,524,288 | ---- | M] () -- F:\Last.fm\QtSql4.dll
MOD - [2008.04.16 17:42:02 | 006,701,056 | ---- | M] () -- F:\Last.fm\QtGui4.dll
MOD - [2008.04.16 17:36:38 | 000,376,832 | ---- | M] () -- F:\Last.fm\QtXml4.dll
MOD - [2008.04.16 17:36:34 | 001,654,784 | ---- | M] () -- F:\Last.fm\QtCore4.dll
MOD - [2008.04.02 14:26:50 | 000,233,472 | ---- | M] () -- F:\Last.fm\imageformats\qmng4.dll
MOD - [2008.04.02 14:26:34 | 000,021,504 | ---- | M] () -- F:\Last.fm\imageformats\qgif4.dll
MOD - [2008.04.02 14:26:28 | 000,135,168 | ---- | M] () -- F:\Last.fm\imageformats\qjpeg4.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.06.30 16:29:51 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.30 15:51:18 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:18:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.24 14:21:01 | 000,014,848 | ---- | M] () [Auto | Running] -- C:\Programme\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore)
SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.02.22 06:19:12 | 002,656,280 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.02.22 06:19:08 | 000,326,168 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.07.01 15:33:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.16 12:46:02 | 006,427,240 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011.05.04 12:31:04 | 000,295,528 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010.10.19 10:33:40 | 000,041,088 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (MEI) Intel(R)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.11.18 01:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.30 15:51:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.13 18:00:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2012.06.30 17:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Justine\Anwendungsdaten\Mozilla\Extensions
[2012.06.30 19:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Justine\Anwendungsdaten\Mozilla\Firefox\Profiles\pu8j9cxw.default\extensions
[2012.06.30 19:12:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Justine\Anwendungsdaten\Mozilla\Firefox\Profiles\pu8j9cxw.default\extensions\ich@maltegoetz.de
[2012.05.14 22:50:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.30 15:51:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.06.30 18:24:47 | 001,184,804 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\JUSTINE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\PU8J9CXW.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2012.06.30 15:51:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.07 17:27:35 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.07 17:27:35 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.07 17:27:35 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.07 17:27:35 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.07 17:27:35 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.07 17:27:35 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2007.10.29 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [Super-Charger] C:\Programme\MSI\Super-Charger\StartSuperCharger.exe (MSI)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] F:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD1D68DF-8795-4BA6-A62D-BB08357B7E89}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.05.13 16:53:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{4c83cf42-9d40-11e1-8f51-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4c83cf42-9d40-11e1-8f51-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4c83cf42-9d40-11e1-8f51-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{4c83cf42-9d40-11e1-8f51-806d6172696f}\Shell\configure\command - "" = D:\SETUP.EXE
O33 - MountPoints2\{4c83cf42-9d40-11e1-8f51-806d6172696f}\Shell\install\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.01 15:33:28 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.01 15:08:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.01 15:08:40 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.30 19:29:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2012.06.30 19:29:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Anwendungsdaten\Last.fm
[2012.06.30 19:28:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Last.fm
[2012.06.30 17:15:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Anwendungsdaten\Mozilla
[2012.06.30 17:02:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2012.06.22 11:12:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Eigene Dateien\My Curse
[2012.06.22 11:12:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Startmenü\Programme\Curse
[2012.06.14 13:17:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Anwendungsdaten\Malwarebytes
[2012.06.14 13:17:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.14 11:56:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.06.13 18:37:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\eBay
[2012.06.13 18:19:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Desktop\R4
[2012.06.13 18:00:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\QuickTime
[2012.06.13 17:59:35 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2012.06.13 16:40:12 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.06.13 13:55:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office Live Add-in
[2012.06.13 13:55:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2012.06.06 22:47:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Eigene Dateien\OneNote-Notizbücher
[2012.06.03 21:41:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office
[2012.06.03 21:41:37 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works
[2012.06.03 21:41:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2012.06.03 21:39:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2012.06.03 21:39:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Anwendungsdaten\Microsoft Help
[2012.06.03 21:39:46 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2012.06.03 21:39:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft Help
[2012.06.03 21:39:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.01 15:50:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.01 15:44:38 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Justine\defogger_reenable
[2012.07.01 15:44:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.01 15:33:28 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.01 15:08:44 | 000,000,540 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.01 10:31:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.30 19:28:52 | 000,000,429 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Last.fm.lnk
[2012.06.30 16:58:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.14 14:44:37 | 000,148,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.14 12:13:18 | 000,516,590 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.14 12:13:18 | 000,493,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 12:13:18 | 000,083,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.14 12:13:17 | 000,100,682 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.12 22:49:23 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.06 22:47:23 | 000,000,973 | ---- | M] () -- C:\Dokumente und Einstellungen\Justine\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.01 15:44:38 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Justine\defogger_reenable
[2012.07.01 15:08:44 | 000,000,540 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.30 19:28:52 | 000,000,429 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Last.fm.lnk
[2012.06.06 22:47:23 | 000,000,973 | ---- | C] () -- C:\Dokumente und Einstellungen\Justine\Startmenü\Programme\Autostart\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2012.05.26 22:29:26 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.23 11:04:50 | 000,153,832 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.05.14 15:10:53 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.05.13 23:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.05.13 23:12:16 | 000,148,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.05.13 17:34:34 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.05.13 17:34:34 | 001,074,636 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.05.13 17:34:34 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.05.13 17:34:28 | 002,807,708 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.05.13 17:19:45 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.05.13 17:02:40 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2012.05.13 16:59:14 | 000,008,192 | R--- | C] () -- C:\WINDOWS\System32\drivers\IntelMEFWVer.dll
[2012.05.13 16:54:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.05.13 16:50:41 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== LOP Check ==========
[2012.06.30 19:29:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2012.05.13 19:53:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.05.22 22:45:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Justine\Anwendungsdaten\Freemium
[2012.05.13 18:40:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Justine\Anwendungsdaten\Thunderbird
========== Purity Check ==========
< End of report >
Extra.Txt: Code:
OTL Extras logfile created on: 01.07.2012 15:45:45 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\Justine\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 68,44% Memory free
4,83 Gb Paging File | 3,96 Gb Available in Paging File | 81,98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 195,31 Gb Total Space | 171,43 Gb Free Space | 87,77% Space Free | Partition Type: NTFS
Drive F: | 270,45 Gb Total Space | 255,09 Gb Free Space | 94,32% Space Free | Partition Type: NTFS
Computer Name: JUSSEL | User Name: Justine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"F:\World of Warcraft\wow-2.1.1.1897-enGB-tools-downloader.exe" = F:\World of Warcraft\wow-2.1.1.1897-enGB-tools-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"F:\World of Warcraft\Launcher.exe" = F:\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"F:\World of Warcraft\Launcher.patch.exe" = F:\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"F:\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe" = F:\World of Warcraft\Temp\wow-4.2.1.2736-enUS-tools-downloader.exe:*:Enabled:Blizzard Downloader
"F:\World of Warcraft\BackgroundDownloader.exe" = F:\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Apps\2.0\0MPYP865.LCL\DMYJV0YA.REP\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe" = C:\Dokumente und Einstellungen\Justine\Lokale Einstellungen\Apps\2.0\0MPYP865.LCL\DMYJV0YA.REP\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\CurseClient.exe:*:Enabled:Curse Client 4.0 -- (Curse)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7CDF10DD-A9B5-4DA3-AB95-E193248D4369}_is1" = Super-Charger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 136.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDBF3211-23D5-4DA4-95F5-1A1874DE8673}" = TubeBox
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft.Net.Client.3.5" = Microsoft .NET Framework Client Profile
"Mozilla Firefox 14.0 (x86 de)" = Mozilla Firefox 14.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"TubeBox 3.5.2" = TubeBox
"VLC media player" = VLC media player 2.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 01.07.2012 06:22:19 | Computer Name = JUSSEL | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 01.07.2012 07:44:14 | Computer Name = JUSSEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 01.07.2012 07:52:20 | Computer Name = JUSSEL | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 01.07.2012 07:52:20 | Computer Name = JUSSEL | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 01.07.2012 07:58:19 | Computer Name = JUSSEL | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 01.07.2012 07:58:19 | Computer Name = JUSSEL | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 01.07.2012 08:44:23 | Computer Name = JUSSEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung FlashPlayerUpdateService.exe, Version 11.3.300.262,
fehlgeschlagenes Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x000113c0.
Error - 01.07.2012 09:32:55 | Computer Name = JUSSEL | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avscan.exe, Version 12.3.0.15, fehlgeschlagenes
Modul avarkt.dll, Version 12.3.0.15, Fehleradresse 0x00022247.
Error - 01.07.2012 09:38:20 | Computer Name = JUSSEL | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{7B849a69-220F-451E-B3FE-2CB811AF94AE}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
Error - 01.07.2012 09:38:20 | Computer Name = JUSSEL | Source = Userenv | ID = 1041
Description = Der Registrierungseintrag DllName konnte für "{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}"
nicht abgerufen und daher auch nicht geladen werden. Dies wurde wahrscheinlich
durch eine fehlerhafte Registrierung verursacht.
[ System Events ]
Error - 01.07.2012 04:24:27 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:24:37 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:24:52 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:25:04 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:25:16 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:25:26 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:25:36 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:26:19 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:27:26 | Computer Name = JUSSEL | Source = atapi | ID = 262153
Description = Das Gerät \Device\Ide\IdePort0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.
Error - 01.07.2012 04:27:49 | Computer Name = JUSSEL | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
< End of report >
Derzeit versuche ich, einen erfolgreichen Suchlauf mit Antivir hinzukriegen.
Ich hoffe, ihr wisst weiter,
Liebe Grüße,
Justine |
