Inhalt der OTL.txt: Code:
OTL logfile created on: 31.01.2012 23:00:58 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\halloween\Desktop\downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 82,48% Memory free
3,85 Gb Paging File | 3,67 Gb Available in Paging File | 95,15% Paging File free
Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 18,63 Gb Total Space | 3,86 Gb Free Space | 20,74% Space Free | Partition Type: NTFS
Drive G: | 149,04 Gb Total Space | 43,04 Gb Free Space | 28,88% Space Free | Partition Type: NTFS
Computer Name: JOHN | User Name: halloween | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.01.30 23:26:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\halloween\Desktop\downloads\OTL.exe
PRC - [2007.10.24 11:59:53 | 001,107,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.04.16 21:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (No Company Name) ==========
MOD - [2011.07.30 18:19:45 | 000,043,520 | ---- | M] () -- C:\WINDOWS\system32\CmdLineExt03.dll
MOD - [2008.05.16 13:01:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008.05.01 19:20:06 | 001,302,528 | ---- | M] () -- C:\Programme\XnView\ShellEx\XnViewShellExt.dll
MOD - [2006.12.03 13:53:06 | 000,126,464 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.09.07 08:58:16 | 000,008,704 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- -- (StarWindService)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.12.29 18:21:35 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.08.04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Stopped] -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2008.04.14 05:52:14 | 000,167,403 | RHS- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\sgnfzen.dll -- (irkqi)
SRV - [2003.07.28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Driver Services (SafeList) ==========
DRV - [2012.01.24 23:41:08 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.12.20 01:32:46 | 000,639,224 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.02.04 17:28:56 | 000,297,888 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.04.13 23:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.01.24 22:36:16 | 004,127,488 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2000.08.18 13:57:52 | 000,017,524 | ---- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gt680x.sys -- (GT680x)
DRV - [2000.08.03 17:41:42 | 000,020,059 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8029.sys -- (rtl8029)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "Google.de"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Programme\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.25 17:21:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.06 16:11:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.08.24 01:06:19 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Programme\Copernic Desktop Search - Home\Firefox36Connector
[2011.05.29 23:09:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Mozilla\Extensions
[2012.01.11 05:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Mozilla\Firefox\Profiles\15113n35.default\extensions
[2011.08.12 22:05:21 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Mozilla\Firefox\Profiles\15113n35.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.01.11 05:58:24 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Mozilla\Firefox\Profiles\15113n35.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.12 12:19:51 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.12 12:19:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\HALLOWEEN\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\15113N35.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.01.06 16:11:17 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.12 08:55:08 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2007.11.21 00:52:38 | 002,884,992 | R--- | M] () -- C:\Programme\mozilla firefox\plugins\NPSWF32.dll
[2011.08.18 06:43:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.08.18 06:43:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.08.18 06:43:25 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.18 06:43:25 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.08.18 06:43:25 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.08.18 06:43:25 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2002.12.31 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] "C:\Dokumente und Einstellungen\halloween\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe" File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Steam] G:\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [WindowsUpdater] C:\DOKUME~1\HALLOW~1\LOKALE~1\Temp\Svchost.bat File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideRunAsVerb = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoUserNameInStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ConfirmFileDelete = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceCopyAclwithFile = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RecycleBinSize = 5
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives =
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947643A1-C7D4-4E4F-80FE-07987DE4761F}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.05.29 22:31:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.04.14 05:52:14 | 000,095,034 | RHS- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{35cc8f5a-4aaf-11e1-aeb1-00201857d268}\Shell - "" = AutoRun
O33 - MountPoints2\{35cc8f5a-4aaf-11e1-aeb1-00201857d268}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{35cc8f5a-4aaf-11e1-aeb1-00201857d268}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{a33859aa-0ee8-11e1-ae91-00201857d268}\Shell - "" = AutoRun
O33 - MountPoints2\{a33859aa-0ee8-11e1-ae91-00201857d268}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a33859aa-0ee8-11e1-ae91-00201857d268}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O33 - MountPoints2\{bdc15f70-03fe-11e1-ae8b-00201857d268}\Shell - "" = AutoRun
O33 - MountPoints2\{bdc15f70-03fe-11e1-ae8b-00201857d268}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{bdc15f70-03fe-11e1-ae8b-00201857d268}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {26923b43-4d38-484f-9b9e-de460746276c} -
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4b218e3e-bc98-4770-93d3-2731b9329278} -
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} -
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - Internet Explorer 6
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8D1D0E9A-C799-4D28-9E29-0061D1E66E43} - Microsoft .NET Framework 1.1 Hotfix (KB928366)
ActiveX: {9309DD7E-EBFE-3C95-8B47-30D3A012F606} - .NET Framework
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: irkqi - C:\WINDOWS\system32\sgnfzen.dll ()
CREATERESTOREPOINT
Error creating restore point.
========== Files/Folders - Created Within 30 Days ==========
[2012.01.29 03:28:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Startmenü\Programme\Crossfire Europe
[2012.01.29 01:28:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\halloween\Recent
[2012.01.24 23:41:07 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.01.24 23:38:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite
[2012.01.24 23:38:08 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2012.01.24 16:33:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\riotsGamesLogs
[2012.01.24 16:33:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\LolClient
[2012.01.21 13:53:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Riot Games
[2012.01.20 23:00:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Lokale Einstellungen\Anwendungsdaten\PMB Files
[2012.01.20 23:00:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2012.01.20 23:00:12 | 000,000,000 | ---D | C] -- C:\Programme\Pando Networks
[2012.01.15 15:28:06 | 000,000,000 | ---D | C] -- C:\Programme\LogMeIn Hamachi
[2012.01.15 15:28:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\LogMeIn Hamachi
[2012.01.14 10:04:03 | 000,017,524 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\gt680x.sys
[2012.01.14 10:04:01 | 000,176,128 | ---- | C] (BearPaw) -- C:\WINDOWS\System32\PuzzSaver.scr
[2012.01.14 10:03:51 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System\Pcdlib32.dll
[2012.01.14 10:03:51 | 000,172,032 | ---- | C] (BearPaw) -- C:\WINDOWS\System32\SpotSaver.scr
[2012.01.14 10:03:50 | 000,913,616 | ---- | C] (TurboPower Software Company) -- C:\WINDOWS\System32\A258_R35.bpl
[2012.01.14 10:03:50 | 000,906,512 | ---- | C] (TurboPower Software Company) -- C:\WINDOWS\System32\A255_R35.bpl
[2012.01.12 12:20:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012.01.12 08:38:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Lokale Einstellungen\Anwendungsdaten\Thinstall
[2012.01.12 06:46:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Lokale Einstellungen\Anwendungsdaten\FlashDevelop.old
[2012.01.11 05:58:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\DVDVideoSoft
[2012.01.11 05:58:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\DVDVideoSoftIEHelpers
[2012.01.11 05:58:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft
[2012.01.11 05:57:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2012.01.11 05:57:55 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft
[2012.01.11 05:57:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\Eigene Dateien\DVDVideoSoft
[2012.01.09 07:59:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cheat Engine 6.1
[2012.01.09 07:59:43 | 000,000,000 | ---D | C] -- C:\Programme\Cheat Engine 6.1
[2012.01.07 05:26:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Bullfrog
[2012.01.07 05:25:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\halloween\WINDOWS
[2012.01.03 18:02:19 | 000,000,000 | ---D | C] -- C:\CFLog
[2012.01.03 03:43:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Z8Games
========== Files - Modified Within 30 Days ==========
[2012.01.30 23:14:20 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.01.30 23:14:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.30 23:14:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.30 13:06:33 | 000,010,352 | ---- | M] () -- C:\Dokumente und Einstellungen\halloween\Desktop\JBMukke.m3u
[2012.01.24 23:42:23 | 000,467,368 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.24 23:42:23 | 000,448,580 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.24 23:42:23 | 000,089,908 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.24 23:42:23 | 000,073,686 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.24 23:41:08 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012.01.21 14:00:07 | 000,001,179 | ---- | M] () -- C:\Dokumente und Einstellungen\halloween\SciTE.session
[2012.01.14 10:05:07 | 000,000,000 | ---- | M] () -- C:\WINDOWS\WATCH.INI
[2012.01.12 07:18:40 | 000,000,090 | ---- | M] () -- C:\Dokumente und Einstellungen\halloween\mm.cfg
[2012.01.07 17:38:49 | 000,000,155 | ---- | M] () -- C:\wecker.ini
[2012.01.03 03:11:23 | 000,025,389 | ---- | M] () -- C:\Programme\CrossFire_1082.dlbt
========== Files Created - No Company Name ==========
[2012.01.30 13:06:33 | 000,010,352 | ---- | C] () -- C:\Dokumente und Einstellungen\halloween\Desktop\JBMukke.m3u
[2012.01.14 10:05:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WATCH.INI
[2012.01.14 10:04:04 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System\bpenhan.dll
[2012.01.14 10:04:03 | 000,007,821 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBfw.usb
[2012.01.14 10:04:01 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\ParaSaver.scr
[2012.01.14 10:03:52 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System\LFFPX7.DLL
[2012.01.14 10:03:52 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System\LFKODAK.DLL
[2012.01.14 10:03:51 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System\Capi2032.dll
[2012.01.12 06:46:44 | 000,000,090 | ---- | C] () -- C:\Dokumente und Einstellungen\halloween\mm.cfg
[2012.01.03 03:11:23 | 000,025,389 | ---- | C] () -- C:\Programme\CrossFire_1082.dlbt
[2011.09.29 18:21:42 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2011.09.29 18:21:38 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\Unlha32.dll
[2011.09.29 18:21:36 | 000,473,600 | ---- | C] () -- C:\WINDOWS\System32\Harmony.dll
[2011.09.10 10:46:03 | 000,273,148 | ---- | C] () -- C:\WINDOWS\Bergbau0.8.exe
[2011.09.10 05:01:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\ZMatrixSS.ini
[2011.09.09 16:28:08 | 000,201,728 | ---- | C] () -- C:\WINDOWS\SteinbruchDump.exe
[2011.08.23 16:43:23 | 000,000,331 | ---- | C] () -- C:\WINDOWS\WPE PRO - modified.INI
[2011.07.30 18:19:14 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011.05.30 18:09:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.05.30 15:14:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011.05.30 02:07:29 | 000,000,002 | ---- | C] () -- C:\WINDOWS\v10neformatic.dll
[2011.05.29 23:19:20 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.05.29 23:16:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2011.05.29 23:12:43 | 000,100,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.05.29 23:09:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.05.29 22:50:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.05.29 22:49:34 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.05.29 22:39:26 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.05.29 22:32:16 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\cpuz.ini
[2011.05.29 22:29:04 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.05.29 22:28:12 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011.05.29 22:28:11 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011.05.29 22:28:07 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2011.05.29 22:27:57 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\libpng13.dll
[2011.05.29 22:27:56 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2011.04.01 16:16:21 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\msptcpord.dll
[2010.03.26 20:04:54 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009.07.14 23:39:04 | 000,009,837 | ---- | C] () -- C:\WINDOWS\System32\mswtnpore.dll
[2008.11.23 10:01:13 | 014,197,710 | ---- | C] () -- C:\WINDOWS\System32\jre6.exe
[2008.11.20 08:48:54 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.05.16 13:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.05.16 13:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008.05.16 13:01:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.05.16 13:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008.05.16 13:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.05.16 13:01:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.05.16 13:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008.05.16 13:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008.05.16 13:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008.04.14 06:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 05:52:14 | 000,167,403 | RHS- | C] () -- C:\WINDOWS\System32\sgnfzen.dll
[2006.12.31 05:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.07.17 12:30:54 | 000,183,183 | ---- | C] () -- C:\WINDOWS\System32\screenres.exe
[2006.03.04 12:33:44 | 000,178,041 | ---- | C] () -- C:\WINDOWS\System32\setlink.exe
[2006.02.25 16:08:54 | 000,199,424 | ---- | C] () -- C:\WINDOWS\System32\setassociate.exe
[2006.02.25 15:48:46 | 000,176,585 | ---- | C] () -- C:\WINDOWS\System32\cdrom1.exe
[2006.02.24 11:16:24 | 000,199,367 | ---- | C] () -- C:\WINDOWS\System32\rddirs.exe
[2006.02.12 07:52:52 | 000,121,016 | ---- | C] () -- C:\WINDOWS\System32\MSI_Entpacken.exe
[2006.01.02 20:20:32 | 000,142,548 | ---- | C] () -- C:\WINDOWS\System32\mount-cd.exe
[2006.01.02 18:42:22 | 000,147,039 | ---- | C] () -- C:\WINDOWS\System32\wait.exe
[2005.12.14 08:53:28 | 000,142,255 | ---- | C] () -- C:\WINDOWS\System32\setattribut.exe
[2005.12.14 08:21:10 | 000,120,969 | ---- | C] () -- C:\WINDOWS\System32\setvar.exe
[2005.12.02 09:22:52 | 000,140,814 | ---- | C] () -- C:\WINDOWS\System32\pkill.exe
[2005.12.02 09:18:56 | 000,127,032 | ---- | C] () -- C:\WINDOWS\System32\winclose.exe
[2005.11.30 05:32:34 | 000,142,588 | ---- | C] () -- C:\WINDOWS\System32\attrib-all.exe
[2005.11.30 05:08:06 | 000,142,356 | ---- | C] () -- C:\WINDOWS\System32\delfile.exe
[2005.11.30 05:06:52 | 000,142,438 | ---- | C] () -- C:\WINDOWS\System32\deldir.exe
[2005.11.30 04:49:20 | 000,142,515 | ---- | C] () -- C:\WINDOWS\System32\DirAcess.exe
[2005.11.30 04:12:44 | 000,146,974 | ---- | C] () -- C:\WINDOWS\System32\hide.exe
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 10:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 10:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004.12.19 09:32:54 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2002.12.31 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002.12.31 08:00:00 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2002.12.31 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002.12.31 08:00:00 | 000,467,368 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002.12.31 08:00:00 | 000,448,580 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002.12.31 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002.12.31 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002.12.31 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002.12.31 08:00:00 | 000,120,624 | ---- | C] () -- C:\WINDOWS\System32\pclose.exe
[2002.12.31 08:00:00 | 000,089,908 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002.12.31 08:00:00 | 000,073,686 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002.12.31 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002.12.31 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002.12.31 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002.12.31 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
========== LOP Check ==========
[2011.12.22 02:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Armagetron
[2012.01.08 06:38:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012.01.31 21:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PMB Files
[2012.01.31 23:02:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2012.01.25 16:19:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\.minecraft
[2011.09.10 12:18:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\.ZMatrix
[2011.06.06 04:26:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\aborange
[2011.12.22 02:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Armagetron
[2011.07.13 19:32:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Audacity
[2011.09.12 04:34:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Blender Foundation
[2011.08.13 06:08:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Copernic
[2012.01.24 23:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\DAEMON Tools Lite
[2011.06.25 17:22:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\DDMSettings
[2012.01.11 05:58:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\DVDVideoSoft
[2012.01.11 05:58:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.05.31 14:56:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Easeware
[2011.10.25 02:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\FileZilla
[2012.01.24 16:33:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\LolClient
[2011.06.26 18:13:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Notepad++
[2011.05.30 02:08:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\PiX-ART.com
[2011.08.08 02:28:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Simfy
[2011.05.29 22:59:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\ssl
[2011.07.07 05:49:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\stickies
[2011.09.18 18:31:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\TeamViewer
[2011.05.30 14:14:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Thinstall
[2011.05.30 19:48:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\Thunderbird
[2012.01.03 02:18:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\TS3Client
[2011.06.07 13:47:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\halloween\Anwendungsdaten\XnView
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.01.03 18:02:19 | 000,000,000 | ---D | M] -- C:\CFLog
[2012.01.15 15:28:25 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2011.05.30 02:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings
[2011.05.29 22:42:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2012.01.03 02:23:18 | 000,000,000 | ---D | M] -- C:\Games
[2011.05.30 02:07:56 | 000,000,000 | ---D | M] -- C:\ic_temp
[2012.01.03 02:24:38 | 000,000,000 | ---D | M] -- C:\magic.formation.projekt
[2011.05.29 22:47:21 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.05.31 15:22:51 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.01.29 03:23:56 | 000,000,000 | R--D | M] -- C:\Programme
[2011.05.29 23:14:23 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.01.29 03:22:44 | 000,000,000 | ---D | M] -- C:\SG Interactive
[2011.10.23 07:55:35 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.12 07:59:04 | 000,000,000 | ---D | M] -- C:\tmp
[2012.01.29 20:24:40 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.manifest /3 >
< MD5 for: AFD.SYS >
[2008.11.23 10:00:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\system32\drivers\afd.sys
< MD5 for: EXPLORER.EXE >
[2007.10.24 11:59:53 | 001,107,456 | ---- | M] (Microsoft Corporation) MD5=6A29C13297A9C4ABD85F92A28192714F -- C:\WINDOWS\explorer.exe
[2011.06.04 01:32:17 | 000,017,408 | ---- | M] () MD5=C354A1DB3152267790E01DFAF009BB2C -- C:\Dokumente und Einstellungen\halloween\Lokale Einstellungen\Anwendungsdaten\Xenocode\XSandbox\Your Uninstaller! Vista\6.1\Native\STUBEXE\@WINDIR@\explorer.exe
< MD5 for: IPSEC.SYS >
[2008.04.13 22:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
< MD5 for: REGEDIT.EXE >
[2008.04.14 05:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
< MD5 for: USERINIT.EXE >
[2008.04.14 05:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 05:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2008.11.23 10:01:00 | 001,847,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAUShutdownOption" = 1
"NoAUAsDefaultShutdownOption" = 1
"NoAutoRebootWithLoggedOnUsers" = 1
"NoAutoUpdate" = 0
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
========== Alternate Data Streams ==========
@Alternate Data Stream - 190 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8927A071
@Alternate Data Stream - 167 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:B3D74A13
< End of report > |