Hallo Cosinus aka Arne,
Scan ohne Komplikationen und vergleichsweise wirklich sehr "quick" durchgeführt.
Hier das Ergebnis:
OTL Logfile: Code:
OTL logfile created on: 06.03.2012 16:00:52 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,49 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 62,89% Memory free
3,34 Gb Paging File | 2,60 Gb Available in Paging File | 77,87% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 85,83 Gb Total Space | 32,07 Gb Free Space | 37,37% Space Free | Partition Type: NTFS
Drive D: | 7,32 Gb Total Space | 0,58 Gb Free Space | 7,95% Space Free | Partition Type: FAT32
Computer Name: HAL9000L | User Name: Jean-Luc Picard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.03.06 13:41:49 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\OTL.exe
PRC - [2012.02.29 18:34:16 | 003,048,808 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.10.19 16:56:15 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.06.17 21:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2009.10.03 16:42:46 | 000,878,592 | ---- | M] (Speed-Soft) -- C:\Programme\Time-Sync\TimeSyncServiceClient.exe
PRC - [2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.06.20 20:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2005.12.23 12:44:26 | 000,491,606 | ---- | M] () -- C:\Programme\HPQ\Shared\HpqToaster.exe
PRC - [2005.11.04 10:21:36 | 001,524,776 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\vpngui.exe
PRC - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2005.08.31 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2004.07.27 15:50:18 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
========== Modules (No Company Name) ==========
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.11.05 16:37:22 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2011.10.19 16:56:03 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010.07.04 22:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll
MOD - [2010.06.17 21:56:52 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2005.12.23 12:44:26 | 000,491,606 | ---- | M] () -- C:\Programme\HPQ\Shared\HpqToaster.exe
MOD - [2005.11.04 10:21:48 | 000,197,672 | ---- | M] () -- C:\WINDOWS\system32\vpnapi.dll
MOD - [2005.09.21 10:57:56 | 004,325,376 | ---- | M] () -- C:\Programme\Cisco Systems\VPN Client\qt-mt335.dll
MOD - [2004.06.01 10:39:56 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2002.09.26 03:32:16 | 000,139,264 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Shell\psicon.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2012.02.29 18:34:16 | 003,048,808 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.03 16:42:46 | 000,878,592 | ---- | M] (Speed-Soft) [Auto | Running] -- C:\Programme\Time-Sync\TimeSyncServiceClient.exe -- (ServiceTimeSyncClient)
SRV - [2006.06.20 20:08:48 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2005.11.04 10:21:28 | 001,516,584 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.10 23:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds) Windows Media Connect (WMC)
SRV - [2004.08.10 20:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (tifm21)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (SYMIDSCO)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (GTIPCI21)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.02.15 18:35:14 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.11.02 10:13:28 | 000,034,768 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver)
DRV - [2011.11.02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011.10.19 16:56:15 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.05.19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2010.07.04 20:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 08:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util)
DRV - [2006.07.31 02:00:08 | 001,155,584 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.03.30 13:39:48 | 000,130,432 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (AES2500)
DRV - [2006.02.09 02:00:04 | 000,142,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink (TM)
DRV - [2006.02.09 02:00:04 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.01.19 14:50:40 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006.01.19 14:50:14 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.01.19 08:45:00 | 000,057,096 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.11.04 10:20:40 | 000,303,735 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005.09.19 13:24:20 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005.09.19 13:24:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2005.09.19 13:23:52 | 000,007,808 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005.08.31 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005.08.31 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005.08.31 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005.08.31 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005.08.31 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005.08.31 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005.08.31 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005.08.25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005.08.25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005.06.29 19:50:30 | 000,110,080 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2005.05.17 04:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005.01.26 06:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2001.08.18 03:35:52 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{A7BC682D-F73B-43DD-A63A-CF4F8DBE58BD}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Programme\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.02.29 03:50:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.02.29 03:50:39 | 000,000,000 | ---D | M]
[2012.02.29 01:28:21 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Extensions
[2012.03.04 09:24:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions
[2012.02.29 01:28:48 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
[2011.10.19 12:56:26 | 000,000,917 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla\Firefox\Profiles\2j7a7nom.default\searchplugins\conduit.xml
[2012.02.29 03:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.02.29 03:50:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.29 03:50:36 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2012.02.29 02:48:28 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.02.18 07:26:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.02.16 14:38:27 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2010.02.17 11:36:10 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.01.19 10:13:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.19 10:13:32 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.01.19 10:13:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.19 10:13:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.19 10:13:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.19 10:13:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.02.26 09:16:55 | 000,441,411 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15171 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cpqset] C:\Programme\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\programme\emsisoft anti-malware\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PTHOSTTR] C:\Programme\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WatchDog] C:\Programme\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006..\Run: [mount.exe] C:\Programme\GiPo@Utilities\FileUtilities.3\mount.exe (Gibin Software House (hxxp://www.gibinsoft.net))
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-419734215-4121061632-1738824273-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2001.07.27 23:07:00 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004.04.30 15:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^PNotes.lnk - C:\PNotes\PNotes.exe - (Andrey Gruber)
MsConfig - StartUpReg: BrowserChoice - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: Scheduler - hkey= - key= - C:\WINDOWS\SMINST\Scheduler.exe ()
MsConfig - StartUpReg: uTorrent - hkey= - key= - C:\Programme\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.03.06 13:41:44 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\OTL.exe
[2012.03.05 13:54:17 | 000,000,000 | ---D | C] -- C:\Programme\GMATPrep
[2012.03.04 07:19:42 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.03.04 07:11:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Recent
[2012.03.03 19:45:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Kraftraining
[2012.03.02 14:45:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Malwarebytes
[2012.03.02 14:45:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.03.02 14:45:26 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.03.02 14:45:25 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Eigene Videos
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Eigene Musik
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2012.03.01 13:17:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder
[2012.03.01 00:56:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\ppp
[2012.02.29 13:35:16 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Eigene Bilder
[2012.02.29 08:40:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Kündigung
[2012.02.28 19:26:41 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2012.02.28 19:26:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Eigene Dateien\Anti-Malware
[2012.02.26 08:06:50 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Startmenü\Programme\Verwaltung
[2012.02.24 09:54:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.23 15:18:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Unipark
[2012.02.22 15:03:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\extern
[2012.02.22 14:21:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Skype
[2012.02.22 14:21:37 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.02.22 14:21:34 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2012.02.22 14:21:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2012.02.21 08:44:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2012.02.21 08:44:07 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2012.02.21 08:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2012.02.21 08:43:57 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2012.02.21 08:43:37 | 000,000,000 | ---D | C] -- C:\ccb551ccd1f98f9c15573c8f21
[2012.02.20 17:08:09 | 000,000,000 | ---D | C] -- C:\Programme\GiPo@Utilities
[2012.02.20 17:08:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Gibinsoft Shared
[2012.02.20 16:50:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Startmenü\Programme\Sicherheit
[2012.02.20 16:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar
[2012.02.20 16:45:29 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2012.02.19 13:25:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Weltreise
[2012.02.10 17:23:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Dissertation - Philosophie
[2012.02.10 10:59:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Nach Studium
[2012.02.07 15:35:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\.spss
[2012.02.07 15:35:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\IBM
[2012.02.07 15:34:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\javasharedresources
[2012.02.07 14:55:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012.02.07 14:55:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2012.02.07 14:53:07 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\IBM
[2012.02.07 14:50:55 | 000,000,000 | ---D | C] -- C:\Programme\IBM
[2012.02.07 10:02:56 | 000,000,000 | ---D | C] -- C:\Programme\uTorrent
[2012.02.07 10:02:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\uTorrent
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.03.06 13:42:45 | 000,085,097 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control_, Abstürze von Firefox, dlls, Word.. - Trojaner-Board.mht.html
[2012.03.06 13:41:49 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\OTL.exe
[2012.03.05 16:22:38 | 000,023,359 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\.jose.user.preferences
[2012.03.05 10:31:12 | 000,004,827 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Schwimmplan für die KW 10.pdf
[2012.03.05 10:04:09 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012.03.04 07:14:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.03.04 07:14:10 | 1601,622,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.01 13:14:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\defogger_reenable
[2012.02.27 10:02:12 | 000,582,838 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\20091202_nanotechnologie_nanosilber_studie.pdf
[2012.02.26 13:16:10 | 000,065,459 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\0,1518,632277,00.html
[2012.02.26 13:15:57 | 000,013,121 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\ist_das_internet_ein_rechtsfreier_raum.html
[2012.02.26 09:16:55 | 000,441,411 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.02.26 08:26:24 | 000,000,222 | -HS- | M] () -- C:\boot.ini
[2012.02.24 15:56:20 | 002,283,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80firststeps_ger_2011-05-26.pdf
[2012.02.24 10:01:27 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.02.24 10:01:27 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.24 10:01:27 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.02.24 10:01:27 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.23 15:18:29 | 018,729,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80manual_ger_2011-06-07.pdf
[2012.02.23 13:13:57 | 004,678,868 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Wordpress.zip
[2012.02.22 10:57:40 | 000,018,343 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\index.php.htm
[2012.02.21 08:52:38 | 000,294,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.19 13:38:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.02.16 08:07:44 | 000,441,342 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120226-091655.backup
[2012.02.15 18:35:14 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2012.02.07 14:50:42 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2012.02.07 14:50:42 | 000,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2012.02.07 14:50:42 | 000,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012.02.07 14:50:42 | 000,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2012.02.07 14:50:42 | 000,000,016 | -H-- | M] () -- C:\WINDOWS\System32\servdat.slm
[2012.02.05 21:03:54 | 000,000,095 | ---- | M] () -- C:\WINDOWS\winamp.ini
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.03.06 13:42:45 | 000,085,097 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Probleme mit Laptop, Verseuchter Link, Trojaner, Remote Control_, Abstürze von Firefox, dlls, Word.. - Trojaner-Board.mht.html
[2012.03.05 10:31:12 | 000,004,827 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Schwimmplan für die KW 10.pdf
[2012.03.01 13:14:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\defogger_reenable
[2012.02.27 10:02:09 | 000,582,838 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\20091202_nanotechnologie_nanosilber_studie.pdf
[2012.02.26 13:16:09 | 000,065,459 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\0,1518,632277,00.html
[2012.02.26 13:15:57 | 000,013,121 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\ist_das_internet_ein_rechtsfreier_raum.html
[2012.02.24 15:56:15 | 002,283,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80firststeps_ger_2011-05-26.pdf
[2012.02.23 15:48:25 | 018,729,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\efssurvey80manual_ger_2011-06-07.pdf
[2012.02.23 13:13:55 | 004,678,868 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\Wordpress.zip
[2012.02.22 10:57:39 | 000,018,343 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Desktop\index.php.htm
[2012.02.15 09:07:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 09:07:11 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.07 14:50:42 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2012.02.07 14:50:42 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2012.02.07 14:50:42 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2012.02.07 14:50:42 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2012.02.07 14:50:42 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\servdat.slm
[2011.11.15 12:24:43 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.11.13 17:05:45 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011.11.05 17:13:40 | 000,000,040 | ---- | C] () -- C:\WINDOWS\nero.INI
[2011.11.05 17:04:54 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011.11.05 16:50:39 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011.11.05 16:50:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2011.11.05 16:49:47 | 000,031,744 | ---- | C] () -- C:\WINDOWS\UNISTB32.EXE
[2011.11.05 16:37:22 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011.11.05 16:37:22 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011.11.05 16:15:54 | 000,197,672 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2011.11.05 16:15:54 | 000,189,480 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2011.11.05 16:05:40 | 000,000,095 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2011.11.05 15:30:39 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.11.04 18:44:40 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2011.11.04 09:56:23 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2011.11.04 09:56:23 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2011.11.04 09:56:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2011.11.04 09:56:23 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2011.11.04 09:56:23 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2011.11.04 09:56:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2011.11.04 09:55:23 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== LOP Check ==========
[2012.02.29 00:59:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\SampleView
[2012.02.29 01:00:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2012.03.05 10:04:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\pdf995
[2012.02.29 01:00:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2012.02.29 01:00:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SPSS
[2012.02.29 01:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Thomson.ResearchSoft.Installers
[2012.02.29 01:00:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Transparent
[2012.02.29 01:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\SampleView
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\BaKoMa TeX
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\calibre
[2012.03.06 15:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\EndNote
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\LyX2.0
[2012.02.29 01:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Opera
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\pdf995
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Pdfsvg
[2012.03.04 23:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar
[2012.02.29 01:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\SampleView
[2012.02.29 01:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\uTorrent
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.02.29 01:00:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Adobe
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\AdobeUM
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Avira
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\BaKoMa TeX
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\calibre
[2012.03.06 15:28:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\EndNote
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\HpUpdate
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Identities
[2012.02.29 01:00:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\LyX2.0
[2012.02.29 01:00:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Macromedia
[2012.03.02 14:45:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Malwarebytes
[2012.02.29 10:43:19 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Microsoft
[2012.02.29 01:01:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX
[2012.02.29 01:28:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Mozilla
[2012.02.29 01:29:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Opera
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\pdf995
[2012.02.29 01:29:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Pdfsvg
[2012.03.04 23:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar
[2012.02.29 01:29:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\SampleView
[2012.03.06 12:44:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Skype
[2012.02.29 01:29:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\Sun
[2012.02.29 01:29:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\uTorrent
[2012.02.29 01:29:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\vlc
[2012.02.29 01:29:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
[2011.08.19 15:12:54 | 002,771,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe
[2011.08.19 15:12:54 | 002,771,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\miktex-update.exe
[2011.08.19 15:12:59 | 002,771,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe
[2004.08.27 20:09:22 | 000,118,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\miktex\bin\skt.exe
[2008.03.09 16:57:59 | 000,041,342 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\source\devanagari\bin\win32\devnag.exe
[2001.05.12 20:53:02 | 000,096,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\source\latex\bibarts\gbibsort.exe
[2009.03.23 10:29:07 | 000,018,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\MiKTeX\2.9\source\latex\splitindex\splitindex.exe
[2012.02.20 16:45:30 | 000,704,248 | ---- | M] () -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar\unins000.exe
[2010.03.31 12:17:06 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Dokumente und Einstellungen\Jean-Luc Picard\Anwendungsdaten\QuickStoresToolbar\Update.exe
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 09:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2011.11.04 13:57:06 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 16:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 09:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: IASTOR.SYS >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\SwSetup\HDD\iastor.sys
[2005.10.12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\SMINST\RPFiles\MiniNT\System32\Drivers\iastor.sys
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 09:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtUninstallKB968389_1$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2009.02.06 19:46:10 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=ED4BBAD725A21632FB205452749FC8F5 -- C:\WINDOWS\$NtUninstallKB975467_1$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 09:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2004.08.04 09:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 09:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.04 09:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 09:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2004.08.07 08:01:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004.08.07 08:01:00 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.08.07 08:01:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
--- --- ---
a) Wie ist das alles zu interpretieren?
b) War oder ist mein System infiziert?
c) Wie geht es ggf. weiter?
d) OTL hat auch eine Extras.txt generiert. Soll ich deren Inhalt auch posten (vermutlich nicht, sonst hättest Du es bestimmt geschrieben ;))?
Danke und Grüße,
Picard |