Schneewante | 29.06.2012 17:08 | OTL Logfile: Code:
OTL logfile created on: 29.06.2012 17:56:19 - Run 3
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\Besitzer\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 73,18% Memory free
3,85 Gb Paging File | 3,31 Gb Available in Paging File | 86,11% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 78,13 Gb Total Space | 64,05 Gb Free Space | 81,98% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 471,49 Gb Free Space | 50,62% Space Free | Partition Type: NTFS
Drive E: | 75,25 Gb Total Space | 60,64 Gb Free Space | 80,58% Space Free | Partition Type: NTFS
Computer Name: SCHNEEWANTE | User Name: Besitzer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.29 13:17:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
PRC - [2012.05.08 19:49:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 19:49:45 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 19:49:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 19:49:45 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.11.17 19:03:50 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2011.10.08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.09.30 13:19:12 | 000,252,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.04.25 09:01:02 | 000,219,008 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHTU.EXE
PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\Event Manager\EEventManager.exe
PRC - [2010.08.10 01:00:00 | 001,867,776 | ---- | M] (Cerulean Studios) -- C:\Programme\Trillian\trillian.exe
PRC - [2010.04.09 03:42:28 | 000,163,944 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe
PRC - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.08 19:49:46 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.08.10 01:00:00 | 000,122,880 | ---- | M] () -- C:\Programme\Trillian\libpng13.dll
MOD - [2010.08.10 01:00:00 | 000,065,536 | ---- | M] () -- C:\Programme\Trillian\libungif.dll
MOD - [2010.08.10 01:00:00 | 000,059,904 | ---- | M] () -- C:\Programme\Trillian\zlib1.dll
MOD - [2010.08.10 01:00:00 | 000,053,248 | ---- | M] () -- C:\Programme\Trillian\languages\en\aim.dll
MOD - [2010.08.10 01:00:00 | 000,016,896 | ---- | M] () -- C:\Programme\Trillian\languages\en\trillian.dll
MOD - [2010.08.10 01:00:00 | 000,014,336 | ---- | M] () -- C:\Programme\Trillian\languages\en\msn.dll
MOD - [2010.08.10 01:00:00 | 000,011,264 | ---- | M] () -- C:\Programme\Trillian\languages\en\events.dll
MOD - [2010.08.10 01:00:00 | 000,011,264 | ---- | M] () -- C:\Programme\Trillian\languages\en\buddy.dll
MOD - [2010.08.10 01:00:00 | 000,008,192 | ---- | M] () -- C:\Programme\Trillian\languages\en\talk.dll
MOD - [2010.08.10 01:00:00 | 000,005,632 | ---- | M] () -- C:\Programme\Trillian\languages\en\proxy.dll
MOD - [2010.08.10 01:00:00 | 000,004,096 | ---- | M] () -- C:\Programme\Trillian\languages\en\toolkit.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.06.23 18:21:13 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.17 18:45:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 19:49:46 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 19:49:45 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.17 19:03:50 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011.10.08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.05.08 19:49:46 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 19:49:46 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.30 11:28:46 | 006,435,432 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.04.08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010.04.08 20:30:28 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2010.03.04 12:02:10 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010.03.04 12:02:08 | 000,070,912 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009.11.18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-776561741-1547161642-682003330-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-776561741-1547161642-682003330-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-776561741-1547161642-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..network.proxy.http: "216.155.139.115"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.17 18:45:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.12 06:52:07 | 000,000,000 | ---D | M]
[2012.01.29 11:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Extensions
[2012.06.15 18:33:50 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\jcwr4o2m.default\extensions
[2012.05.25 15:11:44 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla\Firefox\Profiles\jcwr4o2m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.01.29 11:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.15 18:33:50 | 000,182,698 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\BESITZER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\JCWR4O2M.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.17 18:45:50 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-776561741-1547161642-682003330-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EEventManager] C:\Programme\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\Programme\NVIDIA Corporation\Raid\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] E:\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-776561741-1547161642-682003330-1003..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\Autostart\Trillian.lnk = C:\Programme\Trillian\trillian.exe (Cerulean Studios)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1547161642-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-776561741-1547161642-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-776561741-1547161642-682003330-1003\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-776561741-1547161642-682003330-1003\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-776561741-1547161642-682003330-1003\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-776561741-1547161642-682003330-1003\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FEDFB4F4-30E8-4B2F-B4AB-D28DFAA33C6B}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.26 19:04:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.29 13:17:50 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.06.28 12:01:23 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.06.28 12:00:40 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe
[2012.06.23 19:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\Anti-Malware
[2012.06.23 14:33:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
[2012.06.23 08:53:51 | 000,000,000 | ---D | C] -- C:\Programme\Emsisoft Anti-Malware
[2012.06.22 18:44:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.06.22 18:44:46 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.22 18:44:46 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.06.22 18:44:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.06.22 18:13:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D56250002393DC013DAC99D151FC84
[2012.06.18 15:11:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Praxisplan
[2012.06.18 15:11:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Neuer Ordner
[2012.06.08 11:07:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Epson
[2012.06.07 14:30:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\EPSON
[2012.06.07 14:28:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012.06.07 14:26:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Epson Software
[2012.06.07 14:25:40 | 000,000,000 | ---D | C] -- C:\Programme\EpsonNet
[2012.06.07 14:25:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield
[2012.06.07 14:25:29 | 000,000,000 | ---D | C] -- C:\Programme\EPSON Software
[2012.06.07 14:25:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Besitzer\Startmenü\Programme\EPSON Software
[2012.06.07 14:24:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2012.06.07 14:24:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2012.06.07 14:24:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\EPSON
[2012.06.07 14:24:25 | 000,000,000 | ---D | C] -- C:\Programme\epson
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.29 17:51:18 | 000,008,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\cc_20120629_175046.reg
[2012.06.29 17:21:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.06.29 14:06:17 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.06.29 14:02:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.29 13:17:27 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\OTL.exe
[2012.06.29 09:42:29 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.28 12:00:02 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Besitzer\Desktop\esetsmartinstaller_enu.exe
[2012.06.24 07:56:36 | 000,002,442 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\cc_20120624_075554.reg
[2012.06.23 14:27:40 | 000,125,952 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.22 18:44:47 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.14 06:56:56 | 000,120,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.06.13 22:54:51 | 000,448,892 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.13 22:54:51 | 000,432,778 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.13 22:54:51 | 000,080,332 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.13 22:54:51 | 000,067,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.13 22:51:41 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.06.11 06:40:05 | 000,017,924 | ---- | M] () -- C:\Dokumente und Einstellungen\Besitzer\Desktop\Patrica Cornwell.ods
[2012.06.08 13:52:37 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2012.06.07 14:27:49 | 000,000,308 | ---- | M] () -- C:\WINDOWS\setup.iss
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.29 17:50:49 | 000,008,768 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\cc_20120629_175046.reg
[2012.06.24 07:55:57 | 000,002,442 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Eigene Dateien\cc_20120624_075554.reg
[2012.06.22 18:44:47 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.08 13:52:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2012.06.07 14:27:46 | 000,000,308 | ---- | C] () -- C:\WINDOWS\setup.iss
[2012.06.04 18:24:26 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.03.11 23:30:16 | 000,374,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.03.11 23:29:59 | 000,156,981 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.03.11 22:45:35 | 000,002,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\.recently-used.xbel
[2012.03.11 21:24:48 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.02.16 07:01:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.11 11:14:53 | 000,005,219 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2012.02.11 11:07:37 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2012.02.09 18:23:20 | 000,000,131 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\default.rss
[2012.02.09 18:15:25 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2012.01.29 14:38:05 | 000,125,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.26 20:29:30 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2012.01.26 20:08:05 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.01.26 20:08:05 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.01.26 20:08:05 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.01.26 20:07:45 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.01.26 20:05:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.01.26 19:39:20 | 000,010,084 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2012.01.26 19:05:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012.01.26 19:01:48 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012.01.26 18:56:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012.01.26 18:55:48 | 000,120,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== LOP Check ==========
[2012.06.22 19:10:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\OpenOffice.org
[2012.06.07 14:30:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON
[2012.06.22 18:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F4D56250002393DC013DAC99D151FC84
[2012.02.11 11:07:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP
[2012.06.07 14:28:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2012.06.08 11:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Epson
[2012.03.11 23:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gtk-2.0
[2012.01.26 20:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org
[2012.04.13 18:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sony Online Entertainment
[2012.05.25 15:09:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Stellarium
[2012.02.05 21:22:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wargaming.net
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
[2012.01.26 20:29:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Kaspersky Lab
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2012.02.02 18:39:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Adobe
[2012.03.02 19:39:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Avira
[2012.04.08 14:57:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\dvdcss
[2012.06.08 11:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Epson
[2012.03.11 23:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\gtk-2.0
[2012.01.26 19:15:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Identities
[2012.06.07 14:25:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\InstallShield
[2012.01.26 20:02:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Macromedia
[2012.06.23 14:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Malwarebytes
[2012.06.07 14:25:29 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Microsoft
[2012.01.29 11:26:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Mozilla
[2012.01.27 10:59:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Nero
[2012.05.25 15:09:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\NVIDIA
[2012.01.26 20:10:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\OpenOffice.org
[2012.06.29 17:48:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Skype
[2012.04.13 18:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sony Online Entertainment
[2012.05.25 15:09:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Stellarium
[2012.01.26 19:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Sun
[2012.01.26 19:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\vlc
[2012.02.05 21:22:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\wargaming.net
[2012.06.29 17:48:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\Winamp
[2012.01.26 19:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Besitzer\Anwendungsdaten\WinRAR
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVGTS.SYS >
[2010.04.08 21:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=87096913DFB9129144E1038AADFF17EE -- C:\WINDOWS\OemDir\nvgts.sys
[2010.04.08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=87096913DFB9129144E1038AADFF17EE -- C:\WINDOWS\system32\drivers\nvgts.sys
[2010.04.08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=87096913DFB9129144E1038AADFF17EE -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\nvgts.sys
[2010.04.08 20:30:28 | 000,168,040 | ---- | M] (NVIDIA Corporation) MD5=87096913DFB9129144E1038AADFF17EE -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\nvgts.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2012.01.26 19:55:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2012.01.26 19:55:00 | 001,069,056 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2012.01.26 19:55:00 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report > --- --- ---
Ich hoffe, diesmal ists besser |