| whismerhill | 12.06.2013 12:37 |
hier die OTL Code:
OTL logfile created on: 12.06.2013 12:33:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MM\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
478,48 Mb Total Physical Memory | 171,15 Mb Available Physical Memory | 35,77% Memory free
1,09 Gb Paging File | 0,58 Gb Available in Paging File | 53,37% Paging File free
Paging file location(s): C:\pagefile.sys 717 717 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,56 Gb Total Space | 92,06 Gb Free Space | 64,13% Space Free | Partition Type: NTFS
Computer Name: BERGMANN-2 | User Name: MM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.06.12 12:30:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MM\Desktop\OTL.exe
PRC - [2013.06.11 16:49:31 | 000,181,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
PRC - [2010.06.15 10:36:40 | 006,479,712 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RaUI.exe
PRC - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\Hama\Common\RaRegistry.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.02.24 12:58:14 | 000,868,352 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2005.11.22 21:58:48 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005.10.26 17:17:24 | 000,159,744 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2005.08.24 21:04:48 | 000,548,864 | R--- | M] (Motorola Inc.) -- C:\WINDOWS\sm56hlpr.exe
PRC - [2005.08.10 08:54:34 | 000,385,024 | R--- | M] (Teleca Software Solutions) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
PRC - [2005.06.08 17:45:04 | 000,278,528 | ---- | M] (Teleca Software Solutions AB) -- C:\Programme\Gemeinsame Dateien\Teleca Shared\CapabilityManager.exe
PRC - [2005.04.06 17:53:06 | 003,502,080 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
PRC - [2005.04.06 17:53:04 | 000,856,064 | ---- | M] (Adobe Sytems Incorporated) -- C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
PRC - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe
MOD - [2011.02.04 18:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2010.06.14 14:38:44 | 000,984,416 | ---- | M] () -- C:\Programme\Hama\Common\RaWLAPI.dll
MOD - [2009.05.11 11:45:40 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\DiagFunc.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.02.09 18:35:06 | 000,128,512 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2006.08.11 21:43:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2006.02.24 12:57:52 | 000,065,536 | R--- | M] () -- C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\anubisps.dll
MOD - [2005.10.20 10:36:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2005.10.20 10:36:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll
MOD - [2005.10.07 10:22:50 | 000,081,920 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_33.dll
MOD - [2005.08.24 21:04:50 | 000,049,152 | R--- | M] () -- C:\WINDOWS\sm56cht.dll
MOD - [2005.08.24 21:04:48 | 000,069,632 | R--- | M] () -- C:\WINDOWS\sm56spn.dll
MOD - [2005.08.24 21:04:48 | 000,069,632 | R--- | M] () -- C:\WINDOWS\sm56itl.dll
MOD - [2005.08.24 21:04:48 | 000,069,632 | R--- | M] () -- C:\WINDOWS\sm56eng.dll
MOD - [2005.08.24 21:04:48 | 000,069,632 | R--- | M] () -- C:\WINDOWS\sm56brz.dll
MOD - [2005.08.24 21:04:48 | 000,061,440 | R--- | M] () -- C:\WINDOWS\sm56ger.dll
MOD - [2005.08.24 21:04:48 | 000,061,440 | R--- | M] () -- C:\WINDOWS\sm56fra.dll
MOD - [2005.08.24 21:04:48 | 000,053,248 | R--- | M] () -- C:\WINDOWS\sm56jpn.dll
MOD - [2005.08.24 21:04:48 | 000,049,152 | R--- | M] () -- C:\WINDOWS\sm56chs.dll
MOD - [2005.05.11 14:23:42 | 000,073,728 | R--- | M] () -- C:\Programme\Gemeinsame Dateien\Teleca Shared\boost_log-vc71-mt-1_32.dll
MOD - [2005.04.06 17:53:12 | 001,019,904 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\ps-vc-v8_58.dll
MOD - [2005.04.06 17:53:10 | 000,434,255 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\ps-rw-vc-v8_58.dll
MOD - [2005.04.06 17:53:10 | 000,053,364 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\zip.dll
MOD - [2005.04.06 17:53:08 | 000,057,455 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\net.dll
MOD - [2005.04.06 17:53:08 | 000,057,453 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\verify.dll
MOD - [2005.04.06 17:53:06 | 003,502,080 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
MOD - [2005.04.06 17:53:06 | 000,102,515 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\java.dll
MOD - [2005.04.06 17:53:02 | 000,032,880 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\nio.dll
MOD - [2005.04.06 17:52:58 | 000,028,791 | ---- | M] () -- C:\Programme\Adobe\Adobe Version Cue CS2\jre\bin\hpi.dll
MOD - [2001.07.31 10:17:12 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHealr.dll
========== Services (SafeList) ==========
SRV - [2013.06.12 12:08:16 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.11 23:30:51 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.11 16:49:31 | 000,181,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.06.18 17:27:10 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStatsUpdater.exe -- (ColorZillaStatsUpdater)
SRV - [2010.10.11 18:44:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.01 13:37:58 | 000,193,888 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Programme\Hama\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2007.01.22 17:50:35 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2005.11.22 21:58:48 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.04.06 17:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)
SRV - [2004.08.11 00:46:56 | 000,483,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Windows Media Connect\mswmccds.exe -- (WmcCds)
SRV - [2004.08.10 21:50:42 | 000,028,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Connect\mswmcls.exe -- (WmcCdsLs)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\MM\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.05.27 14:52:12 | 000,829,792 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870)
DRV - [2009.04.21 15:31:10 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50)
DRV - [2006.10.02 15:53:22 | 000,100,736 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006.06.18 23:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.04 06:31:04 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.04 06:31:02 | 000,034,176 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.02.20 18:59:36 | 000,083,344 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810obex.sys -- (w810obex)
DRV - [2006.02.20 18:59:34 | 000,094,064 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdm.sys -- (w810mdm)
DRV - [2006.02.20 18:59:34 | 000,085,408 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mgmt.sys -- (w810mgmt)
DRV - [2006.02.20 18:59:32 | 000,008,336 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810mdfl.sys -- (w810mdfl)
DRV - [2006.02.20 18:59:28 | 000,058,288 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w810bus.sys -- (w810bus)
DRV - [2005.08.24 21:07:18 | 000,926,372 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.08.11 21:49:28 | 000,393,088 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2004.10.27 15:21:30 | 000,145,920 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Hdaudio.sys -- (HdAudAddService)
DRV - [2004.08.13 18:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2000.03.29 18:11:20 | 000,008,096 | ---- | M] (MicroStaff Co.,Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\MASPINT.SYS -- (MASPINT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ixquick.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 6B F1 8C 5D 6B CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: stats%40colorzilla.com:2.7.12
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\MM\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\MM\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.06.11 16:34:37 | 000,000,000 | ---D | M]
[2010.03.17 16:46:13 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Mozilla\Extensions
[2013.06.11 16:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Mozilla\Firefox\Profiles\refxkwh1.default\extensions
[2013.06.11 16:51:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Mozilla\Firefox\Profiles\refxkwh1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.07.03 16:38:04 | 000,000,000 | ---D | M] (ColorZillaStats) -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Mozilla\Firefox\Profiles\refxkwh1.default\extensions\stats@colorzilla.com
[2012.04.25 15:17:32 | 000,020,591 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Mozilla\Firefox\Profiles\refxkwh1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012.12.13 15:31:09 | 000,036,098 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Mozilla\Firefox\Profiles\refxkwh1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.07.26 18:30:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.06.12 12:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.12 12:08:18 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013.06.11 12:22:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ColorZillaStats) - {59F7FE53-2860-44B1-968A-E54E3E949A07} - C:\Dokumente und Einstellungen\MM\Anwendungsdaten\ColorZillaStats\IE\ColorZillaStats.dll (Alex Sirota)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (GMX Browser Configuration by mquadr.at) - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\WINDOWS\system32\ieconfig_1und1.dll (mquadr.at softwareengineering und consulting gmbh)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Programme\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\HdAShCut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER File not found
O4 - HKLM..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe (Sony Ericsson Mobile Communications AB)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Hama Wireless LAN Utility.lnk = C:\Programme\Hama\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O15 - HKCU\..Trusted Domains: internet-schafkopf.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65835243-8CC9-4099-9908-008D20A4EDE8}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A6590BF-9BE0-451D-8A45-3F813D9BF7FC}: DhcpNameServer = 192.168.15.155 192.168.5.57 192.168.5.56
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\MM\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\MM\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.02 14:47:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {14F4D1F6-79E4-4256-A10B-3CCD138698C6} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {1BC46932-21B2-4130-86E0-B4EB4F7A7A7B} - Microsoft .NET Framework 1.0 Hotfix (KB887998)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {29A43E48-B726-47B6-9EAC-AA2B7B48E133} - Microsoft .NET Framework 1.0 Security Update (KB2698035)
ActiveX: {29E7D24F-BF30-45E7-8A40-AD27AFD8F5C6} - Microsoft .NET Framework 1.0 Hotfix (KB979904)
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {339E9413-F230-4F0F-ADDD-17914D95FD6D} - Microsoft .NET Framework 1.0 Hotfix (KB2604042)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {407408d4-94ed-4d86-ab69-a7f649d112ee} - %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {412EF925-3539-44AE-B9EC-F79D4E8DBE54} - GMX Browser Add-on
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {44E3B349-60EB-2F63-C2F0-B3B6A16D0737} - Viewpoint Media Player
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4F00D11B-8327-4C55-B7DA-B8D8C10F28A8} - Microsoft .NET Framework 1.0 Hotfix (KB2572066)
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6C298884-91FD-408C-9D90-5A59D2C29FD1} - Microsoft .NET Framework 1.1 Security Update (KB2742597)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8BF1B8CD-9A6C-4382-A454-CC769B913F48} - Microsoft .NET Framework 1.0 Hotfix (KB2656378)
ActiveX: {8F736E10-8E5C-4399-A532-D0C00A406227} - Microsoft .NET Framework 1.1 Security Update (KB2698023)
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {BDE0FA43-6952-4BA8-8C58-09AF690F88E1} - Microsoft .NET Framework 1.0 Hotfix (KB930494)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C6D10738-15D8-9F11-892E-1E7BA18F8801} - Java (Sun)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {DE895E98-54B2-4180-91E1-7A0020EDF577} - Microsoft .NET Framework 1.0 Security Update (KB2742607)
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E8EA5BD6-D931-4001-ABF6-81BAA500360A} - Microsoft .NET Framework 1.0 Hotfix (KB953295)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EA29D410-CE41-4953-A862-2DE706A1DAD7} - Microsoft .NET Framework 1.0 Service Pack 3
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {F5159EBF-EE49-AF28-F27D-C5EF75F8EE25} - Outlook Express
ActiveX: {FDC11A6F-17D1-48f9-9EA3-9051954BAA24} - .NET Framework
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{BEE825F4-60F4-4336-AD47-D87425B5E9C6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: KB910393 - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\EasyCDBlock.inf,PerUserInstall
ActiveX: Microsoft Base Smart Card Crypto Provider Package -
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2013.06.12 12:30:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MM\Desktop\OTL.exe
[2013.06.12 12:08:47 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Maintenance Service
[2013.06.12 12:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mozilla
[2013.06.12 10:10:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.06.11 19:56:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2013.06.11 19:56:22 | 009,171,472 | ---- | C] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\MM\Desktop\HitmanPro.exe
[2013.06.11 17:01:52 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\MM\Recent
[2013.06.11 16:50:19 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.06.11 16:26:40 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.06.11 14:59:07 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2013.06.11 13:25:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Malwarebytes
[2013.06.11 13:24:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.06.11 13:24:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.06.11 13:24:53 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.06.11 13:24:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.06.10 23:13:23 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013.06.10 23:13:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.10 22:43:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.06.10 22:41:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.06.10 22:19:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.06.10 22:19:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.06.10 22:19:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.06.10 22:19:22 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.10 22:18:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\MM\Eigene Dateien\Eigene Videos
[2013.06.10 22:18:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Videos
[2013.06.10 22:18:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.06.10 22:17:57 | 005,078,680 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\MM\Desktop\ComboFix.exe
[2013.06.10 20:08:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\MM\Desktop\tdsskiller.exe
[2013.06.10 12:55:10 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013.06.03 12:09:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MM\Eigene Dateien\Any Video Converter
[2013.06.03 11:20:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MM\Eigene Dateien\Any Audio Converter
[2013.06.03 11:13:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\AnvSoft
[2013.06.03 11:11:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AnvSoft
[2013.06.03 11:11:12 | 000,000,000 | ---D | C] -- C:\Programme\AnvSoft
[2013.06.02 22:39:14 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoft2
[2013.06.02 22:09:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DVDVideoSoft
[2013.02.19 17:28:54 | 000,393,040 | ---- | C] (Softonic ) -- C:\Programme\SoftonicDownloader_fuer_mediathek.exe
========== Files - Modified Within 30 Days ==========
[2013.06.12 12:30:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\MM\Desktop\OTL.exe
[2013.06.12 12:01:33 | 000,053,134 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Eigene Dateien\bookmark.htm
[2013.06.12 11:51:00 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.06.12 11:49:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.12 10:02:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.06.12 10:02:39 | 000,001,078 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.06.12 10:01:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.06.12 10:01:36 | 501,796,864 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.11 19:56:33 | 009,171,472 | ---- | M] (SurfRight B.V.) -- C:\Dokumente und Einstellungen\MM\Desktop\HitmanPro.exe
[2013.06.11 17:13:04 | 000,648,201 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Desktop\adwcleaner.exe
[2013.06.11 16:34:38 | 000,001,714 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.06.11 14:59:08 | 000,000,654 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.06.11 13:24:57 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.11 12:22:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.06.10 22:43:07 | 000,000,341 | RHS- | M] () -- C:\boot.ini
[2013.06.10 22:17:57 | 005,078,680 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\MM\Desktop\ComboFix.exe
[2013.06.10 20:08:56 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\MM\Desktop\tdsskiller.exe
[2013.06.07 15:01:40 | 004,829,363 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Desktop\colchoglolipsta_48_open_PRINT.jpg
[2013.06.04 14:14:43 | 069,818,463 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Desktop\Earlams-S01E07.zip
[2013.06.03 15:40:57 | 000,063,488 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.06.03 15:36:04 | 1707,943,936 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Desktop\Dschungelbuch Teil 1_cut.mpg
[2013.06.02 22:39:29 | 000,000,934 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Desktop\Free YouTube Download.lnk
[2013.05.17 09:15:36 | 002,689,848 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.16 18:01:23 | 000,459,532 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.05.16 18:01:23 | 000,441,696 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.05.16 18:01:23 | 000,084,914 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.05.16 18:01:23 | 000,071,632 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
========== Files Created - No Company Name ==========
[2013.06.12 12:01:31 | 000,053,134 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Eigene Dateien\bookmark.htm
[2013.06.11 17:13:03 | 000,648,201 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Desktop\adwcleaner.exe
[2013.06.11 16:34:38 | 000,001,714 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader XI.lnk
[2013.06.11 16:34:37 | 000,001,804 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader XI.lnk
[2013.06.11 16:28:02 | 000,000,884 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.06.11 14:59:08 | 000,000,654 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CCleaner.lnk
[2013.06.11 13:24:57 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.06.10 22:43:07 | 000,000,225 | ---- | C] () -- C:\Boot.bak
[2013.06.10 22:43:04 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.06.10 22:19:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.06.10 22:19:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.06.10 22:19:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.06.10 22:19:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.06.10 22:19:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.06.10 14:59:05 | 501,796,864 | -HS- | C] () -- C:\hiberfil.sys
[2013.06.07 15:02:15 | 004,829,363 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Desktop\colchoglolipsta_48_open_PRINT.jpg
[2013.06.04 14:14:25 | 069,818,463 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Desktop\Earlams-S01E07.zip
[2013.06.03 15:33:34 | 1707,943,936 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Desktop\Dschungelbuch Teil 1_cut.mpg
[2013.06.03 10:54:03 | 2745,819,735 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Desktop\Dschungelbuch Teil 1.mpg
[2013.06.02 22:39:29 | 000,000,934 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Desktop\Free YouTube Download.lnk
[2013.04.17 15:50:37 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.04.17 15:50:37 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.04.17 15:50:37 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.03.11 21:13:45 | 912,036,260 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Die Gänsemagd.flv
[2013.02.23 13:59:08 | 000,010,455 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Marc_elster_2048.pfx
[2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.05.28 18:28:01 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll
[2012.05.28 18:28:01 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2012.05.28 18:28:01 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini
[2012.05.28 18:27:42 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2012.05.02 17:00:37 | 000,134,478 | ---- | C] () -- C:\WINDOWS\HPHins11.dat
[2012.05.02 17:00:37 | 000,013,767 | ---- | C] () -- C:\WINDOWS\hphmdl11.dat
[2012.05.02 15:59:10 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
[2012.04.03 15:52:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.15 16:49:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.06.27 21:37:04 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2007.01.12 00:17:23 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.12.19 22:52:19 | 000,063,488 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.19 22:52:19 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\MM\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2006.10.02 14:43:54 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 18:03:13 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.03.06 20:06:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2009.12.10 16:50:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alawar Stargaze
[2008.11.19 17:34:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astar Games
[2008.02.19 12:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Awem
[2013.06.11 16:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Big Fish Games
[2012.05.10 13:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Borland
[2007.12.03 18:21:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Christmasville
[2012.05.09 17:59:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular
[2008.09.04 16:12:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fitn17
[2009.01.12 13:09:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Flood Light Games
[2008.01.14 16:39:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FloodLightGames
[2012.03.07 20:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fugazo
[2012.02.21 21:57:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Funny Bear Studio
[2008.11.25 12:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gogii
[2008.11.18 13:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gogii Games
[2009.03.11 17:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gold Casual Games
[2013.06.11 20:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HitmanPro
[2009.08.24 10:54:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IEConfiguration1und1
[2007.12.04 16:53:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\JollyBear
[2011.08.23 22:00:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MumboJumbo
[2008.12.10 14:15:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mushroom Age
[2008.11.05 15:07:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MysteryChronicles
[2008.09.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Oberon Games
[2010.12.20 21:57:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayFirst
[2009.02.17 14:54:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlayPond
[2008.11.12 16:50:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Playrix Entertainment
[2011.07.21 19:47:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QB9 S.R.L
[2012.05.28 18:27:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RalinkRT2870 Driver
[2008.09.03 16:31:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sandlot Games
[2010.01.14 15:30:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpecialBit
[2008.10.20 16:15:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SugarGames
[2013.01.26 18:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca
[2007.12.18 15:54:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TERMINAL Studio
[2008.10.06 12:45:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VirtualFarm
[2008.12.12 14:13:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Ancient Quest of Saqqarah__bfg
[2013.06.03 12:09:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\AnvSoft
[2009.02.25 16:27:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Artogon
[2010.01.12 17:27:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Big Fish Games
[2012.03.13 15:29:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\BULKYPIX
[2011.06.27 21:07:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\CannyGames
[2008.11.21 15:47:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\cerasus.media
[2012.07.03 16:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\ColorZillaStats
[2010.09.05 19:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\DarkParablesBriarRose_BFG_SE
[2009.12.17 15:15:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Dekovir
[2008.12.09 14:28:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Dragon Altar Games
[2013.06.02 22:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\DVDVideoSoft
[2012.05.09 18:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\elsterformular
[2008.11.25 14:28:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\EnchantedCavern
[2010.01.12 18:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Enlightenus
[2012.07.17 18:17:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\ERS Game Studios
[2013.06.11 17:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\FileZilla
[2009.01.12 13:09:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Flood Light Games
[2008.01.14 16:39:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\FloodLightGames
[2012.02.16 17:58:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Fugazo
[2007.01.12 18:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\FUJIFILM
[2008.09.05 14:49:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Gaijin Ent
[2008.12.01 14:04:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Games
[2012.02.14 16:39:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\GetRightToGo
[2011.06.27 21:36:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Ghost Ship Studios
[2008.11.18 13:33:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Gogii Games
[2009.03.11 17:06:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Gold Casual Games
[2009.06.18 14:00:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\HiT-MM
[2008.10.06 14:35:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\JewelMatch2
[2012.07.26 14:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Joybits
[2008.10.23 18:14:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\MagicTale
[2009.03.24 14:55:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Meridian93
[2011.08.22 20:57:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\My Games
[2013.01.26 19:38:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\MyPhoneExplorer
[2008.09.02 18:45:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Oberon Games
[2010.11.03 13:51:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\OpenOffice.org
[2007.02.28 10:50:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Opera
[2012.07.26 21:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Oracle
[2012.07.26 15:46:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Orneon
[2008.11.03 14:34:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\PlayFirst
[2013.01.26 18:14:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Teleca
[2010.12.01 20:55:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Ten Heavens
[2008.09.15 12:33:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\ViquaSoft
[2011.07.28 20:37:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\MM\Anwendungsdaten\Vogat Interactive
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009.08.24 18:32:05 | 000,000,000 | ---D | M] -- C:\4e04f41af4550c8ff1182b3de29396
[2012.05.27 14:25:40 | 000,000,000 | ---D | M] -- C:\5bc7bb081a4410af0ab2aef3
[2013.06.10 22:43:07 | 000,000,000 | RHSD | M] -- C:\cmdcons
[2006.10.02 14:26:28 | 000,000,000 | ---D | M] -- C:\CMPNENTS
[2013.06.11 17:03:53 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2006.12.21 01:30:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2010.10.13 16:56:13 | 000,000,000 | ---D | M] -- C:\found.000
[2006.10.04 14:03:53 | 000,000,000 | ---D | M] -- C:\Info
[2013.06.10 12:58:06 | 000,000,000 | ---D | M] -- C:\Kaspersky Rescue Disk 10.0
[2007.01.17 17:47:23 | 000,000,000 | ---D | M] -- C:\KPCMS
[2012.05.27 14:41:44 | 000,000,000 | ---D | M] -- C:\MM
[2007.01.12 18:06:09 | 000,000,000 | ---D | M] -- C:\MWASPI
[2012.07.27 23:55:36 | 000,000,000 | ---D | M] -- C:\Program Files
[2013.06.12 12:08:47 | 000,000,000 | R--D | M] -- C:\Programme
[2013.06.11 12:26:01 | 000,000,000 | ---D | M] -- C:\Qoobox
[2013.06.11 16:26:40 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2006.12.19 22:51:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.29 19:37:43 | 000,000,000 | ---D | M] -- C:\Temp
[2013.06.12 10:10:25 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2007.02.25 18:55:00 | 000,000,000 | ---D | M] -- C:\ZJ
[2012.11.21 14:37:19 | 000,000,000 | ---D | M] -- C:\_KEYSALE_2012
[2013.06.01 15:25:32 | 000,000,000 | ---D | M] -- C:\_KEYSALE_2013
[2012.06.04 15:47:36 | 000,000,000 | ---D | M] -- C:\_KEYSALE_ALLGEMEIN_MM
[2012.05.28 14:48:59 | 000,000,000 | ---D | M] -- C:\_KEYSALE_ARCHIV
[2013.06.10 18:44:16 | 000,000,000 | ---D | M] -- C:\_OTL
< %PROGRAMFILES%\*.exe >
[2013.02.19 17:28:55 | 000,393,040 | ---- | M] (Softonic ) -- C:\Programme\SoftonicDownloader_fuer_mediathek.exe
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< C:\Windows\system32\*.tsp >
[2008.04.14 04:23:08 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\h323.tsp
[2008.04.14 04:23:08 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2008.04.14 04:23:08 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ipconf.tsp
[2008.04.14 04:23:08 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2008.04.14 04:23:08 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2008.04.14 04:23:08 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2008.04.14 04:23:08 | 000,207,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2006.10.02 14:31:32 | 000,000,065 | RH-- | C] () -- C:\WINDOWS\Tasks\desktop.ini
[2006.10.02 14:50:46 | 000,000,006 | -H-- | C] () -- C:\WINDOWS\Tasks\SA.DAT
[2010.07.13 16:15:36 | 000,001,078 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2010.07.13 16:15:37 | 000,001,082 | ---- | C] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2013.06.11 16:28:02 | 000,000,884 | ---- | C] () -- C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
< MD5 for: AGP440.SYS >
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.02.12 13:14:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2009.02.12 13:14:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\erdnt\cache\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.02.12 13:14:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006.03.24 14:00:00 | 017,006,491 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2009.02.12 13:14:18 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\erdnt\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2006.03.24 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\erdnt\cache\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\erdnt\cache\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\erdnt\cache\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >
[2006.10.02 15:53:22 | 000,100,736 | R--- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\erdnt\cache\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\erdnt\cache\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\erdnt\cache\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2013.04.04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\erdnt\cache\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.03.24 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2006.03.24 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.10.02 16:37:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2006.10.02 16:37:24 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2006.10.02 16:37:24 | 000,446,464 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2013.03.11 22:02:34 | 912,036,260 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Die Gänsemagd.flv
[2013.02.23 13:59:28 | 000,010,455 | ---- | M] () -- C:\Dokumente und Einstellungen\MM\Marc_elster_2048.pfx
[2013.06.11 23:45:53 | 008,912,896 | -H-- | M] () -- C:\Dokumente und Einstellungen\MM\NTUSER.DAT
[2013.06.12 12:32:38 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\MM\ntuser.dat.LOG
[2013.06.11 23:45:44 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\MM\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2013.04.12 16:00:54 | 001,876,480 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
========== Alternate Data Streams ==========
@Alternate Data Stream - 64 bytes -> C:\Dokumente und Einstellungen\MM\Desktop\Dschungelbuch Teil 1.mpg:TOC.WMV
< End of report >
und hier die EXTRA Code:
OTL Extras logfile created on: 12.06.2013 12:33:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\MM\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
478,48 Mb Total Physical Memory | 171,15 Mb Available Physical Memory | 35,77% Memory free
1,09 Gb Paging File | 0,58 Gb Available in Paging File | 53,37% Paging File free
Paging file location(s): C:\pagefile.sys 717 717 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 143,56 Gb Total Space | 92,06 Gb Free Space | 64,13% Space Free | Partition Type: NTFS
Computer Name: BERGMANN-2 | User Name: MM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [FinePixPrint] -- "C:\Programme\FinePixViewer\FinePixViewer.exe" /p "%1" (FUJI PHOTO FILM CO.,LTD.)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe" = C:\Programme\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe:*:Enabled:Adobe Version Cue CS2 -- (Adobe Systems Incorporated)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Programme\Gemeinsame Dateien\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0134A1A1-C283-4A47-91A1-92F19F960372}" = Adobe Creative Suite 2
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B828E9F-BE56-4845-8AA1-E68DD05525AE}" = D2300_Help
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.4.2
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Hama Wireless LAN Adapter
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{49140327-BEBF-43dd-B386-43311A065609}" = hph_ProductContext
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5D9C3FCE-A8BA-42F0-9019-769A1CF9A7A9}" = hph_software
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BEC1D7-8A9F-472D-84C7-014BB155E4B2}" = HP Photosmart and Deskjet 7.0 Software (deu)
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{80FD852F-5AAC-4129-B931-06AAFFA43138}" = iTunes
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{893429F2-083B-4F82-92DC-DFDC45E8503C}" = hph_readme
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{934E9442-D305-4ACF-AD87-A6C11D677CB9}" = ImageMixer VCD2 for FinePix
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{ADBE46EE-54E0-4610-B436-D7E93D829100}" = Adobe Version Cue CS2
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2F5D08C-7E79-4FCD-AAF4-57AD35FF0601}" = Adobe Illustrator CS2
"{B7476F65-4C2E-4159-9EE1-F09987C803F1}" = D2300
"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BBBF3122-9A09-40B2-A065-CD684059FB19}" = hph_software_req
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C49DAA9C-5BA8-459A-8244-E57B69DF0F04}" = Suite Specific
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5ADA65A-7828-4D85-B071-ECC52B51F794}" = Sony Ericsson PC Suite 1.20.173
"{CA1CA5F8-7500-45C5-9D4C-47D13FBC92D2}" = Adobe Setup
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E5FCED12-3E77-4C0E-A305-5AEB38A52A70}" = AdobeColorCommonSetCMYK
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB64CD10-54E6-4116-A35A-7DD631C9E079}" = Hsp-Verwaltung 2.0
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_1710d324011afc3e7658e969025f4ba" = Adobe InDesign CS4
"CCleaner" = CCleaner
"D05489024178C355A00685716CC006D7F790E755" = Windows-Treiberpaket - Motorola Inc (smserial) Modem (08/24/2005 6.10.09)
"ElsterFormular 13.2.0.8623u" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.3
"Free YouTube Download_is1" = Free YouTube Download version 3.2.2.430
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"TimeLapse" = TimeLapse
"VLC media player" = VLC media player 2.0.4
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 02.06.2013 16:12:48 | Computer Name = BERGMANN-2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application freevideodub.exe, version 2.0.18.430, stamp 517fd4f8,
faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
0x00000000.
Error - 03.06.2013 05:58:35 | Computer Name = BERGMANN-2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aaconverter.exe, Version 4.0.1.1, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 03.06.2013 06:04:02 | Computer Name = BERGMANN-2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung aaconverter.exe, Version 4.0.1.1, fehlgeschlagenes
Modul aaconverter.exe, Version 4.0.1.1, Fehleradresse 0x00002b92.
Error - 03.06.2013 06:40:24 | Computer Name = BERGMANN-2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application freevideodub.exe, version 2.0.18.430, stamp 517fd4f8,
faulting module mmcore.dll, version 1.0.4.430, stamp 517fcd32, debug? 0, fault
address 0x000020e2.
Error - 03.06.2013 09:35:58 | Computer Name = BERGMANN-2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application freevideodub.exe, version 2.0.18.430, stamp 517fd4f8,
faulting module mmcore.dll, version 1.0.4.430, stamp 517fcd32, debug? 0, fault
address 0x000020e2.
Error - 03.06.2013 09:39:20 | Computer Name = BERGMANN-2 | Source = .NET Runtime 2.0 Error Reporting | ID = 1000
Description = Faulting application freevideodub.exe, version 2.0.18.430, stamp 517fd4f8,
faulting module mmcore.dll, version 1.0.4.430, stamp 517fcd32, debug? 0, fault
address 0x000020e2.
Error - 06.06.2013 07:11:33 | Computer Name = BERGMANN-2 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung photoshop.exe, Version 9.0.0.0, fehlgeschlagenes
Modul versioncueui.dll, Version 4.0.0.2838, Fehleradresse 0x00028665.
Error - 10.06.2013 14:09:12 | Computer Name = BERGMANN-2 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 10.06.2013 14:09:12 | Computer Name = BERGMANN-2 | Source = crypt32 | ID = 131083
Description = Die Extrahierung der Drittanbieterstammlisten aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
ist fehlgeschlagen mit dem Fehler: Ein erforderliches Zertifikat befindet sich
nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel
in der signierten Datei. .
Error - 11.06.2013 07:33:43 | Computer Name = BERGMANN-2 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung mbam.exe, Version 1.75.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:44 | Computer Name = BERGMANN-2 | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk0\D gefunden.
Error - 12.06.2013 04:01:53 | Computer Name = BERGMANN-2 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%2148074295
Error - 12.06.2013 04:02:00 | Computer Name = BERGMANN-2 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Fips
< End of report >
lg Marc |
Textbox.