Trojaner-Board - Papas Laptop ist kompromittiert :-°

So, hier die versprochenen Logs:
OTL.Txt

Code:

OTL logfile created on: 02.07.2011 16:43:52 - Run 1

OTL by OldTimer - Version 3.2.25.0     Folder = C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

510,98 Mb Total Physical Memory | 184,01 Mb Available Physical Memory | 36,01% Memory free

1,22 Gb Paging File | 0,96 Gb Available in Paging File | 78,60% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 27,95 Gb Total Space | 1,49 Gb Free Space | 5,32% Space Free | Partition Type: NTFS

Drive D: | 21,56 Gb Total Space | 11,46 Gb Free Space | 53,17% Space Free | Partition Type: NTFS

Drive E: | 6,37 Gb Total Space | 0,85 Gb Free Space | 13,39% Space Free | Partition Type: FAT32

Drive G: | 61,16 Mb Total Space | 34,96 Mb Free Space | 57,15% Space Free | Partition Type: FAT

 

Computer Name: NAME-KUNSTHAUS | User Name: ULRICH Kunsthaus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.07.02 16:21:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\OTL.exe

PRC - [2011.07.02 15:57:44 | 000,049,152 | ---- | M] () -- C:\Program Files\Windows NT\cmd32.exe

PRC - [2010.09.21 00:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2009.09.05 21:08:13 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe

PRC - [2009.04.21 13:49:04 | 000,330,752 | RHS- | M] (JPEG Image) -- C:\Program Files\Windows NT\explorer.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007.11.15 11:12:04 | 000,784,912 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe

PRC - [2007.11.15 11:08:26 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe

PRC - [2007.03.02 16:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Programme\Brother\Brmfcmon\BrMfcMon.exe

PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe

PRC - [2006.09.11 05:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe

PRC - [2004.08.05 19:28:42 | 000,090,112 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\Dit.exe

PRC - [2004.06.28 10:38:44 | 000,180,224 | ---- | M] (LANCOM Systems GmbH, Würselen (Germany)) -- C:\WINDOWS\system32\rcapi.exe

PRC - [2004.01.19 15:06:08 | 000,057,344 | ---- | M] () -- C:\Programme\Home Cinema\PowerCinema\PCMService.exe

PRC - [2003.12.23 21:48:44 | 000,126,976 | ---- | M] (AVerMedia Technologies, Inc.) -- C:\WINDOWS\system32\powerman.exe

PRC - [2003.11.20 17:19:14 | 000,098,304 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe

PRC - [2003.11.13 19:23:52 | 000,062,464 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2003.10.03 10:11:02 | 000,040,960 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe

PRC - [2003.09.12 16:24:42 | 000,065,536 | ---- | M] () -- C:\Programme\Launch Manager\WButton.exe

PRC - [2003.08.04 17:54:52 | 000,215,552 | ---- | M] (Intersil Americas Inc.) -- C:\WINDOWS\system32\PRISMSTA.exe

PRC - [2003.06.25 11:53:30 | 000,204,800 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\OSD.exe

PRC - [2003.05.12 15:28:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe

PRC - [2002.09.20 16:29:30 | 000,053,248 | ---- | M] (Computer Associates) -- C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe

PRC - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe

PRC - [1998.07.30 14:55:24 | 000,022,528 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead PhotoImpact 4.2\ABMTSR.EXE

PRC - [1998.04.15 10:59:46 | 000,082,944 | ---- | M] (Corel Corporation) -- C:\Corel\Graphics8\Programs\MFIndexer.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.07.02 16:21:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\OTL.exe

MOD - [2010.08.23 18:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008.04.14 04:22:08 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll

MOD - [2008.04.14 04:22:08 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll

MOD - [2007.11.15 11:10:38 | 000,062,480 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\lgscroll.dll

MOD - [2006.12.01 23:54:34 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll

MOD - [2006.12.01 23:54:32 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll

MOD - [2003.12.12 13:04:00 | 000,856,133 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll

MOD - [2003.12.12 13:04:00 | 000,176,128 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsde.dll

MOD - [2003.11.20 17:19:08 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Disabled | Stopped] --  -- (HidServ)

SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)

SRV - [2007.11.15 11:09:42 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

SRV - [2005.04.04 01:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004.06.28 10:38:44 | 000,180,224 | ---- | M] (LANCOM Systems GmbH, Würselen (Germany)) [Auto | Running] -- C:\WINDOWS\system32\rcapi.exe -- (LcsCapiCtl)

SRV - [2002.09.20 16:41:02 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)

SRV - [2002.09.20 16:29:30 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- C:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)

SRV - [2002.09.20 16:27:06 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- C:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)

SRV - [2001.11.12 14:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.07.02 15:57:59 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBCRFT.SYS -- (CardReaderFilter)

DRV - [2007.09.21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2007.09.21 04:10:46 | 000,036,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2007.09.21 04:10:40 | 000,035,088 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2004.04.16 23:51:14 | 000,705,536 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmuda2.sys -- (cmuda2)

DRV - [2004.01.16 20:24:18 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)

DRV - [2004.01.16 11:13:00 | 000,057,344 | ---- | M] (AVerMedia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AvMini20.sys -- (AVCamUSB20)

DRV - [2004.01.16 11:13:00 | 000,012,692 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cresscan.sys -- (Usb20Scan)

DRV - [2003.12.11 00:01:56 | 000,077,605 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)

DRV - [2003.12.11 00:01:30 | 001,086,789 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)

DRV - [2003.12.11 00:00:44 | 000,619,465 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)

DRV - [2003.12.11 00:00:10 | 000,031,440 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)

DRV - [2003.11.28 19:34:40 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)

DRV - [2003.11.13 20:25:26 | 000,391,680 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003.11.13 16:05:36 | 000,481,596 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2003.08.26 20:58:08 | 000,364,320 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)

DRV - [2003.07.07 12:44:28 | 000,063,488 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm.sys -- (tifm)

DRV - [2003.04.28 12:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\HOTKEY.sys -- (Hotkey)

DRV - [2003.03.20 18:01:46 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)

DRV - [2002.10.04 12:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation       ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)

DRV - [2002.08.08 18:38:36 | 000,025,178 | ---- | M] (LANCOM Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCSWAN.sys -- (LCSWAN) LANCOM NDISWAN (Ver. 1.01.0001)

DRV - [2002.08.08 17:35:42 | 000,239,104 | ---- | M] (LANCOM Systems) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\rcapi.sys -- (LcsCapiDrv)

DRV - [2001.11.14 19:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

O1 HOSTS File: ([2011.07.02 15:57:44 | 002,111,940 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: 127.0.0.1 download7.avast.com

O1 - Hosts: 127.0.0.1 download6.avast.com

O1 - Hosts: 127.0.0.1 download5.avast.com

O1 - Hosts: 127.0.0.1 download4.avast.com

O1 - Hosts: 127.0.0.1 download3.avast.com

O1 - Hosts: 127.0.0.1 download2.avast.com

O1 - Hosts: 127.0.0.1 download1.avast.com

O1 - Hosts: 127.0.0.1 download0.avast.com

O1 - Hosts: 127.0.0.1 download72.avast.com

O1 - Hosts: 127.0.0.1 download73.avast.com

O1 - Hosts: 127.0.0.1 download74.avast.com

O1 - Hosts: 127.0.0.1 download75.avast.com

O1 - Hosts: 127.0.0.1 download76.avast.com

O1 - Hosts: 127.0.0.1 download77.avast.com

O1 - Hosts: 127.0.0.1 download78.avast.com

O1 - Hosts: 127.0.0.1 download79.avast.com

O1 - Hosts: 127.0.0.1 download80.avast.com

O1 - Hosts: 127.0.0.1 download81.avast.com

O1 - Hosts: 127.0.0.1 download82.avast.com

O1 - Hosts: 127.0.0.1 download83.avast.com

O1 - Hosts: 127.0.0.1 download84.avast.com

O1 - Hosts: 127.0.0.1 download85.avast.com

O1 - Hosts: 127.0.0.1 download91.avast.com

O1 - Hosts: 127.0.0.1 download92.avast.com

O1 - Hosts: 130191 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [ALDI_NORD_FotoSuite_Download] C:\Programme\ALDI Foto Service Nord\ALDI_Foto_Service\FotoSuite.exe (MAGIX AG)

O4 - HKLM..\Run: [CmUsbAudio]  File not found

O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [CtrlVol] C:\Programme\Launch Manager\CtrlVol.exe (Wistron)

O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)

O4 - HKLM..\Run: [HotkeyApp] C:\Programme\Launch Manager\HotkeyApp.exe (Wistron)

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [LaunchAp] C:\Programme\Launch Manager\LaunchAp.exe ()

O4 - HKLM..\Run: [LMgrOSD] C:\Programme\Launch Manager\OSD.exe (Wistron)

O4 - HKLM..\Run: [Microsoft Works Update Detection]  File not found

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMService] C:\Programme\Home Cinema\PowerCinema\PCMService.exe ()

O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()

O4 - HKLM..\Run: [powerman] C:\WINDOWS\System32\powerman.exe (AVerMedia Technologies, Inc.)

O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Wbutton] C:\Programme\Launch Manager\Wbutton.exe ()

O4 - HKCU..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKCU..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)

O4 - HKCU..\Run: [updateMgr]  File not found

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Album Fast Start.lnk = C:\Programme\Ulead Systems\Ulead PhotoImpact 4.2\ABMTSR.EXE (Ulead Systems, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Corel MEDIA FOLDERS INDEXER 8.LNK = C:\Corel\Graphics8\Programs\MFIndexer.exe (Corel Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE (SEIKO EPSON CORPORATION)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O15 - HKCU\..Trusted Domains:   ([]msn in My Computer)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/swdir.cab (Shockwave ActiveX Control)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} hxxp://207.188.7.150/2575a1141fef8049c006/netzip/RdxIE601_de.cab (RdxIE Class)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37980.2136111111 (Reg Error: Key error.)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)

O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 5aol.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 5aol.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003.10.16 01:41:33 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2011.03.11 22:15:34 | 000,000,101 | RHS- | M] () - C:\AUTORUN.INF -- [ NTFS ]

O32 - AutoRun File - [2011.03.11 22:15:35 | 000,000,101 | RHS- | M] () - D:\AUTORUN.INF -- [ NTFS ]

O32 - AutoRun File - [2011.03.11 21:15:36 | 000,000,101 | RHS- | M] () - E:\AUTORUN.INF -- [ FAT32 ]

O32 - AutoRun File - [2011.07.02 16:24:02 | 000,000,101 | RHS- | M] () - G:\AUTORUN.INF -- [ FAT ]

O33 - MountPoints2\{08261a69-4c1c-11e0-bb92-00a05707c5c0}\Shell - "" = AutoRun

O33 - MountPoints2\{08261a69-4c1c-11e0-bb92-00a05707c5c0}\Shell\Auto\command - "" = G:\kkk.exe -- [2009.04.21 13:49:04 | 000,330,752 | RHS- | M] (JPEG Image)

O33 - MountPoints2\{08261a69-4c1c-11e0-bb92-00a05707c5c0}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{08261a69-4c1c-11e0-bb92-00a05707c5c0}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kkk.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player

ActiveX: {057997dd-71e4-43cc-b161-3f8180691a9e} - Q824145

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java

ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)

ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1

ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow

ActiveX: {2298d453-bcae-4519-bf33-1cbf3faf1524} - Q867801

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4

ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009

ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)

ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe

ActiveX: {3e7bb08a-a7a3-4692-8eac-ac5e7895755b} - KB834707

ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)

ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW

ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider

ActiveX: {abcdf74f-9a64-4e6e-b8eb-6e5a41de6550} - 

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework

ActiveX: {CB86EC62-CEA7-4C82-9EBA-B7A5E410E54C} - Reg Error: Value error.

ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894

ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353

ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994

ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

 

NetSvcs: 6to4 -  File not found

NetSvcs: AppMgmt -  File not found

NetSvcs: HidServ -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Iprip -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: WmdmPmSp -  File not found

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.02 16:27:15 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\OTL.exe

[2011.07.02 15:59:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Eigene Dateien\Meine empfangenen Dateien

[2004.01.16 19:51:47 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\AVerAPI_E860.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.07.02 16:33:56 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\defogger_reenable

[2011.07.02 16:21:48 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\bkupkwtc.exe

[2011.07.02 16:21:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\OTL.exe

[2011.07.02 16:19:40 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\Defogger.exe

[2011.07.02 15:59:21 | 000,000,439 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics

[2011.07.02 15:58:00 | 000,002,267 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI

[2011.07.02 15:57:59 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS

[2011.07.02 15:57:44 | 002,111,940 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011.07.02 15:57:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.07.02 15:57:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.07.02 15:57:28 | 535,875,584 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.02 15:56:50 | 026,212,251 | ---- | M] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\Covers.pdf

[2011.07.01 22:39:41 | 000,000,002 | ---- | M] () -- C:\WINDOWS\MessengerPlus.ini

[2011.06.28 22:12:50 | 000,064,850 | ---- | M] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Anwendungsdaten\wklnhst.dat

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.07.02 16:33:56 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\defogger_reenable

[2011.07.02 16:27:15 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\Defogger.exe

[2011.07.02 16:26:44 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\bkupkwtc.exe

[2011.07.02 15:53:26 | 026,212,251 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop\Covers.pdf

[2011.03.28 09:15:34 | 000,000,002 | ---- | C] () -- C:\WINDOWS\MessengerPlus.ini

[2009.06.18 17:40:37 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\E_ADDNET.DAT

[2009.06.18 17:39:02 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SP3800Euro.ini

[2009.02.05 15:20:11 | 000,042,993 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Anwendungsdaten\mdbu.bin

[2009.02.05 15:07:44 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll

[2009.02.05 15:07:01 | 000,007,119 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini

[2008.12.20 21:03:38 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

[2008.04.17 11:45:47 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008.04.17 11:45:47 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008.04.17 11:42:41 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf07a.dat

[2008.04.17 11:39:35 | 000,031,664 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2007.01.31 14:03:37 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLec.DAT

[2005.06.07 23:12:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CmiUSBUninstall.exe

[2005.06.07 23:12:58 | 000,000,730 | ---- | C] () -- C:\WINDOWS\Cmuda2.ini

[2005.06.07 23:12:57 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrm.exe

[2005.06.07 23:12:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\cmdrvrm.dll

[2005.04.06 19:39:30 | 000,000,269 | R--- | C] () -- C:\WINDOWS\Dit.INI

[2004.10.22 14:56:39 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004.05.06 14:58:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI

[2004.03.20 17:10:27 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2004.03.17 16:56:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2004.03.16 18:51:07 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini

[2004.03.12 15:56:51 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\qtuninst.dll

[2004.03.12 15:49:35 | 000,002,267 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI

[2004.03.12 15:42:18 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll

[2004.03.12 15:41:38 | 000,039,095 | ---- | C] () -- C:\WINDOWS\iccsigs.dat

[2004.02.29 23:19:34 | 000,064,850 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Anwendungsdaten\wklnhst.dat

[2004.02.29 23:19:32 | 000,012,288 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2004.02.29 23:19:32 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2004.01.16 19:52:24 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe

[2004.01.16 13:35:23 | 000,191,976 | ---- | C] () -- C:\WINDOWS\CRES1100.EXE

[2004.01.16 13:35:23 | 000,099,672 | ---- | C] () -- C:\WINDOWS\dibapi32.dll

[2004.01.16 13:35:23 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\cresvfw.dll

[2004.01.16 13:35:23 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\preview.dll

[2004.01.16 13:35:23 | 000,012,692 | ---- | C] () -- C:\WINDOWS\System32\drivers\cresscan.sys

[2003.12.31 19:47:47 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2003.12.31 18:49:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003.12.31 18:41:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2003.12.25 17:40:17 | 004,142,932 | ---- | C] () -- C:\WINDOWS\System32\DETour.exe

[2003.12.25 16:29:09 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini

[2003.12.25 16:28:43 | 000,036,864 | ---- | C] () -- C:\WINDOWS\RmvDirX.exe

[2003.12.25 15:47:23 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2003.12.25 15:24:24 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2003.12.25 15:10:30 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2003.12.25 14:38:37 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

[2003.12.25 14:29:30 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys

[2003.12.25 14:24:30 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2003.12.25 14:24:27 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat

[2003.11.10 17:06:08 | 000,406,016 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe

[2003.10.16 10:29:39 | 000,000,970 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2003.10.16 10:29:30 | 000,386,912 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2003.10.16 10:29:30 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2003.10.16 10:29:30 | 000,062,974 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2003.10.16 10:29:30 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2003.10.16 10:29:15 | 000,376,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2003.10.16 10:29:15 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2003.10.16 10:29:14 | 000,052,148 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2003.10.16 10:29:14 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2003.10.16 10:29:13 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2003.10.16 10:29:12 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2003.10.16 10:29:11 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2003.10.16 10:29:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2003.10.16 10:29:08 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2003.10.16 10:29:03 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2003.10.16 10:28:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2003.10.16 02:33:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2003.10.16 02:32:54 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2003.10.16 02:15:48 | 000,008,632 | ---- | C] () -- C:\WINDOWS\PRISMDOM.ini

[2003.10.16 01:45:32 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003.10.16 01:43:35 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2003.10.16 01:39:17 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2000.01.21 05:01:00 | 000,000,110 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT

 
 ========== LOP Check ==========

 

[2009.02.05 15:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ALDI Foto Service Nord

[2009.02.05 15:08:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Aldi Nord Fotoservice

[2004.03.17 17:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software

[2010.04.07 12:43:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\elsterformular

[2007.01.31 14:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp

[2009.06.18 17:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON

[2003.10.16 02:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MSN Messenger 6.1.0202

[2007.01.31 13:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon

[2010.07.24 13:02:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft

[2007.01.31 14:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15

[2011.02.13 13:36:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Anwendungsdaten\BabylonToolbar

[2010.04.07 12:45:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Anwendungsdaten\elsterformular

[2007.03.07 18:12:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Anwendungsdaten\Nikon

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.03.28 09:10:39 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2004.03.12 15:39:55 | 000,000,000 | ---D | M] -- C:\Corel

[2004.05.06 15:29:34 | 000,000,000 | ---D | M] -- C:\digibib3

[2006.04.16 12:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen

[2004.06.23 16:35:17 | 000,000,000 | ---D | M] -- C:\etrustTemp

[2005.04.16 13:30:25 | 000,000,000 | ---D | M] -- C:\lancom

[2003.12.25 15:48:03 | 000,000,000 | ---D | M] -- C:\My Music

[2005.04.16 13:26:23 | 000,000,000 | ---D | M] -- C:\Neuer Ordner (2)

[2011.03.11 22:15:26 | 000,000,000 | ---D | M] -- C:\Program Files

[2011.02.13 18:56:00 | 000,000,000 | R--D | M] -- C:\Programme

[2004.04.03 16:51:26 | 000,000,000 | -HSD | M] -- C:\RECYCLER

[2004.10.23 12:01:10 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.04.25 17:13:25 | 000,000,000 | ---D | M] -- C:\TEMP

[2004.05.06 14:28:10 | 000,000,000 | ---D | M] -- C:\USM

[2011.06.19 15:21:31 | 000,000,000 | ---D | M] -- C:\WINDOWS

 
 < %PROGRAMFILES%\*.exe >

 

Invalid Environment Variable: LOCALAPPDATA

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2002.08.29 14:00:00 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtUninstallKB820291$\explorer.exe

[2004.08.04 09:57:53 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe

[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\explorer.exe

[2009.04.21 13:49:04 | 000,330,752 | RHS- | M] (JPEG Image) MD5=5FD54AB2C3409B3B431F9C16F617A28B -- C:\Program Files\Windows NT\explorer.exe

[2007.06.13 15:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2004.08.04 09:58:09 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe

[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe

[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe

[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\regedit.exe

[2002.08.29 14:00:00 | 000,141,312 | ---- | M] (Microsoft Corporation) MD5=FD95FFECC4B1FE72597D7FA6AF8C2870 -- C:\WINDOWS\I386\REGEDIT.EXE

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2002.08.29 14:00:00 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtUninstallKB840987$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\d7ca437757bb79190d8fe0f22734e38b\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-07 11:09:14
 

< End of report >

Extras.Txt

Code:

OTL Extras logfile created on: 02.07.2011 16:43:52 - Run 1

OTL by OldTimer - Version 3.2.25.0     Folder = C:\Dokumente und Einstellungen\ULRICH Kunsthaus\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

510,98 Mb Total Physical Memory | 184,01 Mb Available Physical Memory | 36,01% Memory free

1,22 Gb Paging File | 0,96 Gb Available in Paging File | 78,60% Paging File free

Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 27,95 Gb Total Space | 1,49 Gb Free Space | 5,32% Space Free | Partition Type: NTFS

Drive D: | 21,56 Gb Total Space | 11,46 Gb Free Space | 53,17% Space Free | Partition Type: NTFS

Drive E: | 6,37 Gb Total Space | 0,85 Gb Free Space | 13,39% Space Free | Partition Type: FAT32

Drive G: | 61,16 Mb Total Space | 34,96 Mb Free Space | 57,15% Space Free | Partition Type: FAT

 

Computer Name: NAME-KUNSTHAUS | User Name: ULRICH Kunsthaus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 1

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE

"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)

"C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Programme\Microsoft Games\Flight Simulator 9\fs9.exe:*:Disabled:Microsoft Flight Simulator

"C:\Programme\Ipswitch\WS_FTP Pro\wsftpgui.exe" = C:\Programme\Ipswitch\WS_FTP Pro\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{00030407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business

"{04440044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Enzyklopädie 2004

"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer

"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery

"{1C76CF8E-CD80-414E-A7D6-8D2142170150}" = AVerTV USB 2.0 Driver

"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 2.0

"{30C10EE3-EFB3-4B7A-9CDC-50790C2B5200}" = CA Licensing

"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper

"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC

"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer

"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH(R) Jukebox

"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word

"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works

"{64310762-E4AF-4CC0-B5B3-2726F39AB029}" = InstantCopy

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm

"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = 83018SC 16 in 1 Cardreader USB2.0

"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003

"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002

"{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}" = Realtek RTL8139/810x Fast Ethernet NIC Driver Setup

"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE

"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{ABEB838C-A1A7-4C5D-B7E1-8B4314600202}" = MSN Messenger 6.1

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch

"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Pro

"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer

"{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.1.8

"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = TI PCI7620

"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools

"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Photoshop 6.0" = Adobe Photoshop 6.0

"Adobe SVG Viewer" = Adobe SVG Viewer

"ALDI Foto Service Nord D" = ALDI Foto Service Nord

"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice

"Belser Lexikon 2.0" = Belser Lexikon 2.0

"C-Media USB Audio" = Silver Crest Portable USB Speakers

"C-Media USB Audio Driver" = C-Media USB WDM Audio Driver

"Corel Uninstaller" = Corel Uninstaller

"Digitale Bibliothek" = Digitale Bibliothek

"DivX Codec" = DivX Codec

"ElsterFormular 11.2.0.4074" = ElsterFormular

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"EPSON-Drucker und Utilities" = EPSON-Drucker-Software

"ESPR3800 Benutzerhandbuch" = ESPR3800 Benutzerhandbuch

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{1C76CF8E-CD80-414E-A7D6-8D2142170150}" = AVerTV USB 2.0 Driver

"InstallShield_{C21D5524-A970-42FA-AC8A-59B8C7CDCA31}" = QuickTime

"InstallShield_{F16F258A-6300-4A1C-BC49-7929EFF455E2}" = Texas Instruments PCI7620 drivers.

"Intel(R) 537EA Modem" = Intel(R) 537EA Modem

"LANconfig" = LANconfig

"LANmonitor" = LANmonitor

"LcsCapi" = LANCAPI

"LcsNdisWan" = LANCAPI DFÜ-Netzwerk Unterstützung

"MediaShow" = Medi@Show

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"Nero - Burning Rom!UninstallKey" = Nero OEM

"Nikon FotoShare" = Nikon FotoShare

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers

"QuickTime 3.0" = QuickTime 3.0

"RealPlayer 12.0" = RealPlayer

"Shockwave" = Shockwave

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Ulead COOL 360 1.0" = Ulead COOL 360 1.0

"Ulead Photo Explorer 4.2 Full" = Ulead Photo Explorer 4.2

"Ulead PhotoImpact 4.2" = Ulead PhotoImpact 4.2

"ViewpointMediaPlayer" = Viewpoint Media Player

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Works2004Setup" = Setup-Start von Microsoft Works 2004

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"X10Hardware" = X10 Hardware(TM)

"Yahoo! Anti-Spy" = Yahoo! Anti-Spy

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Toolbar" = Yahoo! Toolbar

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 31.03.2011 03:30:11 | Computer Name = NAME-KUNSTHAUS | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung svchost.exe, Version 5.1.2600.5512, fehlgeschlagenes

 Modul ntdll.dll, Version 5.1.2600.6055, Fehleradresse 0x00019af2.

 

Error - 05.05.2011 04:26:12 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 04.06.2011 17:14:26 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 04.06.2011 17:14:26 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 04.06.2011 17:14:31 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 04.06.2011 17:16:10 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.06.2011 04:44:49 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.06.2011 08:38:47 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 05.06.2011 08:38:53 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 19.06.2011 09:22:20 | Computer Name = NAME-KUNSTHAUS | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung E_SRUN03.EXE, Version 1.0.1.0, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 02.07.2011 10:41:46 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:43:49 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:45:27 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:45:59 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:47:51 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:49:29 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:50:01 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:52:50 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:54:28 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

Error - 02.07.2011 10:55:00 | Computer Name = NAME-KUNSTHAUS | Source = Service Control Manager | ID = 7011

Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung

 von Dienst Dnscache.

 

 

< End of report >

GMER.log

Code:

GMER 1.0.15.15640 - hxxp://www.gmer.net

Rootkit scan 2011-07-02 21:51:08

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 IC25N060ATMR04-0 rev.MO3OAD4A

Running: bkupkwtc.exe; Driver: C:\DOKUME~1\ULRICH~1\LOKALE~1\Temp\kgryipob.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           C:\WINDOWS\System32\DRIVERS\nv4_mini.sys                                                                                       section is writeable [0xF72A7340, 0x10989F, 0xF8000020]

init            C:\WINDOWS\system32\drivers\tifm.sys                                                                                           entry point in "init" section [0xF88DFD00]

init            C:\WINDOWS\system32\drivers\ALCXSENS.SYS                                                                                       entry point in "init" section [0xF7126590]

init            C:\WINDOWS\System32\DRIVERS\mohfilt.sys                                                                                        entry point in "init" section [0xF8A50A60]

.text           C:\WINDOWS\System32\nv4_disp.dll                                                                                               section is writeable [0xBF012300, 0x238CD0, 0xF8000020]
 

---- User code sections - GMER 1.0.15 ----
 

?               C:\Program Files\Windows NT\explorer.exe[2204]                                                                                 time/date stamp mismatch; 

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!??2@YAPAXI@Z                                                        77BF9CC5 5 Bytes  JMP 0A93B250 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!??3@YAXPAX@Z                                                        77BF9CDD 5 Bytes  JMP 0A93B2A0 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z                                  77BF9D9F 5 Bytes  JMP 0A93B2C0 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_expand                                                             77BF9FE5 5 Bytes  JMP 0A93B230 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_heapadd                                                            77BFBC9F 5 Bytes  JMP 0A93B310 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_heapchk                                                            77BFBCB3 5 Bytes  JMP 0A93B320 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_heapset + 1                                                        77BFBD83 4 Bytes  JMP 0A93B351 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_heapmin                                                            77BFBD8C 5 Bytes  JMP 0A93B420 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_heapused                                                           77BFBE3A 5 Bytes  JMP 0A93B3F0 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_heapwalk                                                           77BFBE4D 5 Bytes  JMP 0A93B360 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!_msize                                                              77BFBF6C 5 Bytes  JMP 0A93B180 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!calloc                                                              77BFC0C3 5 Bytes  JMP 0A93B110 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!free                                                                77BFC21B 5 Bytes  JMP 0A93B170 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!malloc                                                              77BFC407 5 Bytes  JMP 0A93B0D0 C:\WINDOWS\system32\SH33W32.dll

.text           C:\Corel\Graphics8\Programs\MFIndexer.exe[4024] msvcrt.dll!realloc                                                             77BFC437 5 Bytes  JMP 0A93B150 C:\WINDOWS\system32\SH33W32.dll
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass0                                                                                        SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice  \Driver\Kbdclass \Device\KeyboardClass1                                                                                        SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E065A80-0451-46D6-A0A7-67195D51B1EE}@LeaseObtainedTime    1309618932

Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E065A80-0451-46D6-A0A7-67195D51B1EE}@T1                   1309620732

Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E065A80-0451-46D6-A0A7-67195D51B1EE}@T2                   1309622082

Reg             HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1E065A80-0451-46D6-A0A7-67195D51B1EE}@LeaseTerminatesTime  1309622532

Reg             HKLM\SYSTEM\CurrentControlSet\Services\{1E065A80-0451-46D6-A0A7-67195D51B1EE}\Parameters\Tcpip@LeaseObtainedTime               1309618932

Reg             HKLM\SYSTEM\CurrentControlSet\Services\{1E065A80-0451-46D6-A0A7-67195D51B1EE}\Parameters\Tcpip@T1                              1309620732

Reg             HKLM\SYSTEM\CurrentControlSet\Services\{1E065A80-0451-46D6-A0A7-67195D51B1EE}\Parameters\Tcpip@T2                              1309622082

Reg             HKLM\SYSTEM\CurrentControlSet\Services\{1E065A80-0451-46D6-A0A7-67195D51B1EE}\Parameters\Tcpip@LeaseTerminatesTime             1309622532
 

---- EOF - GMER 1.0.15 ----

Es sei hinzuzufügen, dass ich bei GMER zwischendurch das Drucker-USB-Kabel gezogen hatte, ich konnte mit dem Druck leider nicht länger warten. :/

"Worm:Win32/VirAuto.A" hat MSSE auch auf dem PC meines Vaters gefunden, in einer .zip-Datei, die allerdings in dem Verzeichnis selbst nicht mehr zu finden war. Der Ursprung derselben ist uns bekannt - jemand wird demnächst noch eine E-Mail erhalten, dass seine Zip`s infiziert sind... Ansonsten schien der aber einem Vollscan mit MSSE nach clean zu sein, was natürlich nichts heißen muss.
-> h@@p://www.microsoft.com/security/po...dia/Entry.aspx?name=Worm%3aWin32%2fVirauto.A&threatid=2147624069
"Worm:Win32/Autorun!inf" -> h@@p://www.microsoft.com/security/po...dia/Entry.aspx?name=Worm%3aWin32%2fAutorun!inf&threatid=2147597307
AUf dem Laptop meines Vaters ist MSN installiert, aber kein P2P-Client. Er sagte mir, dass sich "seit einiger Zeit" MSN beim Booten immer automatisch gestartet hatte (Er hat es nie benutzt.), was vorher nicht so war, das ließ sich aber in den Optionen von MSN abstellen.

Grüße, Mata

EDIT:
Sorry, ich hatte deine Antwort nicht gesehen. Ich dachte eigentlich dass HJT und MBAM outdated waren, wenn du darauf bestehst kann ich das morgen noch machen; eigentlich weiß ich aber jetzt schon dass ich dafür keine Zeit mehr haben werde, der Scan mit GMER dauerte schon 6 Stunden. :/
Was ich wichtiges vergessen hatte zu erwähnen: Auf dem Laptop meines Vaters befand sich kein Antiviren-Programm, was ich aus ihm rausbekommen habe war, dass wohl mal in Urzeiten eines drauf gewesen sein muss, welches aber abgelaufen ist... deswegen auch meine Überzeugung, dass der plattgemacht werden muss. Und keine Sorge, die einzigen Daten die er da retten will sind Gigabytes an .jpgs. Was anderes würde ich ihm auch nicht erlauben.^^

So...
Vollscan meines Laptops mit MBAM hat erstmal nix gefunden.

OTL.txt

Code:

OTL logfile created on: 03.07.2011 12:08:17 - Run 5

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jonas\Desktop

64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 37,99 Gb Total Space | 11,31 Gb Free Space | 29,78% Space Free | Partition Type: NTFS

Drive D: | 250,04 Gb Total Space | 36,76 Gb Free Space | 14,70% Space Free | Partition Type: NTFS

Drive F: | 238,38 Mb Total Space | 85,50 Mb Free Space | 35,87% Space Free | Partition Type: FAT

 

Computer Name: MATAS_LAPTOP | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\EIGENE PROGRAMME\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

PRC - C:\Treiber\ATK Hotkey\HControl.exe (ASUS)

PRC - C:\Treiber\ATKOSD2\ATKOSD2.exe (ASUS)

PRC - C:\Treiber\ATK Hotkey\HControlUser.exe (ASUS)

PRC - C:\Treiber\ATK Hotkey\ATKOSD.exe (ASUS)

PRC - C:\Treiber\ATK Hotkey\AsLdrSrv.exe (ASUS)

PRC - C:\Treiber\ATK Hotkey\WDC.exe (ASUS)

PRC - C:\Treiber\ATK Hotkey\KBFiltr.exe (ASUS)

PRC - C:\Treiber\ATK Hotkey\Atouch64.exe ()

PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Jonas\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (ASLDRService) -- C:\Treiber\ATK Hotkey\AsLdrSrv.exe (ASUS)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()

SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)

DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()

DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)

DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC)

DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC)

DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC)

DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 55 D1 89 23 CD 18 CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.update: false

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\EIGENE PROGRAMME\Mozilla Firefox\components [2011.06.22 23:08:14 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\EIGENE PROGRAMME\Mozilla Firefox\plugins [2011.06.18 15:46:14 | 000,000,000 | ---D | M]

 

[2010.12.24 22:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

[2010.12.24 22:29:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\a3wlgayh.default\extensions

File not found (No name found) -- 

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found

O4:64bit: - HKLM..\Run: []  File not found

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [ATKOSD2] C:\Treiber\ATKOSD2\ATKOSD2.exe (ASUS)

O4 - HKLM..\Run: [HControlUser] C:\Treiber\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [StartCCC] C:\Treiber\AMD\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Eigene Programme\Adobe Reader\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= -  File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

MsConfig:64bit - State: "services" - Reg Error: Key error.

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.07.02 19:46:20 | 000,135,168 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBAPI.dll

[2011.07.02 19:46:20 | 000,110,592 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBDSCVR.dll

[2011.07.02 19:46:20 | 000,077,824 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EBAPI.dll

[2011.07.02 19:46:20 | 000,065,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBUtil.dll

[2011.07.02 19:46:20 | 000,055,808 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EEBSDKIF.dll

[2011.07.02 19:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EPSON

[2011.07.02 19:46:18 | 001,559,128 | ---- | C] (SEIKO EPSON COPRORATION) -- C:\Windows\SysWow64\eb_set05.exe

[2011.07.02 19:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON

[2011.07.02 19:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

[2011.07.02 19:44:28 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL

[2011.07.02 19:44:20 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBDAE.DLL

[2011.07.02 19:44:19 | 000,129,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMDAE.DLL

[2011.07.02 19:43:56 | 000,000,000 | ---D | C] -- C:\Programme\EPSON

[2011.06.30 13:56:33 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.06.30 13:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero

[2011.06.30 13:54:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero

[2011.06.30 13:54:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero

[2011.06.30 13:53:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero

[2011.06.29 00:42:00 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe

[2011.06.29 00:42:00 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll

[2011.06.29 00:41:58 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll

[2011.06.29 00:41:58 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll

[2011.06.29 00:41:57 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll

[2011.06.29 00:41:57 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll

[2011.06.29 00:41:57 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll

[2011.06.29 00:41:57 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe

[2011.06.29 00:41:56 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll

[2011.06.29 00:41:56 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll

[2011.06.29 00:41:56 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll

[2011.06.29 00:41:56 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll

[2011.06.29 00:41:56 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe

[2011.06.29 00:41:55 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll

[2011.06.29 00:41:55 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll

[2011.06.29 00:41:55 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll

[2011.06.20 19:02:05 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2011.06.18 15:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe

[2011.06.15 19:13:28 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2011.06.15 19:13:28 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2011.06.15 19:13:27 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2011.06.15 19:13:26 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2011.06.15 19:13:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2011.06.15 19:13:25 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll

[2011.06.15 19:13:25 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2011.06.15 19:13:25 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2011.06.15 19:01:30 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

[2011.06.06 21:17:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\OpenOffice.org

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.07.03 12:00:03 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.07.03 12:00:03 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.07.03 11:52:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.07.03 11:52:26 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys

[2011.07.01 01:01:49 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.07.01 01:01:49 | 000,656,266 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.07.01 01:01:49 | 000,618,108 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.07.01 01:01:49 | 000,131,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.07.01 01:01:49 | 000,107,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.06.29 20:17:54 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2011.06.26 19:54:06 | 000,007,638 | ---- | M] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

[2011.06.20 19:02:05 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

 
 ========== Files Created - No Company Name ==========

 

[2011.07.02 19:46:18 | 000,000,110 | ---- | C] () -- C:\Windows\SysWow64\E_ADDNET.DAT

[2011.06.18 15:46:14 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

[2011.04.10 22:00:54 | 000,007,638 | ---- | C] () -- C:\Users\Admin\AppData\Local\Resmon.ResmonCfg

[2010.12.24 16:48:21 | 000,003,584 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.12.24 16:43:09 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2010.12.22 02:08:48 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.12.21 22:39:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.05.19 12:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2010.12.22 03:04:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.06.30 14:06:50 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010.12.21 22:48:59 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.06.30 13:54:00 | 000,000,000 | ---D | M] -- C:\EIGENE PROGRAMME

[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.07.02 19:43:56 | 000,000,000 | R--D | M] -- C:\Programme

[2011.06.30 13:55:06 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2011.07.02 19:46:15 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2010.12.21 22:48:59 | 000,000,000 | -HSD | M] -- C:\Programme

[2010.12.21 22:48:59 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.07.03 12:09:06 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.12.24 21:44:46 | 000,000,000 | ---D | M] -- C:\Treiber

[2010.12.22 03:04:48 | 000,000,000 | R--D | M] -- C:\Users

[2011.06.20 19:00:29 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe

[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe

[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe

[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe

[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe

[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe

[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe

[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe

[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 

< End of report >

Extras.txt

Code:

OTL Extras logfile created on: 03.07.2011 12:08:17 - Run 5

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jonas\Desktop

64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 68,00% Memory free

8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 37,99 Gb Total Space | 11,31 Gb Free Space | 29,78% Space Free | Partition Type: NTFS

Drive D: | 250,04 Gb Total Space | 36,76 Gb Free Space | 14,70% Space Free | Partition Type: NTFS

Drive F: | 238,38 Mb Total Space | 85,50 Mb Free Space | 35,87% Space Free | Partition Type: FAT

 

Computer Name: MATAS_LAPTOP | User Name: Admin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\EIGENE PROGRAMME\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\EIGENE PROGRAMME\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\EIGENE PROGRAMME\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\EIGENE PROGRAMME\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\EIGENE PROGRAMME\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid

"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3C81B6D3-9E2C-4A06-8FDE-3FAC39E3E45D}" = AuthenTec TrueSuite

"{46FE2A95-DD8A-9F52-DD44-6C22D715493D}" = ATI Catalyst Install Manager

"{485867C4-605B-30FD-397E-CDBA21690855}" = ccc-utility64

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack

"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

"{83A33E54-147D-2D1A-75EB-DE27584DD3E2}" = WMV9/VC-1 Video Playback

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack

"EPSON Printer and Utilities" = EPSON-Drucker-Software

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft Security Client" = Microsoft Security Essentials

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)

"{015D576B-F9CF-245E-2A67-13A22C49595D}" = CCC Help Portuguese

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)

"{08DF75DF-FCA1-936E-6537-8B2355477A8A}" = CCC Help Spanish

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10

"{2F12DD77-33BC-B9AA-7FCF-316920EB20B6}" = CCC Help Hungarian

"{2F2E45E2-5A38-616D-B747-6F8483074987}" = CCC Help French

"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete

"{335519D8-37B0-2C1A-8731-24BFA0AF0A82}" = CCC Help Norwegian

"{3A3152B9-70FA-8B91-44AC-3DB75A675344}" = CCC Help Russian

"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2

"{3E6B8013-6679-AE89-05B9-F540AF89A5A4}" = Catalyst Control Center Localization All

"{3F154E12-4E97-D0AB-27E2-874CFEFFE30A}" = CCC Help Finnish

"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)

"{54BAC286-63B1-C3D7-5371-10CE6B280D23}" = CCC Help Turkish

"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)

"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.55.03

"{59F6DFAA-3FE8-0F59-02EC-8AEA5CE0659B}" = CCC Help Dutch

"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update

"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{734C758F-E295-C25A-085A-37210AAFD459}" = CCC Help Greek

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10

"{7ADF69B6-B378-2D8C-C81C-DAA053E0D275}" = CCC Help English

"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10

"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)

"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch

"{9E31556D-C40E-D7EE-8936-6F442A063F68}" = CCC Help Swedish

"{A24CCFF4-1094-A1C6-756E-BD75FDA697F4}" = CCC Help Danish

"{A43190B6-D326-2870-22A5-F2416062ABA3}" = CCC Help German

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch

"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3 : Raven Shield

"{AF39A4BD-9088-D509-206B-024E5576D25C}" = CCC Help Korean

"{B5C2819F-BC4E-E31A-C2CE-A617A99A7EA0}" = CCC Help Czech

"{BC664850-5586-CF15-F9E1-97C7429E1D4F}" = Catalyst Control Center InstallProxy

"{BCFF03A6-BADE-2C15-A90E-E8D0E26B8E6C}" = CCC Help Chinese Standard

"{C2AF3BC5-ED8A-39A5-BDC6-6B514D7B8E18}" = CCC Help Japanese

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D876ED97-4876-ECE9-F988-D11B91CA84BB}" = CCC Help Polish

"{DF150064-07EC-F3E1-7E24-8B76493F6C2D}" = CCC Help Thai

"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)

"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2

"{E3EB956C-C221-8F52-2063-CBF40AD8B558}" = CCC Help Italian

"{E80F7B58-508F-2A71-50E6-49B56241C22B}" = ccc-core-static

"{ED2C01F5-FF07-21E7-4D80-E41486A5204E}" = CCC Help Chinese Traditional

"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200

"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)

"Opera 11.50.1074" = Opera 11.50

"Qtiplot" = Qtiplot

"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.3 for Windows

"Steam App 5" = Dedicated Server

"Totalcmd" = Total Commander (Remove or Repair)

"VLC media player" = VLC media player 1.1.5

"Winamp" = Winamp

"X3 Bonuspaket_is1" = X3 Bonuspaket 3.1.07

"X3Reunion_is1" = X3 Reunion v2.5

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 30.04.2011 05:46:47 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: Steam.exe, Version: 1.0.968.628, 

Zeitstempel: 0x4cda0db5  Name des fehlerhaften Moduls: Steam.dll_unloaded, Version:

 0.0.0.0, Zeitstempel: 0x4d6c48b0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x301fcc88

ID

 des fehlerhaften Prozesses: 0x49c  Startzeit der fehlerhaften Anwendung: 0x01cc0719e4c2c0c2

Pfad

 der fehlerhaften Anwendung: D:\SPIELE\STEAM\Steam.exe  Pfad des fehlerhaften Moduls:

 Steam.dll  Berichtskennung: c3548e68-730e-11e0-a265-00248c861610

 

Error - 08.05.2011 17:53:39 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091, 

Zeitstempel: 0x4d00b3a0  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 

Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x890875ff  ID des fehlerhaften

 Prozesses: 0xbe8  Startzeit der fehlerhaften Anwendung: 0x01cc0daeddc9ed2e  Pfad der

 fehlerhaften Anwendung: C:\Eigene Programme\Winamp\winamp.exe  Pfad des fehlerhaften

 Moduls: unknown  Berichtskennung: a185932c-79bd-11e0-981d-00248c861610

 

Error - 14.05.2011 13:33:31 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: qtiplot.exe, Version: 0.0.0.0, Zeitstempel:

 0x4b37fb09  Name des fehlerhaften Moduls: qtiplot.exe, Version: 0.0.0.0, Zeitstempel:

 0x4b37fb09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c587c  ID des fehlerhaften Prozesses:

 0x254  Startzeit der fehlerhaften Anwendung: 0x01cc125ce36c3443  Pfad der fehlerhaften

 Anwendung: C:\EIGENE PROGRAMME\Qtiplot\qtiplot.exe  Pfad des fehlerhaften Moduls:

 C:\EIGENE PROGRAMME\Qtiplot\qtiplot.exe  Berichtskennung: 49014dd4-7e50-11e0-8b3a-00248c861610

 

Error - 15.05.2011 09:23:20 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: qtiplot.exe, Version: 0.0.0.0, Zeitstempel:

 0x4b37fb09  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:

 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00042092  ID des fehlerhaften Prozesses:

 0x730  Startzeit der fehlerhaften Anwendung: 0x01cc12ffdace0201  Pfad der fehlerhaften

 Anwendung: C:\EIGENE PROGRAMME\Qtiplot\qtiplot.exe  Pfad des fehlerhaften Moduls:

 C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 801c86de-7ef6-11e0-a027-00248c861610

 

Error - 15.05.2011 17:51:12 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: qtiplot.exe, Version: 0.0.0.0, Zeitstempel:

 0x4b37fb09  Name des fehlerhaften Moduls: qtiplot.exe, Version: 0.0.0.0, Zeitstempel:

 0x4b37fb09  Ausnahmecode: 0xc0000005  Fehleroffset: 0x001c587c  ID des fehlerhaften Prozesses:

 0xab0  Startzeit der fehlerhaften Anwendung: 0x01cc13483af43a1b  Pfad der fehlerhaften

 Anwendung: C:\EIGENE PROGRAMME\Qtiplot\qtiplot.exe  Pfad des fehlerhaften Moduls:

 C:\EIGENE PROGRAMME\Qtiplot\qtiplot.exe  Berichtskennung: 72abe843-7f3d-11e0-a027-00248c861610

 

Error - 25.05.2011 06:20:14 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091, 

Zeitstempel: 0x4d00b3a0  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 

Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xc03302eb  ID des fehlerhaften

 Prozesses: 0xcfc  Startzeit der fehlerhaften Anwendung: 0x01cc1ac4b9f445e5  Pfad der

 fehlerhaften Anwendung: C:\Eigene Programme\Winamp\winamp.exe  Pfad des fehlerhaften

 Moduls: unknown  Berichtskennung: 93fcf66e-86b8-11e0-8a64-00248c861610

 

Error - 13.06.2011 07:17:50 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: vlc.exe, Version: 1.1.5.0, Zeitstempel:

 0x4cdec0ee  Name des fehlerhaften Moduls: vlc.exe, Version: 1.1.5.0, Zeitstempel:

 0x4cdec0ee  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000016e8  ID des fehlerhaften Prozesses:

 0x460  Startzeit der fehlerhaften Anwendung: 0x01cc29bb859e0008  Pfad der fehlerhaften

 Anwendung: C:\EIGENE PROGRAMME\VLC\vlc.exe  Pfad des fehlerhaften Moduls: C:\EIGENE

 PROGRAMME\VLC\vlc.exe  Berichtskennung: c5d3b6a4-95ae-11e0-bac7-00248c861610

 

Error - 17.06.2011 12:56:38 | Computer Name = MATAS_LAPTOP | Source = Application Hang | ID = 1002

Description = Programm winamp.exe, Version 5.6.0.3091 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ed4    Startzeit: 

01cc2d0d94661b7b    Endzeit: 18    Anwendungspfad: C:\EIGENE PROGRAMME\Winamp\winamp.exe
 

Berichts-ID:

 c15cce52-9902-11e0-a4e8-00248c861610  

 

Error - 30.06.2011 11:10:34 | Computer Name = MATAS_LAPTOP | Source = Application Hang | ID = 1002

Description = Programm nero.exe, Version 10.6.4.100 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: fd0    Startzeit: 

01cc37300d294e5a    Endzeit: 0    Anwendungspfad: C:\EIGENE PROGRAMME\Nero\Nero 10\Nero 

Burning ROM\nero.exe    Berichts-ID: c6c837c6-a32a-11e0-8f26-00248c861610  

 

Error - 30.06.2011 19:18:43 | Computer Name = MATAS_LAPTOP | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: winamp.exe, Version: 5.6.0.3091, 

Zeitstempel: 0x4d00b3a0  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 

Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x11bb0000  ID des fehlerhaften

 Prozesses: 0xa68  Startzeit der fehlerhaften Anwendung: 0x01cc377462be7911  Pfad der

 fehlerhaften Anwendung: C:\Eigene Programme\Winamp\winamp.exe  Pfad des fehlerhaften

 Moduls: unknown  Berichtskennung: 4b92a320-a36f-11e0-9d1e-00248c861610

 

[ System Events ]

Error - 02.07.2011 17:13:35 | Computer Name = MATAS_LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 02.07.2011 17:13:36 | Computer Name = MATAS_LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 02.07.2011 17:45:59 | Computer Name = MATAS_LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 02.07.2011 19:31:22 | Computer Name = MATAS_LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 02.07.2011 19:31:22 | Computer Name = MATAS_LAPTOP | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Heimnetzgruppen-Listener" ist vom Dienst "Server" abhängig,

 der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 02.07.2011 19:31:25 | Computer Name = MATAS_LAPTOP | Source = ipnathlp | ID = 30013

Description = 

 

Error - 02.07.2011 19:31:26 | Computer Name = MATAS_LAPTOP | Source = ipnathlp | ID = 31004

Description = 

 

Error - 03.07.2011 05:53:08 | Computer Name = MATAS_LAPTOP | Source = ipnathlp | ID = 34001

Description = 

 

Error - 03.07.2011 05:53:08 | Computer Name = MATAS_LAPTOP | Source = ipnathlp | ID = 30013

Description = 

 

Error - 03.07.2011 05:53:15 | Computer Name = MATAS_LAPTOP | Source = Microsoft Antimalware | ID = 3002

Description = Fehler in %%860-Echtzeitschutzfunktion.     Funktion: %%835     Fehlercode: 

0x80004005     Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842

 

 

< End of report >

hjtscanlist.txt

Code:

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

                        º                                    º 

                                    hjtscanlist v2.0              

                        º                                    º 

                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
 

Microsoft Windows [Version 6.1.7601]

 

 

ECHO ist ausgeschaltet (OFF).
 

  03.07.2011 12:09     \System Volume Information --------- 8192   

       \pagefile.sys ---------    

       \hiberfil.sys ---------    

  02.07.2011 19:46     \ProgramData --------- 4096   

  02.07.2011 19:43     \Program Files --------- 8192   

  30.06.2011 14:06     \Config.Msi --------- 0   

  30.06.2011 13:55     \Program Files (x86) --------- 8192   

  30.06.2011 13:54     \EIGENE PROGRAMME --------- 4096   

  20.06.2011 19:00     \Windows --------- 20480   

  24.12.2010 21:44     \Treiber --------- 4096   

  22.12.2010 03:04     \$Recycle.Bin --------- 0   

  22.12.2010 03:04     \Users --------- 4096   

  21.12.2010 22:48     \Recovery --------- 0   

  21.12.2010 22:48     \Programme --------- 0   

  21.12.2010 22:48     \Dokumente und Einstellungen --------- 0   

  14.07.2009 07:08     \Documents and Settings --------- 0   

  14.07.2009 05:20     \PerfLogs --------- 0   

----------------------------------------
 

 

C:\Windows
 

  03.07.2011 11:56     C:\Windows\WindowsUpdate.log --------- 1840004   

  03.07.2011 11:52     C:\Windows\setupact.log --------- 2766   

  03.07.2011 11:52     C:\Windows\bootstat.dat --------- 67584   

  20.06.2011 19:00     C:\Windows\setuperr.log --------- 0   

  20.06.2011 19:00     C:\Windows\PFRO.log --------- 7542   

  17.05.2011 16:00     C:\Windows\DirectX.log --------- 432806   

  05.04.2011 23:50     C:\Windows\IE9_main.log --------- 4295   

  25.02.2011 08:19     C:\Windows\explorer.exe --------- 2871808   

  27.12.2010 12:49     C:\Windows\ntbtlog.txt --------- 307608   

  24.12.2010 16:43     C:\Windows\ATKPF.ini --------- 24   

  24.12.2010 16:17     C:\Windows\DPINST.LOG --------- 4598   

  22.12.2010 02:09     C:\Windows\epplauncher.mif --------- 2154   

  21.12.2010 22:40     C:\Windows\DtcInstall.log --------- 1774   

  21.12.2010 22:40     C:\Windows\TSSysprep.log --------- 1313   

  21.12.2010 22:39     C:\Windows\ativpsrm.bin --------- 0   

  17.12.2010 08:56     C:\Windows\RAR.PIF --------- 545   

  17.12.2010 08:56     C:\Windows\PKZIP.PIF --------- 545   

  17.12.2010 08:56     C:\Windows\PKUNZIP.PIF --------- 545   

  17.12.2010 08:56     C:\Windows\LHA.PIF --------- 545   

  17.12.2010 08:56     C:\Windows\NOCLOSE.PIF --------- 545   

  17.12.2010 08:56     C:\Windows\ARJ.PIF --------- 545   

  17.12.2010 08:56     C:\Windows\UC.PIF --------- 545   

  23.11.2010 04:06     C:\Windows\atiogl.xml --------- 22305   

  20.11.2010 15:25     C:\Windows\splwow64.exe --------- 67072   

  20.11.2010 15:24     C:\Windows\bfsvc.exe --------- 71168   

  20.11.2010 14:21     C:\Windows\twain_32.dll --------- 51200   

  14.07.2009 07:09     C:\Windows\win.ini --------- 403   

  14.07.2009 06:54     C:\Windows\WindowsShell.Manifest --------- 749   

  14.07.2009 03:39     C:\Windows\write.exe --------- 10240   

  14.07.2009 03:39     C:\Windows\regedit.exe --------- 427008   

  14.07.2009 03:39     C:\Windows\notepad.exe --------- 193536   

  14.07.2009 03:39     C:\Windows\hh.exe --------- 16896   

  14.07.2009 03:39     C:\Windows\HelpPane.exe --------- 733696   

  14.07.2009 03:39     C:\Windows\fveupdate.exe --------- 15360   

  14.07.2009 03:14     C:\Windows\winhlp32.exe --------- 9728   

  14.07.2009 03:14     C:\Windows\twunk_32.exe --------- 31232   

  14.07.2009 01:06     C:\Windows\mib.bin --------- 43131   

  10.06.2009 23:41     C:\Windows\twunk_16.exe --------- 49680   

  10.06.2009 23:41     C:\Windows\twain.dll --------- 94784   

  10.06.2009 23:08     C:\Windows\system.ini --------- 219   

  10.06.2009 22:52     C:\Windows\WMSysPr9.prx --------- 316640   

  10.06.2009 22:36     C:\Windows\msdfmap.ini --------- 1405   

  10.06.2009 22:31     C:\Windows\Starter.xml --------- 48201   

  10.06.2009 22:30     C:\Windows\Professional.xml --------- 53551   

  19.05.2006 12:53     C:\Windows\snp2uvc.src --------- 13022   

  19.05.2006 12:39     C:\Windows\snp2uvc.ini --------- 15497   

  21.02.2003 21:42     C:\Windows\msvcr71.dll --------- 348160   

  15.07.2000 01:00     C:\Windows\MSVCRTD.DLL --------- 434252   

----------------------------------------
 

 

C:\Windows\System
 

----------------------------------------
 

 

C:\Windows\System32
 

 03.07.2011 12:18     C:\Windows\system32\hjtscanlist.txt --------- 4666  

 03.07.2011 12:06     C:\Windows\system32\config --------- 24576  

 03.07.2011 12:00     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 --------- 14752  

 03.07.2011 12:00     C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 --------- 14752  

 02.07.2011 19:45     C:\Windows\system32\catroot --------- 4096  

 02.07.2011 19:45     C:\Windows\system32\DriverStore --------- 4096  

 01.07.2011 19:04     C:\Windows\system32\NDF --------- 4096  

 01.07.2011 01:01     C:\Windows\system32\perfc007.dat --------- 131006  

 01.07.2011 01:01     C:\Windows\system32\perfh009.dat --------- 618108  

 01.07.2011 01:01     C:\Windows\system32\perfc009.dat --------- 107388  

 01.07.2011 01:01     C:\Windows\system32\perfh007.dat --------- 656266  

 01.07.2011 01:01     C:\Windows\system32\PerfStringBackup.INI --------- 1505034  

 30.06.2011 14:08     C:\Windows\system32\catroot2 --------- 32768  

 29.06.2011 20:17     C:\Windows\system32\FNTCACHE.DAT --------- 289296  

 15.06.2011 22:34     C:\Windows\system32\drivers --------- 65536  

 15.06.2011 19:15     C:\Windows\system32\MRT.exe --------- 49454024  

 02.06.2011 15:07     C:\Windows\system32\Tasks --------- 4096  

 28.05.2011 05:06     C:\Windows\system32\win32k.sys --------- 3135488  

 26.05.2011 19:30     C:\Windows\system32\wdi --------- 4096  

 24.05.2011 13:42     C:\Windows\system32\umpnpmgr.dll --------- 404480  

 04.05.2011 07:25     C:\Windows\system32\tquery.dll --------- 2315776  

 04.05.2011 07:22     C:\Windows\system32\mssvp.dll --------- 778752  

 04.05.2011 07:22     C:\Windows\system32\mssrch.dll --------- 2223616  

 04.05.2011 07:22     C:\Windows\system32\mssphtb.dll --------- 288256  

 04.05.2011 07:22     C:\Windows\system32\mssph.dll --------- 491520  

 04.05.2011 07:22     C:\Windows\system32\msscntrs.dll --------- 75264  

 04.05.2011 07:19     C:\Windows\system32\SearchProtocolHost.exe --------- 249856  

 04.05.2011 07:19     C:\Windows\system32\SearchIndexer.exe --------- 591872  

 04.05.2011 07:19     C:\Windows\system32\SearchFilterHost.exe --------- 113664  

 03.05.2011 07:29     C:\Windows\system32\inetcomm.dll --------- 976896  

 26.04.2011 23:51     C:\Windows\system32\de-DE --------- 327680  

 23.04.2011 03:37     C:\Windows\system32\mshtml.dll --------- 17773568  

 23.04.2011 03:29     C:\Windows\system32\jscript9.dll --------- 2303488  

 23.04.2011 03:27     C:\Windows\system32\ieframe.dll --------- 10885632  

 23.04.2011 03:23     C:\Windows\system32\urlmon.dll --------- 1344000  

 23.04.2011 03:20     C:\Windows\system32\jscript.dll --------- 818176  

 23.04.2011 03:19     C:\Windows\system32\iertutil.dll --------- 2136064  

 23.04.2011 03:19     C:\Windows\system32\mshtmled.dll --------- 96256  

 23.04.2011 03:19     C:\Windows\system32\mshtml.tlb --------- 2382848  

 23.04.2011 03:17     C:\Windows\system32\ieui.dll --------- 248320  

 13.04.2011 15:23     C:\Windows\system32\Boot --------- 0  

 09.04.2011 09:02     C:\Windows\system32\ntoskrnl.exe --------- 5562240  

 09.04.2011 08:58     C:\Windows\system32\poqexec.exe --------- 142336  

 05.04.2011 23:51     C:\Windows\system32\migration --------- 4096  

 05.04.2011 23:51     C:\Windows\system32\wbem --------- 65536  

 05.04.2011 23:51     C:\Windows\system32\en-US --------- 8192  

 05.04.2011 23:49     C:\Windows\system32\RegisterIEPKEYs.exe --------- 89088  

 05.04.2011 23:49     C:\Windows\system32\msls31.dll --------- 222208  

 05.04.2011 23:49     C:\Windows\system32\wininet.dll --------- 1389056  

 05.04.2011 23:49     C:\Windows\system32\jsproxy.dll --------- 85504  

 05.04.2011 23:49     C:\Windows\system32\msrating.dll --------- 197120  

 05.04.2011 23:49     C:\Windows\system32\ieUnatt.exe --------- 173056  

 05.04.2011 23:49     C:\Windows\system32\occache.dll --------- 149504  

 05.04.2011 23:49     C:\Windows\system32\pngfilt.dll --------- 65024  

 05.04.2011 23:49     C:\Windows\system32\mshta.exe --------- 12288  

 05.04.2011 23:49     C:\Windows\system32\admparse.dll --------- 114176  

 05.04.2011 23:49     C:\Windows\system32\ieaksie.dll --------- 267776  

 05.04.2011 23:49     C:\Windows\system32\ieakui.dll --------- 163840  

 05.04.2011 23:49     C:\Windows\system32\imgutil.dll --------- 49664  

 05.04.2011 23:49     C:\Windows\system32\iepeers.dll --------- 145920  

 05.04.2011 23:49     C:\Windows\system32\msfeedsbs.dll --------- 55296  

 05.04.2011 23:49     C:\Windows\system32\msfeedssync.exe --------- 10752  

 05.04.2011 23:49     C:\Windows\system32\IEAdvpack.dll --------- 135168  

 05.04.2011 23:49     C:\Windows\system32\ieakeng.dll --------- 160256  

 05.04.2011 23:49     C:\Windows\system32\SetIEInstalledDate.exe --------- 91648  

 05.04.2011 23:49     C:\Windows\system32\mshtmler.dll --------- 48640  

 05.04.2011 23:49     C:\Windows\system32\iesysprep.dll --------- 111616  

 05.04.2011 23:49     C:\Windows\system32\tdc.ocx --------- 76800  

 05.04.2011 23:49     C:\Windows\system32\html.iec --------- 448512  

 05.04.2011 23:49     C:\Windows\system32\dxtrans.dll --------- 282112  

 05.04.2011 23:49     C:\Windows\system32\dxtmsft.dll --------- 452608  

 05.04.2011 23:49     C:\Windows\system32\ieapfltr.dll --------- 534528  

 05.04.2011 23:49     C:\Windows\system32\ieapfltr.dat --------- 3695416  

 05.04.2011 23:49     C:\Windows\system32\icardie.dll --------- 82432  

 05.04.2011 23:49     C:\Windows\system32\ie4uinit.exe --------- 89088  

 05.04.2011 23:49     C:\Windows\system32\iernonce.dll --------- 39936  

 05.04.2011 23:49     C:\Windows\system32\ieuinit.inf --------- 72822  

 05.04.2011 23:49     C:\Windows\system32\iesetup.dll --------- 85504  

 05.04.2011 23:49     C:\Windows\system32\url.dll --------- 236544  

 05.04.2011 23:49     C:\Windows\system32\iedkcs32.dll --------- 403248  

 05.04.2011 23:49     C:\Windows\system32\inetcpl.cpl --------- 1492992  

 05.04.2011 23:49     C:\Windows\system32\webcheck.dll --------- 249344  

 05.04.2011 23:49     C:\Windows\system32\licmgr10.dll --------- 30720  

 05.04.2011 23:49     C:\Windows\system32\inseng.dll --------- 103936  

 05.04.2011 23:49     C:\Windows\system32\wextract.exe --------- 160256  

 05.04.2011 23:49     C:\Windows\system32\iexpress.exe --------- 165888  

 05.04.2011 23:49     C:\Windows\system32\msfeeds.dll --------- 697344  

 05.04.2011 23:49     C:\Windows\system32\vbscript.dll --------- 603648  

 21.03.2011 13:22     C:\Windows\system32\RTNUninst64.dll --------- 107552  

 21.03.2011 13:22     C:\Windows\system32\RtNicProp64.dll --------- 74272  

 12.03.2011 14:08     C:\Windows\system32\XpsPrint.dll --------- 1465344  

 11.03.2011 08:34     C:\Windows\system32\mfc42u.dll --------- 1359872  

 11.03.2011 08:34     C:\Windows\system32\mfc42.dll --------- 1395712  

 11.03.2011 08:33     C:\Windows\system32\esent.dll --------- 2565632  

 11.03.2011 08:30     C:\Windows\system32\fsutil.exe --------- 96768  

 03.03.2011 08:24     C:\Windows\system32\dnsrslvr.dll --------- 183296  

 03.03.2011 08:24     C:\Windows\system32\dnsapi.dll --------- 357888  

 03.03.2011 08:21     C:\Windows\system32\dnscacheugc.exe --------- 30208  

 28.02.2011 14:49     C:\Windows\system32\da-DK --------- 4096  

 28.02.2011 14:49     C:\Windows\system32\oobe --------- 4096  

----------------------------------------
 

 

C:\Windows\Prefetch
 

 03.07.2011 12:19     C:\Windows\Prefetch\CMD.EXE-0BD30981.pf --------- 8362  

 03.07.2011 12:18     C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf --------- 15394  

 03.07.2011 12:18     C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf --------- 19502  

 03.07.2011 12:18     C:\Windows\Prefetch\CONSENT.EXE-40419367.pf --------- 83744  

 03.07.2011 12:17     C:\Windows\Prefetch\MBAM.EXE-CF712355.pf --------- 107568  

 03.07.2011 12:17     C:\Windows\Prefetch\NOTEPAD.EXE-D096D5BE.pf --------- 21680  

 03.07.2011 12:12     C:\Windows\Prefetch\SVCHOST.EXE-6E1A6101.pf --------- 10468  

 03.07.2011 12:12     C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf --------- 63934  

 03.07.2011 12:12     C:\Windows\Prefetch\ACRORD32.EXE-B9154698.pf --------- 103292  

 03.07.2011 12:12     C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf --------- 16622  

 03.07.2011 12:12     C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf --------- 12956  

 03.07.2011 12:12     C:\Windows\Prefetch\OPERA.EXE-5E58DE54.pf --------- 379356  

 03.07.2011 12:09     C:\Windows\Prefetch\TASKHOST.EXE-A0F5E092.pf --------- 62558  

 03.07.2011 12:09     C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf --------- 17826  

 03.07.2011 12:09     C:\Windows\Prefetch\VSSVC.EXE-6C8F0C66.pf --------- 32606  

 03.07.2011 12:09     C:\Windows\Prefetch\DLLHOST.EXE-A010D183.pf --------- 29136  

 03.07.2011 12:09     C:\Windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf --------- 41316  

 03.07.2011 12:08     C:\Windows\Prefetch\OTL.EXE-D646D79E.pf --------- 38978  

 03.07.2011 12:07     C:\Windows\Prefetch\TASKMGR.EXE-4C8500BA.pf --------- 36954  

 03.07.2011 12:07     C:\Windows\Prefetch\LOGONUI.EXE-F639BD7E.pf --------- 49082  

 03.07.2011 12:07     C:\Windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf --------- 25890  

 03.07.2011 12:06     C:\Windows\Prefetch\RUNDLL32.EXE-D2A040D5.pf --------- 46538  

 03.07.2011 12:06     C:\Windows\Prefetch\WERMGR.EXE-F439C551.pf --------- 12076  

 03.07.2011 12:02     C:\Windows\Prefetch\MPCMDRUN.EXE-48498337.pf --------- 38190  

 03.07.2011 11:59     C:\Windows\Prefetch\DLLHOST.EXE-63B92852.pf --------- 20886  

 03.07.2011 11:58     C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-14F14739.pf --------- 65658  

 03.07.2011 11:57     C:\Windows\Prefetch\WMIADAP.EXE-BB21CD77.pf --------- 19742  

 03.07.2011 11:56     C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf --------- 286636  

 03.07.2011 11:55     C:\Windows\Prefetch\WMPNETWK.EXE-F6E20E14.pf --------- 86626  

 03.07.2011 11:55     C:\Windows\Prefetch\SPPSVC.EXE-96070FE0.pf --------- 55072  

 03.07.2011 11:55     C:\Windows\Prefetch\NASVC.EXE-71531C34.pf --------- 27102  

 03.07.2011 11:55     C:\Windows\Prefetch\MSCORSVW.EXE-16B291C4.pf --------- 10802  

 03.07.2011 11:55     C:\Windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf --------- 15274  

 03.07.2011 11:54     C:\Windows\Prefetch\ReadyBoot --------- 4096  

 03.07.2011 01:41     C:\Windows\Prefetch\PfSvPerfStats.bin --------- 584  

 03.07.2011 01:31     C:\Windows\Prefetch\MOBSYNC.EXE-B307E1CC.pf --------- 28214  

 03.07.2011 01:31     C:\Windows\Prefetch\FIREFOX.EXE-C7B8FFA5.pf --------- 241318  

 03.07.2011 00:59     C:\Windows\Prefetch\AgGlFgAppHistory.db --------- 2225642  

 03.07.2011 00:59     C:\Windows\Prefetch\AgGlFaultHistory.db --------- 390175  

 03.07.2011 00:59     C:\Windows\Prefetch\AgGlGlobalHistory.db --------- 3314141  

 03.07.2011 00:59     C:\Windows\Prefetch\AgRobust.db --------- 272576  

 03.07.2011 00:56     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4065632312-1501519357-3438385256-1001.db --------- 1100761  

 03.07.2011 00:56     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4065632312-1501519357-3438385256-1001.db --------- 1835191  

 03.07.2011 00:15     C:\Windows\Prefetch\NOTEPAD.EXE-032BB3D8.pf --------- 22406  

 02.07.2011 23:47     C:\Windows\Prefetch\SNDVOL.EXE-425BC49B.pf --------- 120084  

 02.07.2011 23:46     C:\Windows\Prefetch\VLC.EXE-5EBA8E11.pf --------- 67996  

 02.07.2011 23:22     C:\Windows\Prefetch\WINAMP.EXE-DDA01867.pf --------- 163364  

 02.07.2011 23:14     C:\Windows\Prefetch\AgCx_SC1.db --------- 802209  

 02.07.2011 23:13     C:\Windows\Prefetch\AgCx_SC1.db.trx --------- 99692  

 02.07.2011 21:19     C:\Windows\Prefetch\E_S40RN8.EXE-01DFE3D1.pf --------- 32306  

 02.07.2011 21:19     C:\Windows\Prefetch\E_S40MT8.EXE-DD90BF36.pf --------- 26702  

 02.07.2011 21:19     C:\Windows\Prefetch\E_STU64C.EXE-5FF743EB.pf --------- 24038  

 02.07.2011 21:07     C:\Windows\Prefetch\SPLWOW64.EXE-57576C25.pf --------- 22784  

 02.07.2011 21:06     C:\Windows\Prefetch\EPSETUP.EXE-20F9EE52.pf --------- 22282  

 02.07.2011 21:06     C:\Windows\Prefetch\E_SIINS1.EXE-13814AF9.pf --------- 13772  

 02.07.2011 21:06     C:\Windows\Prefetch\DRVINST.EXE-39D9EAC7.pf --------- 46910  

 02.07.2011 21:05     C:\Windows\Prefetch\DINOTIFY.EXE-6465574B.pf --------- 18546  

 02.07.2011 21:05     C:\Windows\Prefetch\RUNDLL32.EXE-379204F2.pf --------- 30654  

 02.07.2011 19:47     C:\Windows\Prefetch\SOFFICE.EXE-05AADC00.pf --------- 15040  

 02.07.2011 19:47     C:\Windows\Prefetch\SWRITER.EXE-83F9C56D.pf --------- 17604  

 02.07.2011 19:47     C:\Windows\Prefetch\SOFFICE.BIN-F938F4DB.pf --------- 253302  

 02.07.2011 19:46     C:\Windows\Prefetch\EEBSVC.EXE-4784D510.pf --------- 20070  

 02.07.2011 19:46     C:\Windows\Prefetch\EB_SET05.EXE-74FADB1C.pf --------- 41398  

 02.07.2011 19:46     C:\Windows\Prefetch\E_ADDNET.EXE-1A3BCB93.pf --------- 22758  

 02.07.2011 19:46     C:\Windows\Prefetch\EPSTPA64_001.EXE-133A227E.pf --------- 13874  

 02.07.2011 19:46     C:\Windows\Prefetch\EPSUI64W_001.EXE-A49EAB94.pf --------- 42540  

 02.07.2011 19:46     C:\Windows\Prefetch\ANSETUP.EXE-8C8A187F.pf --------- 29930  

 02.07.2011 19:46     C:\Windows\Prefetch\EBAPISET.EXE-033AADFA.pf --------- 38388  

 02.07.2011 19:46     C:\Windows\Prefetch\OEMINF.EXE-36254239.pf --------- 56206  

 02.07.2011 19:46     C:\Windows\Prefetch\RUNDLL32.EXE-A9F801EC.pf --------- 31688  

 02.07.2011 19:45     C:\Windows\Prefetch\DEVICEOP.EXE-E7875FDE.pf --------- 6980  

 02.07.2011 19:43     C:\Windows\Prefetch\EPSTPA64_000.EXE-FFE467F9.pf --------- 13924  

 02.07.2011 19:43     C:\Windows\Prefetch\EPSUI64W_000.EXE-9148F10F.pf --------- 46874  

 02.07.2011 19:43     C:\Windows\Prefetch\SETUP64.EXE-0C3F45A2.pf --------- 23276  

 02.07.2011 19:41     C:\Windows\Prefetch\CALC.EXE-43F37294.pf --------- 53066  

 02.07.2011 17:51     C:\Windows\Prefetch\REGEDIT.EXE-DAB4D60B.pf --------- 23846  

 02.07.2011 17:46     C:\Windows\Prefetch\DLLHOST.EXE-6A07DE60.pf --------- 19036  

 02.07.2011 17:46     C:\Windows\Prefetch\DLLHOST.EXE-FC7C086C.pf --------- 28852  

 02.07.2011 17:46     C:\Windows\Prefetch\USERACCOUNTCONTROLSETTINGS.EX-381ECB63.pf --------- 17644  

 02.07.2011 17:46     C:\Windows\Prefetch\DLLHOST.EXE-D9DCD0F3.pf --------- 22766  

 02.07.2011 17:18     C:\Windows\Prefetch\MPSIGSTUB.EXE-5D0450B3.pf --------- 65066  

 02.07.2011 17:18     C:\Windows\Prefetch\AM_DELTA_PATCH3.EXE-59ED4F7A.pf --------- 11326  

 02.07.2011 17:18     C:\Windows\Prefetch\WUAUCLT.EXE-5D573F0E.pf --------- 60104  

 02.07.2011 17:16     C:\Windows\Prefetch\DLLHOST.EXE-F1207BB9.pf --------- 22968  

 02.07.2011 16:56     C:\Windows\Prefetch\DLLHOST.EXE-EE326293.pf --------- 28628  

 02.07.2011 16:56     C:\Windows\Prefetch\RUNDLL32.EXE-D0E13F8A.pf --------- 34754  

 02.07.2011 16:34     C:\Windows\Prefetch\WMPNSCFG.EXE-18FC9E64.pf --------- 24736  

 02.07.2011 15:58     C:\Windows\Prefetch\MSPAINT.EXE-6406C4A1.pf --------- 66856  

 02.07.2011 15:58     C:\Windows\Prefetch\DLLHOST.EXE-3C4E5BEC.pf --------- 482418  

 02.07.2011 15:46     C:\Windows\Prefetch\RUNDLL32.EXE-3C972F0E.pf --------- 23044  

 02.07.2011 15:44     C:\Windows\Prefetch\AgCx_SC2.db --------- 795259  

 02.07.2011 15:43     C:\Windows\Prefetch\DLLHOST.EXE-EB0F3D2C.pf --------- 350254  

 02.07.2011 11:06     C:\Windows\Prefetch\QTIPLOT.EXE-A178C0B1.pf --------- 58486  

 02.07.2011 10:36     C:\Windows\Prefetch\SCALC.EXE-1837AA5B.pf --------- 15226  

 02.07.2011 09:38     C:\Windows\Prefetch\WSQMCONS.EXE-4048402C.pf --------- 1402  

 02.07.2011 09:35     C:\Windows\Prefetch\RUNDLL32.EXE-0D53616E.pf --------- 11938  

 02.07.2011 09:35     C:\Windows\Prefetch\NOTEPAD.EXE-C5670914.pf --------- 19024  

 02.07.2011 01:28     C:\Windows\Prefetch\RUNDLL32.EXE-51CCB287.pf --------- 3456  

 02.07.2011 01:28     C:\Windows\Prefetch\SDIAGNHOST.EXE-B3171AA1.pf --------- 150494  

 02.07.2011 01:28     C:\Windows\Prefetch\CSC.EXE-0E09149C.pf --------- 45954  

 02.07.2011 01:28     C:\Windows\Prefetch\CVTRES.EXE-F4BA0E72.pf --------- 12132  

 02.07.2011 01:21     C:\Windows\Prefetch\RUNDLL32.EXE-6FD72002.pf --------- 156838  

 02.07.2011 01:18     C:\Windows\Prefetch\Layout.ini --------- 945132  

 02.07.2011 00:51     C:\Windows\Prefetch\WUDFHOST.EXE-DEBBE5F1.pf --------- 23282  

 02.07.2011 00:05     C:\Windows\Prefetch\WMPLAYER.EXE-EBBA463B.pf --------- 115170  

 01.07.2011 19:13     C:\Windows\Prefetch\AM_DELTA.EXE-78CA83B0.pf --------- 15114  

 01.07.2011 01:43     C:\Windows\Prefetch\SVCHOST.EXE-67EC2DA7.pf --------- 17482  

 01.07.2011 01:26     C:\Windows\Prefetch\SHUTDOWNTOOL.EXE-0CECCD5D.pf --------- 28234  

 29.06.2011 20:28     C:\Windows\Prefetch\AgCx_SC4.db --------- 336177  

 29.06.2011 20:18     C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 3344902  

 08.06.2011 22:17     C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-4065632312-1501519357-3438385256-1000.db --------- 1027561  

 08.06.2011 22:17     C:\Windows\Prefetch\AgGlUAD_S-1-5-21-4065632312-1501519357-3438385256-1000.db --------- 1152917  

 26.05.2011 01:22     C:\Windows\Prefetch\AgCx_SC3_E4C0DB273DB1EC6E.db --------- 306552  

 26.05.2011 01:16     C:\Windows\Prefetch\AgCx_S1_S-1-5-21-4065632312-1501519357-3438385256-1001.snp.db --------- 1732269  

 21.12.2010 22:38     C:\Windows\Prefetch\AgAppLaunch.db --------- 334168  

----------------------------------------
 

 

C:\Windows\Tasks
 

 03.07.2011 11:52     C:\Windows\Tasks\SA.DAT --------- 6  

 24.04.2011 11:41     C:\Windows\Tasks\SCHEDLGU.TXT --------- 32632  

----------------------------------------
 

 

C:\Windows\Temp
 

 03.07.2011 12:02     C:\Windows\Temp\MpCmdRun.log --------- 942056  

 02.07.2011 17:18     C:\Windows\Temp\MpSigStub.log --------- 499234  

 02.07.2011 17:18     C:\Windows\Temp\9FE59DF3-11D6-4973-8518-13988F4372C0-Sigs --------- 0  

 02.07.2011 09:35     C:\Windows\Temp\fwtsqmfile07.sqm --------- 140  

 01.07.2011 19:03     C:\Windows\Temp\fwtsqmfile06.sqm --------- 140  

 30.06.2011 13:59     C:\Windows\Temp\{E4EC4AAD-D4B8-421B-B791-358974A993A6} --------- 0  

 30.06.2011 13:59     C:\Windows\Temp\Nero.Update.log.2 --------- 141648  

 30.06.2011 13:58     C:\Windows\Temp\{F9C0E428-CC5A-48D4-80BB-7C13D783251B} --------- 0  

 30.06.2011 13:56     C:\Windows\Temp\Nero.Update.log.3 --------- 40148  

 30.06.2011 13:52     C:\Windows\Temp\KB973544log.txt --------- 2014028  

 29.06.2011 20:28     C:\Windows\Temp\MPTelemetrySubmit --------- 0  

 29.06.2011 20:28     C:\Windows\Temp\fwtsqmfile05.sqm --------- 140  

 28.06.2011 00:11     C:\Windows\Temp\fwtsqmfile04.sqm --------- 140  

 27.06.2011 23:19     C:\Windows\Temp\fwtsqmfile03.sqm --------- 140  

 26.06.2011 22:48     C:\Windows\Temp\fwtsqmfile02.sqm --------- 140  

 26.06.2011 19:36     C:\Windows\Temp\fwtsqmfile01.sqm --------- 140  

 17.06.2011 18:53     C:\Windows\Temp\MPInstrumentation --------- 0  

 15.06.2011 19:15     C:\Windows\Temp\dd_vcredistUI6D36.txt --------- 11600  

 15.06.2011 19:15     C:\Windows\Temp\dd_vcredistMSI6D36.txt --------- 430758  

 15.06.2011 19:13     C:\Windows\Temp\KB2518870_20110615_190825585.html --------- 58346  

 15.06.2011 19:12     C:\Windows\Temp\KB2518870_20110615_190825585-Microsoft .NET Framework 4 Client Profile DEU Language Pack-MSP1.txt --------- 3948902  

 15.06.2011 19:12     C:\Windows\Temp\KB2518870_20110615_190825585-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 11397492  

 15.06.2011 19:08     C:\Windows\Temp\KB2518870_10.0.30319 --------- 0  

 15.06.2011 19:08     C:\Windows\Temp\dd_clwireg.txt --------- 18742  

 15.06.2011 19:08     C:\Windows\Temp\KB2478663_20110615_190413541.html --------- 58572  

 15.06.2011 19:08     C:\Windows\Temp\KB2478663_20110615_190413541-Microsoft .NET Framework 4 Client Profile DEU Language Pack-MSP1.txt --------- 2048032  

 15.06.2011 19:07     C:\Windows\Temp\KB2478663_20110615_190413541-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 10651128  

 15.06.2011 19:04     C:\Windows\Temp\KB2478663_10.0.30319 --------- 0  

 17.05.2011 22:52     C:\Windows\Temp\fwtsqmfile00.sqm --------- 140  

 17.05.2011 15:56     C:\Windows\Temp\fwtsqmfile19.sqm --------- 140  

 15.05.2011 19:02     C:\Windows\Temp\fwtsqmfile18.sqm --------- 140  

 12.05.2011 15:12     C:\Windows\Temp\fwtsqmfile17.sqm --------- 140  

 13.04.2011 14:27     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20110413_142707279.html --------- 99132  

 13.04.2011 14:27     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20110413_142707279-Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319-MSP0.txt --------- 307782  

 13.04.2011 14:27     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_20110413_142707279-MSI_vc_red.msi.txt --------- 343236  

 13.04.2011 14:27     C:\Windows\Temp\Microsoft Visual C++ 2010  x64 Redistributable Setup_10.0.30319 --------- 0  

 13.04.2011 14:24     C:\Windows\Temp\dd_vcredistUI5527.txt --------- 11672  

 13.04.2011 14:24     C:\Windows\Temp\dd_vcredistMSI5527.txt --------- 428956  

 13.04.2011 14:24     C:\Windows\Temp\KB2446708_20110413_142034924.html --------- 55584  

 13.04.2011 14:24     C:\Windows\Temp\KB2446708_20110413_142034924-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 9827210  

 13.04.2011 14:20     C:\Windows\Temp\KB2446708_10.0.30319 --------- 0  

 04.04.2011 19:36     C:\Windows\Temp\fwtsqmfile16.sqm --------- 140  

 07.03.2011 13:46     C:\Windows\Temp\fwtsqmfile15.sqm --------- 608  

 06.03.2011 19:43     C:\Windows\Temp\fwtsqmfile14.sqm --------- 608  

 04.03.2011 16:24     C:\Windows\Temp\fwtsqmfile13.sqm --------- 608  

 04.03.2011 06:00     C:\Windows\Temp\fwtsqmfile12.sqm --------- 608  

 03.03.2011 20:16     C:\Windows\Temp\fwtsqmfile11.sqm --------- 608  

 02.03.2011 09:17     C:\Windows\Temp\fwtsqmfile10.sqm --------- 608  

 02.03.2011 09:07     C:\Windows\Temp\fwtsqmfile09.sqm --------- 608  

 28.02.2011 15:24     C:\Windows\Temp\fwtsqmfile08.sqm --------- 608  

 08.02.2011 12:04     C:\Windows\Temp\History --------- 0  

 08.02.2011 12:04     C:\Windows\Temp\Cookies --------- 0  

 08.02.2011 12:04     C:\Windows\Temp\Temporary Internet Files --------- 0  

 29.01.2011 04:58     C:\Windows\Temp\DMI9665.tmp --------- 0  

 11.01.2011 14:02     C:\Windows\Temp\dd_ATL90SP1_KB973924UI2F6B.txt --------- 11684  

 11.01.2011 14:02     C:\Windows\Temp\dd_ATL90SP1_KB973924MSI2F6B.txt --------- 230668  

 29.12.2010 15:04     C:\Windows\Temp\dd_ATL80SP1_KB973923UI67A7.txt --------- 11652  

 29.12.2010 15:04     C:\Windows\Temp\dd_ATL80SP1_KB973923MSI67A7.txt --------- 539368  

 27.12.2010 12:56     C:\Windows\Temp\dd_ATL80SP1_KB973923UI692D.txt --------- 11732  

 27.12.2010 12:56     C:\Windows\Temp\dd_ATL80SP1_KB973923MSI692D.txt --------- 543008  

 22.12.2010 01:34     C:\Windows\Temp\KB2160841_20101222_003253664.html --------- 55250  

 22.12.2010 01:34     C:\Windows\Temp\KB2160841_20101222_003253664-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 5035600  

 22.12.2010 01:32     C:\Windows\Temp\KB2160841_10.0.30319 --------- 0  

 22.12.2010 01:32     C:\Windows\Temp\KB2473228_20101222_003217254.html --------- 55508  

 22.12.2010 01:32     C:\Windows\Temp\KB2473228_20101222_003217254-Microsoft .NET Framework 4 Client Profile-MSP0.txt --------- 1144350  

 22.12.2010 01:32     C:\Windows\Temp\KB2473228_10.0.30319 --------- 0  

 22.12.2010 01:24     C:\Windows\Temp\dd_dotNetFx40LP_Client_x86_x64de_decompression_log.txt --------- 1326  

 22.12.2010 01:24     C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20101222_002345297.html --------- 249792  

 22.12.2010 01:24     C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_20101222_002345297-MSI_netfx_CoreLP_x64.msi.txt --------- 2145130  

 22.12.2010 01:23     C:\Windows\Temp\Microsoft .NET Framework Client Profile Language Pack Setup_4.0.30319 --------- 0  

 22.12.2010 01:23     C:\Windows\Temp\dd_dotNetFx40_Client_x86_x64_decompression_log.txt --------- 1355  

 22.12.2010 01:23     C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20101222_002015212.html --------- 585682  

 22.12.2010 01:23     C:\Windows\Temp\dd_SetupUtility.txt --------- 660  

 22.12.2010 01:23     C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_20101222_002015212-MSI_netfx_Core_x64.msi.txt --------- 7231410  

 22.12.2010 01:20     C:\Windows\Temp\Microsoft .NET Framework 4 Client Profile Setup_4.0.30319 --------- 0  

 21.12.2010 22:40     C:\Windows\Temp\TS_8ADA.tmp --------- 262144  

 21.12.2010 22:40     C:\Windows\Temp\TS_7B20.tmp --------- 524288  

 21.12.2010 22:40     C:\Windows\Temp\TS_794B.tmp --------- 196608  

 21.12.2010 22:40     C:\Windows\Temp\TS_69CF.tmp --------- 720896  

 21.12.2010 22:40     C:\Windows\Temp\TS_681A.tmp --------- 196608  

 21.12.2010 22:40     C:\Windows\Temp\TS_656A.tmp --------- 196608  

 21.12.2010 22:40     C:\Windows\Temp\TS_5DEA.tmp --------- 458752  

 21.12.2010 22:40     C:\Windows\Temp\TS_5A80.tmp --------- 327680  

 21.12.2010 22:40     C:\Windows\Temp\TS_53F9.tmp --------- 327680  

 21.12.2010 22:39     C:\Windows\Temp\DMIA266.tmp --------- 0  

 21.12.2010 22:39     C:\Windows\Temp\DMI93A7.tmp --------- 0  

 21.12.2010 22:39     C:\Windows\Temp\DMI6660.tmp --------- 0  

 21.12.2010 22:39     C:\Windows\Temp\FXSAPIDebugLogFile.txt --------- 0  

 21.12.2010 22:39     C:\Windows\Temp\FXSTIFFDebugLogFile.txt --------- 0  

 21.12.2010 22:39     C:\Windows\Temp\DMID632.tmp --------- 0  

----------------------------------------
 

 

C:\Users\Admin\AppData\Local\Temp
 

 30.06.2011 13:52     C:\Users\Admin\AppData\Local\Temp\D39B4B65_3692_4292_833F_2C81D15845EB --------- 8192  

 27.06.2011 23:20     C:\Users\Admin\AppData\Local\Temp\msdt --------- 0  

 27.06.2011 23:17     C:\Users\Admin\AppData\Local\Temp\wmsetup.log --------- 412  

 27.06.2011 23:16     C:\Users\Admin\AppData\Local\Temp\FXSAPIDebugLogFile.txt --------- 0  

 27.06.2011 23:16     C:\Users\Admin\AppData\Local\Temp\WPDNSE --------- 0  

 27.06.2011 23:16     C:\Users\Admin\AppData\Local\Temp\AdobeARM.log --------- 997  

 19.06.2011 04:58     C:\Users\Admin\AppData\Local\Temp\{482C0671-82A4-4BB3-A37D-3950825836D0} --------- 4096  

 19.06.2011 04:58     C:\Users\Admin\AppData\Local\Temp\{88740A71-EFE8-4593-9AA9-E637CB4A5D30} --------- 4096  

 19.06.2011 04:56     C:\Users\Admin\AppData\Local\Temp\D9EC2980-CA55-4E4C-A132-FF2B1EA5E36C --------- 4096  

 26.12.2010 15:20     C:\Users\Admin\AppData\Local\Temp\History --------- 0  

 26.12.2010 15:20     C:\Users\Admin\AppData\Local\Temp\Cookies --------- 0  

 26.12.2010 15:20     C:\Users\Admin\AppData\Local\Temp\Temporary Internet Files --------- 0  

 27.02.2007 23:08     C:\Users\Admin\AppData\Local\Temp\_isBF1D.exe --------- 456416  

 27.02.2007 23:08     C:\Users\Admin\AppData\Local\Temp\_is7D.exe --------- 456416  

 06.04.2005 18:39     C:\Users\Admin\AppData\Local\Temp\set593D.tmp --------- 121064  

----------------------------------------
 

 

C:\Program Files
 

 02.07.2011 19:43     C:\Program Files\EPSON --------- 0  

 15.06.2011 22:34     C:\Program Files\Internet Explorer --------- 4096  

 28.02.2011 14:49     C:\Program Files\Windows Sidebar --------- 4096  

 28.02.2011 14:49     C:\Program Files\Windows Mail --------- 4096  

 28.02.2011 14:49     C:\Program Files\DVD Maker --------- 4096  

 28.02.2011 14:49     C:\Program Files\Windows Portable Devices --------- 0  

 28.02.2011 14:49     C:\Program Files\Windows Media Player --------- 4096  

 28.02.2011 14:49     C:\Program Files\Windows Journal --------- 4096  

 28.02.2011 14:49     C:\Program Files\Windows Photo Viewer --------- 4096  

 28.02.2011 14:49     C:\Program Files\Windows Defender --------- 4096  

 24.12.2010 22:11     C:\Program Files\Common Files --------- 4096  

 24.12.2010 21:46     C:\Program Files\ATI --------- 0  

 24.12.2010 16:38     C:\Program Files\Wireless Console 2 --------- 4096  

 24.12.2010 16:05     C:\Program Files\ATKGFNEX --------- 4096  

 22.12.2010 02:09     C:\Program Files\Microsoft Security Client --------- 4096  

 21.12.2010 22:48     C:\Program Files\Windows NT --------- 4096  

 21.12.2010 22:48     C:\Program Files\Gemeinsame Dateien --------- 0  

 14.07.2009 07:32     C:\Program Files\MSBuild --------- 0  

 14.07.2009 07:32     C:\Program Files\Reference Assemblies --------- 0  

 14.07.2009 07:09     C:\Program Files\Uninstall Information --------- 0  

 14.07.2009 06:54     C:\Program Files\desktop.ini --------- 174  

----------------------------------------
 

 

C:\ProgramData\.. 
 

Admin    

Jonas    

Default    

Public    

All Users    

Default User    

desktop.ini    

----------------------------------------
 

 

C:\Windows\system32\drivers\etc\hosts
 
 

----------------------------------------
 

 
 

Abbildname                     PID Sitzungsname       Sitz.-Nr. Speichernutzung

========================= ======== ================ =========== ===============

System Idle Process              0 Services                   0            24 K

System                           4 Services                   0         1.096 K

smss.exe                       268 Services                   0         1.120 K

csrss.exe                      400 Services                   0         4.116 K

wininit.exe                    476 Services                   0         4.292 K

csrss.exe                      484 Console                    1         7.944 K

services.exe                   532 Services                   0         9.196 K

lsass.exe                      548 Services                   0        10.272 K

lsm.exe                        556 Services                   0         4.184 K

svchost.exe                    656 Services                   0         9.464 K

svchost.exe                    720 Services                   0         7.608 K

MsMpEng.exe                    772 Services                   0        71.076 K

atiesrxx.exe                   824 Services                   0         4.120 K

winlogon.exe                   876 Console                    1         6.884 K

svchost.exe                    928 Services                   0        20.120 K

svchost.exe                    980 Services                   0       117.012 K

svchost.exe                    108 Services                   0        40.944 K

svchost.exe                   1052 Services                   0        11.924 K

svchost.exe                   1156 Services                   0        31.384 K

AsLdrSrv.exe                  1324 Services                   0         3.688 K

atieclxx.exe                  1420 Console                    1         6.164 K

GFNEXSrv.exe                  1492 Services                   0         3.156 K

spoolsv.exe                   1572 Services                   0        12.276 K

svchost.exe                   1608 Services                   0        13.956 K

eEBSvc.exe                    1700 Services                   0         6.740 K

armsvc.exe                    1888 Services                   0         3.780 K

svchost.exe                   1944 Services                   0         5.296 K

NisSrv.exe                    2060 Services                   0         3.432 K

alg.exe                       2108 Services                   0         4.764 K

svchost.exe                   2228 Services                   0        19.768 K

WUDFHost.exe                  2256 Services                   0         5.824 K

taskhost.exe                  2448 Console                    1         9.192 K

dwm.exe                       2460 Console                    1        29.324 K

explorer.exe                  2504 Console                    1        50.676 K

rundll32.exe                  2704 Console                    1         5.720 K

HControl.exe                  2756 Console                    1         6.376 K

msseces.exe                   2932 Console                    1        15.156 K

HControlUser.exe              3040 Console                    1         3.228 K

ATKOSD2.exe                   3048 Console                    1         4.736 K

MOM.exe                       2308 Console                    1         5.096 K

wcourier.exe                  2792 Console                    1         5.764 K

Atouch64.exe                  2776 Console                    1         5.480 K

ATKOSD.exe                    2344 Console                    1         5.644 K

KBFiltr.exe                   2328 Console                    1         3.960 K

WDC.exe                       2572 Console                    1         5.080 K

CCC.exe                       1284 Console                    1         3.624 K

SearchIndexer.exe             3060 Services                   0        26.788 K

firefox.exe                   3192 Console                    1       174.868 K

NASvc.exe                     4072 Services                   0         6.288 K

wmpnetwk.exe                  3352 Services                   0        12.040 K

plugin-container.exe          4024 Console                    1        15.384 K

audiodg.exe                    204 Services                   0        15.372 K

OTL.exe                        600 Console                    1        24.424 K

opera.exe                     4040 Console                    1       245.776 K

AcroRd32.exe                  3480 Console                    1        10.128 K

AcroRd32.exe                  3552 Console                    1        23.448 K

cmd.exe                       4028 Console                    1         3.664 K

conhost.exe                    644 Console                    1         5.348 K

tasklist.exe                  2864 Console                    1         5.368 K

WmiPrvSE.exe                  1332 Services                   0         6.004 K
 

 

***** Ende des Scans 03.07.2011 um 12:19:10,92 ***

Auf den CCleaner würde ich gerne verzichten, das ist immer so nervig den wieder runterzuschmeißen. Ich habe einfach mal einen Screenshot gemacht von der Windows-Programm-Anzeige:http://www.trojaner-board.de/attachm...1&d=1309689266

Grüße Mata

EDIT: Auf dem MP3-Player meiner Schwester (der hing halt auch an dem Laptop meines Vaters) war der Conficker-Wurm, und MBAM hat den nicht gefunden... ist also für die Tonne.