Totalbird | 21.06.2012 15:12 | Hallo Arne,
anbei das Log vom OTL Quickscan. Code:
OTL logfile created on: 21.06.2012 16:01:25 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = E:\Dokumente und Einstellungen\Saskia\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,37 Gb Available Physical Memory | 68,55% Memory free
3,85 Gb Paging File | 3,34 Gb Available in Paging File | 86,76% Paging File free
Paging file location(s): E:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = E: | %SystemRoot% = E:\WINDOWS | %ProgramFiles% = E:\Programme
Drive C: | 97,65 Gb Total Space | 93,68 Gb Free Space | 95,93% Space Free | Partition Type: NTFS
Drive E: | 135,22 Gb Total Space | 106,28 Gb Free Space | 78,59% Space Free | Partition Type: NTFS
Drive F: | 1007,98 Mb Total Space | 715,39 Mb Free Space | 70,97% Space Free | Partition Type: FAT
Computer Name: SASKIAS | User Name: Saskia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.21 15:58:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Saskia\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) -- E:\Programme\ShadowExplorer\sesvc.exe
PRC - [2010.03.03 10:06:04 | 000,283,888 | ---- | M] (CA, Inc.) -- E:\Programme\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
PRC - [2009.09.12 23:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- E:\Programme\Citrix\ICA Client\concentr.exe
PRC - [2009.09.12 23:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- E:\Programme\Citrix\ICA Client\wfcrun32.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- E:\WINDOWS\explorer.exe
PRC - [2008.02.08 18:58:44 | 000,407,368 | ---- | M] (CA) -- C:\Programme\CA\eTrust Antivirus\Realmon.exe
PRC - [2007.02.05 08:57:24 | 000,106,496 | ---- | M] (CA, Inc.) -- E:\Programme\CA\SharedComponents\iTechnology\igateway.exe
PRC - [2007.01.19 16:16:46 | 000,061,440 | ---- | M] (AuthenTec,Inc) -- E:\WINDOWS\system32\FpLogonServ.exe
PRC - [2002.09.20 18:29:28 | 000,053,248 | ---- | M] (Computer Associates) -- E:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.23 16:53:34 | 017,403,904 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\bc254d2fa26664898ae21d45643bc194\System.ServiceModel.ni.dll
MOD - [2012.05.23 16:52:47 | 000,212,992 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8dc4a28c456f81ee7399da21bd9d55aa\System.ServiceProcess.ni.dll
MOD - [2012.05.23 16:52:46 | 011,817,472 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\7861cd979ea5db3fb7d30ed94fb0edd2\System.Web.ni.dll
MOD - [2012.05.20 20:13:07 | 000,261,632 | ---- | M] () -- E:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012.05.20 19:30:53 | 002,345,472 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
MOD - [2012.05.20 19:30:40 | 001,070,080 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\e09496ddb2bf6f3b69707924f2e6b5ff\System.IdentityModel.ni.dll
MOD - [2012.05.20 18:15:34 | 000,256,000 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\660c4d6dd69ef22bc05587e1998cd135\SMDiagnostics.ni.dll
MOD - [2012.05.20 18:14:56 | 000,627,200 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\41f6f6dd0c8427d4a8e6fd3915505a6b\System.Transactions.ni.dll
MOD - [2012.05.20 18:14:22 | 000,971,264 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012.05.20 16:43:45 | 005,450,752 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012.05.20 16:41:12 | 007,953,408 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012.05.20 16:40:57 | 011,492,352 | ---- | M] () -- E:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- E:\WINDOWS\system32\msdmo.dll
MOD - [2008.02.08 19:01:54 | 000,143,360 | ---- | M] () -- C:\Programme\CA\eTrust Antivirus\Lang\German\RealmonRes.dll
MOD - [2007.02.05 08:57:22 | 000,974,848 | ---- | M] () -- E:\Programme\CA\SharedComponents\iTechnology\libetpki_openssl_crypto.dll
MOD - [2007.02.05 08:57:22 | 000,798,720 | ---- | M] () -- E:\Programme\CA\SharedComponents\iTechnology\libeay32.dll
MOD - [2007.02.05 08:57:22 | 000,184,320 | ---- | M] () -- E:\Programme\CA\SharedComponents\iTechnology\libetpki_openssl_ssl.dll
MOD - [2007.02.05 08:57:22 | 000,155,648 | ---- | M] () -- E:\Programme\CA\SharedComponents\iTechnology\ssleay32.dll
MOD - [2007.02.05 08:57:22 | 000,073,728 | ---- | M] () -- E:\Programme\CA\SharedComponents\iTechnology\zlib.dll
MOD - [2006.11.20 19:04:06 | 000,856,064 | ---- | M] () -- E:\Programme\Lenovo Fingerprint Software\SharedResources.dll
MOD - [2006.11.08 11:15:58 | 000,118,784 | ---- | M] () -- E:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006.11.08 11:14:30 | 000,348,160 | ---- | M] () -- E:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2006.10.12 17:28:48 | 000,757,760 | ---- | M] () -- E:\WINDOWS\system32\bcm1xsup.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- E:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- E:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011.02.24 12:24:12 | 000,389,960 | ---- | M] (CA) [Auto | Stopped] -- C:\Programme\CA\eTrust Antivirus\InoTask.exe -- (InoTask)
SRV - [2011.01.02 21:29:50 | 000,009,216 | ---- | M] (www.shadowexplorer.com) [Auto | Running] -- E:\Programme\ShadowExplorer\sesvc.exe -- (sesvc)
SRV - [2010.03.03 10:06:04 | 000,283,888 | ---- | M] (CA, Inc.) [Auto | Running] -- E:\Programme\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe -- (ITMRTSVC)
SRV - [2010.03.03 10:02:57 | 000,208,896 | ---- | M] (CA) [Auto | Stopped] -- C:\Programme\CA\eTrust Antivirus\InoRT.exe -- (InoRT)
SRV - [2010.03.03 10:02:57 | 000,192,512 | ---- | M] (CA) [Auto | Stopped] -- C:\Programme\CA\eTrust Antivirus\InoRPC.exe -- (InoRPC)
SRV - [2007.02.05 08:57:24 | 000,106,496 | ---- | M] (CA, Inc.) [Auto | Running] -- E:\Programme\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway)
SRV - [2007.01.19 16:16:46 | 000,061,440 | ---- | M] (AuthenTec,Inc) [Auto | Running] -- E:\WINDOWS\system32\FpLogonServ.exe -- (FingerprintServer)
SRV - [2002.09.20 18:41:00 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- E:\Programme\CA\SharedComponents\CA_LIC\lic98rmtd.exe -- (CA_LIC_SRVR)
SRV - [2002.09.20 18:29:28 | 000,053,248 | ---- | M] (Computer Associates) [Auto | Running] -- E:\Programme\CA\SharedComponents\CA_LIC\LogWatNT.exe -- (LogWatch)
SRV - [2002.09.20 18:27:04 | 000,077,824 | ---- | M] (Computer Associates) [On_Demand | Stopped] -- E:\Programme\CA\SharedComponents\CA_LIC\lic98rmt.exe -- (CA_LIC_CLNT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\tocul.sys -- (heypjtw)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- E:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009.09.08 18:13:16 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- E:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm)
DRV - [2008.12.13 12:26:38 | 000,102,400 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- E:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007.10.18 22:14:32 | 000,184,080 | ---- | M] (Computer Associates) [File_System | Auto | Running] -- E:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR)
DRV - [2007.08.06 23:07:02 | 000,027,536 | ---- | M] (Computer Associates) [File_System | Boot | Running] -- E:\WINDOWS\system32\drivers\ino_flpy.sys -- (INO_FLPY)
DRV - [2007.04.10 16:55:28 | 000,140,808 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\atswpdrv.sys -- (ATSWPDRV) (****DEBUG****) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.02.16 16:46:42 | 000,160,256 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2007.01.30 19:57:00 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.01.23 18:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.08 14:49:42 | 000,012,544 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- E:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.08.30 15:53:00 | 001,161,152 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- E:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 D4 8A C1 E3 A0 CB 01 [binary data]
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\InprocServer32 File not found
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - SOFTWARE\Classes\CLSID\{f4e6547e-325b-403c-a3bb-ad29ed37a92f}\InprocServer32 File not found
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\SearchScopes,DefaultScope = {DCADCBAE-6423-40A1-8AC5-B8D657B6B457}
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=STC&o=16078&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=I7&apn_dtid=YYYYYYYYDE&apn_uid=25455365-AB2F-44A3-8F4C-94367A957717&apn_sauid=F3B9156A-4E64-476B-9001-31E8AD4100FF
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\SearchScopes\{DCADCBAE-6423-40A1-8AC5-B8D657B6B457}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_deDE347
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-920026266-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: e:\Programme\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: E:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: E:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: e:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: E:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2012.06.20 19:19:48 | 000,000,098 | ---- | M]) - E:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - E:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - E:\Programme\softonic-de3\prxtbsof0.dll File not found
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - E:\Programme\SearchElf_1.2\tbSea0.dll File not found
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - E:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - E:\Programme\softonic-de3\prxtbsof0.dll File not found
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (SearchElf 1.2 Toolbar) - {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - E:\Programme\SearchElf_1.2\tbSea0.dll File not found
O3 - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - E:\Programme\softonic-de3\prxtbsof0.dll File not found
O3 - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\Toolbar\WebBrowser: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Programme\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..\Toolbar\WebBrowser: (SearchElf 1.2 Toolbar) - {F4E6547E-325B-403C-A3BB-AD29ED37A92F} - E:\Programme\SearchElf_1.2\tbSea0.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] E:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] E:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] E:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AzMixerSel] E:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ConnectionCenter] E:\Programme\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [FingerPrintSoftware] E:\Programme\Lenovo Fingerprint Software\fpapp.exe (Authentec,Inc)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] E:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] E:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] E:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Realtime Monitor] C:\Programme\CA\eTrust Antivirus\realmon.exe (CA)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKU\S-1-5-21-1547161642-920026266-839522115-1003\..Trusted Domains: unielektro.de ([access] https in Vertrauenswürdige Sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.129.32.1 10.111.81.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5D01638-BC65-4475-814D-7672E2FA8058}: DhcpNameServer = 10.129.32.1 10.111.81.129
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - E:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - E:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - E:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (e:\windows\system32\userinit.exe) - E:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ATFUS: DllName - (E:\WINDOWS\system32\FpWinLogonNp.dll) - E:\WINDOWS\system32\FpWinlogonNp.dll (AuthenTec,Inc)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3d9fb594-3667-11df-968c-001eec99e93b}\Shell - "" = AutoRun
O33 - MountPoints2\{3d9fb594-3667-11df-968c-001eec99e93b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d9fb594-3667-11df-968c-001eec99e93b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3d9fb595-3667-11df-968c-001eec99e93b}\Shell - "" = AutoRun
O33 - MountPoints2\{3d9fb595-3667-11df-968c-001eec99e93b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d9fb595-3667-11df-968c-001eec99e93b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{74eea9e8-188e-11df-966e-001eec99e93b}\Shell - "" = AutoRun
O33 - MountPoints2\{74eea9e8-188e-11df-966e-001eec99e93b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{74eea9e8-188e-11df-966e-001eec99e93b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{74eea9ec-188e-11df-966e-001eec99e93b}\Shell - "" = AutoRun
O33 - MountPoints2\{74eea9ec-188e-11df-966e-001eec99e93b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{74eea9ec-188e-11df-966e-001eec99e93b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d46d50aa-f614-11de-9668-001eec99e93b}\Shell - "" = AutoRun
O33 - MountPoints2\{d46d50aa-f614-11de-9668-001eec99e93b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d46d50aa-f614-11de-9668-001eec99e93b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{e9c774b2-c981-11df-9700-001eec99e93b}\Shell - "" = AutoRun
O33 - MountPoints2\{e9c774b2-c981-11df-9700-001eec99e93b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e9c774b2-c981-11df-9700-001eec99e93b}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{fc548a0c-2698-11df-967d-001eec99e93b}\Shell\AutoRun\command - "" = F:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-1547161642-920026266-839522115-1003..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-1547161642-920026266-839522115-1003\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection E:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - E:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - e:\WINDOWS\system32\Rundll32.exe e:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - E:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - E:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - E:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "E:\WINDOWS\system32\rundll32.exe" "E:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: msacm.iac2 - E:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - E:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - E:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - E:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - E:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - E:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - E:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - E:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.06.21 15:58:15 | 000,000,000 | ---D | C] -- E:\WINDOWS\LastGood
[2012.06.21 15:50:17 | 000,596,992 | ---- | C] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Saskia\Desktop\OTL.exe
[2012.06.21 12:58:57 | 000,000,000 | ---D | C] -- E:\Reparatur
[2012.06.21 12:32:51 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\www.shadowexplorer.com
[2012.06.21 12:32:13 | 000,000,000 | ---D | C] -- E:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ShadowExplorer
[2012.06.21 12:32:08 | 000,000,000 | ---D | C] -- E:\Programme\ShadowExplorer
[2012.06.20 19:19:44 | 002,237,440 | R--- | C] (OldTimer Tools) -- E:\OTLPE.exe
[2012.06.20 19:19:39 | 000,000,000 | ---D | C] -- E:\_OTL
[2012.06.20 16:44:25 | 000,000,000 | ---D | C] -- E:\Programme\ESET
[2012.06.20 16:30:52 | 000,000,000 | -HSD | C] -- E:\found.000
[5 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.06.21 16:01:00 | 000,000,228 | ---- | M] () -- E:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.06.21 15:58:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- E:\Dokumente und Einstellungen\Saskia\Desktop\OTL.exe
[2012.06.21 13:18:00 | 000,001,090 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.21 13:18:00 | 000,001,086 | ---- | M] () -- E:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.21 12:32:13 | 000,001,532 | ---- | M] () -- E:\Dokumente und Einstellungen\Saskia\Desktop\ShadowExplorer.lnk
[2012.06.21 12:27:50 | 000,051,048 | ---- | M] () -- E:\WINDOWS\System32\nvapps.xml
[2012.06.21 12:27:49 | 000,002,206 | ---- | M] () -- E:\WINDOWS\System32\wpa.dbl
[2012.06.21 12:27:13 | 000,002,048 | --S- | M] () -- E:\WINDOWS\bootstat.dat
[2012.06.20 16:32:38 | 000,017,408 | ---- | M] () -- E:\WINDOWS\System32\rpcnetp.dll
[2012.06.20 16:32:06 | 000,017,408 | ---- | M] () -- E:\WINDOWS\System32\rpcnetp.exe
[2012.06.20 14:42:51 | 000,000,756 | ---- | M] () -- E:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.09 12:24:25 | 000,069,554 | ---- | M] () -- E:\Dokumente und Einstellungen\Saskia\Desktop\OTJlrjVLsyUtAULxq
[2012.05.26 15:18:35 | 000,044,544 | ---- | M] (Absolute Software Corp.) -- E:\WINDOWS\System32\agremove.exe
[5 E:\WINDOWS\System32\*.tmp files -> E:\WINDOWS\System32\*.tmp -> ]
[4 E:\WINDOWS\*.tmp files -> E:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.06.21 12:32:13 | 000,001,532 | ---- | C] () -- E:\Dokumente und Einstellungen\Saskia\Desktop\ShadowExplorer.lnk
[2012.06.09 12:23:58 | 000,481,078 | ---- | C] () -- E:\WINDOWS\System32\winsh325
[2012.06.09 12:23:58 | 000,481,078 | ---- | C] () -- E:\WINDOWS\System32\winsh324
[2012.06.02 10:34:50 | 000,017,408 | ---- | C] () -- E:\WINDOWS\System32\rpcnetp.dll
[2012.06.02 10:34:18 | 000,017,408 | ---- | C] () -- E:\WINDOWS\System32\rpcnetp.exe
[2012.02.19 04:05:06 | 000,003,072 | ---- | C] () -- E:\WINDOWS\System32\iacenc.dll
[2010.10.17 14:07:45 | 000,003,584 | ---- | C] () -- E:\Dokumente und Einstellungen\Saskia\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== LOP Check ==========
[2012.04.03 10:48:02 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Citrix
[2012.04.01 13:33:06 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.04.03 10:45:12 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Citrix
[2012.04.03 11:15:45 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\ICAClient
[2012.04.03 10:45:12 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Netscape
[2011.04.16 23:46:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\PriceGong
[2010.12.21 10:05:36 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\SharePod
[2012.06.21 12:32:51 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\www.shadowexplorer.com
[2012.06.21 16:01:00 | 000,000,228 | ---- | M] () -- E:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.09.13 12:01:50 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Adobe
[2012.05.20 18:38:14 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Apple Computer
[2012.04.03 10:45:12 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Citrix
[2009.09.30 21:44:15 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Google
[2012.04.03 11:15:45 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\ICAClient
[2009.02.16 17:38:39 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Identities
[2009.02.17 20:55:19 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Macromedia
[2011.04.18 22:03:58 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Malwarebytes
[2012.06.21 12:33:03 | 000,000,000 | --SD | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Microsoft
[2012.04.03 10:45:12 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Mozilla
[2012.04.03 10:45:12 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\Netscape
[2011.04.16 23:46:43 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\PriceGong
[2010.12.21 10:05:36 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\SharePod
[2009.12.31 16:47:58 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\U3
[2012.06.21 12:32:51 | 000,000,000 | ---D | M] -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\www.shadowexplorer.com
< %APPDATA%\*.exe /s >
[2006.05.24 14:36:38 | 000,110,592 | ---- | M] () -- E:\Dokumente und Einstellungen\Saskia\Anwendungsdaten\U3\temp\cleanup.exe
< %SYSTEMDRIVE%\*.exe >
[2011.07.13 04:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- E:\OTLPE.exe
< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.02.16 21:24:27 | 023,898,261 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.02.16 21:24:27 | 023,898,261 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- E:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,782,319 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.02.16 21:24:27 | 023,898,261 | ---- | M] () .cab file -- E:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.02.16 21:24:27 | 023,898,261 | ---- | M] () .cab file -- E:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- E:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- E:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- E:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- E:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- E:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- E:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- E:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- E:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- E:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- E:\WINDOWS\system32\scecli.dll
[2004.08.04 14:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- E:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- E:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- E:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004.08.04 14:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- E:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- E:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- E:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- E:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- E:\WINDOWS\system32\userinit.exe
[2004.08.04 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- E:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- E:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.04 14:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- E:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- E:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- E:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- E:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.02.16 18:05:00 | 000,094,208 | ---- | M] () -- E:\WINDOWS\System32\config\default.sav
[2009.02.16 18:05:00 | 000,663,552 | ---- | M] () -- E:\WINDOWS\System32\config\software.sav
[2009.02.16 18:05:00 | 000,450,560 | ---- | M] () -- E:\WINDOWS\System32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[5 E:\WINDOWS\system32\*.tmp files -> E:\WINDOWS\system32\*.tmp -> ]
< >
< End of report > |