| fratelli | 14.07.2012 16:00 |
Hi t`john,
vielen Dank für die rasche Hilfe, soeben wurde der Anti-Malwarescan beendet. Werde jetzt noch den Systemscan mit OTL durchführen.
Bis später
mfg
Christian
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download
Database version: v2012.07.14.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Katja :: PAPA-PC [limited]
Protection: Enabled
14.07.2012 12:46:13
mbam-log-2012-07-14 (12-46-13).txt
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 479575
Time elapsed: 3 hour(s), 46 minute(s), 19 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Katja\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TO7JXICZ\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
(end)
Hier noch die 2 logfiles von OTL,
besten Dank für die Bearbeitung schon mal im voraus
mfg
ChristianOTL Logfile: Code:
OTL Extras logfile created on: 14.07.2012 17:07:54 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Katja\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,22% Memory free
6,22 Gb Paging File | 4,18 Gb Available in Paging File | 67,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 317,69 Gb Free Space | 55,14% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,50 Gb Free Space | 57,51% Space Free | Partition Type: FAT32
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0242EC31-9801-4C17-98F6-2A12F52802FF}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{223A2EE1-5FFF-4259-BEF0-4A14C9F7E62F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{51A6DFE5-C746-449C-8C00-D2836F5A0D65}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{55259836-BF1A-48E2-A5DD-27F216231AD0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6F415073-2E88-469A-968E-8224210D6D5D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7C45F7F7-3419-4F95-A3A3-724A31D40320}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B2D334FA-991A-4AB4-A482-401EFFFFA319}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B844CC99-7802-4809-85BC-0CFF776F7095}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6290F47-519E-43DC-94D7-B4D4D9C28B21}" = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{066467BE-7029-439B-A7F6-C95615B0A457}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{16BB4490-C014-4260-A90D-39F74B1A1950}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1DE5FB4F-AD3C-49C2-9497-881920794330}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{25F78484-4D78-401F-A2AC-2318C64A1A31}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{51A711F8-5CD5-4323-A697-FA70921D0957}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5B4E31B7-E3FE-4C51-9D17-4041164D6F2F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7061C4CC-7AC0-4CC2-8CE2-3696A68EFD32}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A25E0717-CDBC-4480-8BFF-922F01A2B139}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A3C7CFBC-5973-4BE2-99E8-C2579C5A8A1C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D262A5D9-BD72-4B15-A00C-186FFF5E721A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D85241F9-4744-40C4-B5DA-03245DBAE7D3}" = protocol=6 | dir=out | app=system |
"{DC09EAA2-0D54-4CF6-953D-451DCB857A1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DD874802-50F1-4BBD-ABCD-D549566A4288}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E0DD3719-7EFE-4694-B5F3-89D8B458CBFA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E1E8C249-B369-4C11-8C02-11400449CD86}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7A858EA-3AD7-459A-A774-03D7CD83F650}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1D1814B9-9D58-4FC3-92D9-772F341C33DF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4B2BAC48-527D-4518-B1AA-FCE456431E34}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{CA12E95E-773B-4734-8D6C-5156AA46029F}C:\windows.old\program files\bayern 3d\bayern3d.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\bayern 3d\bayern3d.exe |
"TCP Query User{CDB11E99-B5FA-4AAC-9556-3509B28A2715}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{E1F4B1D0-B663-46FD-9236-758DF408D1F6}C:\program files\anno 1701\anno1701.exe" = protocol=6 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{5DF2C15B-903D-4913-8858-3EB50F727F81}C:\program files\anno 1701\anno1701.exe" = protocol=17 | dir=in | app=c:\program files\anno 1701\anno1701.exe |
"UDP Query User{73249B9D-4CE3-44D1-AFFF-9A693E6B1A9C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{92653D58-9674-4B9A-A57B-C941D071385C}C:\windows.old\program files\bayern 3d\bayern3d.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\bayern 3d\bayern3d.exe |
"UDP Query User{DBA009D9-57B3-44A6-B0C3-BB8427B3C9AA}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{FC9A27ED-6992-4AC8-88E4-B4ADC12369EF}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01CBFCE7-95AD-40F3-BC63-C46EFB2FC9C4}" = Pirates of the Caribbean - At Worlds End
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 17
"{2777021C-5C05-499A-B794-B9192378E2EB}" = Abenteuer Pferderücken
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{917C79E9-9E4E-11D6-B27C-0003FFFFFFFC}" = Fritz und Fertig
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A5630FAF-8EFC-42E9-868E-EB6B23F8EB64}" = Astérix & Obélix XXL2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.1 - Deutsch
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"BabylonToolbar" = Babylon toolbar on IE
"BullGuard" = BullGuard 9.0
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canorus" = Canorus
"DynaGeo_is1" = DynaGeo 3.5b
"Fotoservice" = Fotoservice
"InstallShield_{A5630FAF-8EFC-42E9-868E-EB6B23F8EB64}" = Astérix & Obélix XXL2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"PTGui" = PTGui Pro Trial 9.0.1
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Streets Racer_is1" = Streets Racer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dein Pferdecamp" = Dein Pferdecamp
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.07.2012 11:24:01 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 10.07.2012 11:24:06 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 11.07.2012 11:30:25 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 11.07.2012 11:30:32 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 12.07.2012 09:02:46 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 12.07.2012 09:02:47 | Computer Name = Papa-PC | Source = Microsoft-Windows-CAPI2 | ID = 131585
Description =
Error - 13.07.2012 15:11:53 | Computer Name = Papa-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16447, Zeitstempel
0x4fc9cd53, fehlerhaftes Modul USER32.dll, Version 6.0.6002.18541, Zeitstempel
0x4ec3e3d5, Ausnahmecode 0xc0000142, Fehleroffset 0x00009f5d, Prozess-ID 0x17f8,
Anwendungsstartzeit 01cd612b5ca3ce6f.
Error - 13.07.2012 15:28:50 | Computer Name = Papa-PC | Source = EventSystem | ID = 4621
Description =
Error - 13.07.2012 17:35:18 | Computer Name = Papa-PC | Source = EventSystem | ID = 4621
Description =
Error - 14.07.2012 04:55:54 | Computer Name = Papa-PC | Source = Windows Backup | ID = 4103
Description =
[ System Events ]
Error - 06.07.2012 09:37:46 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 08.07.2012 06:29:48 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 09.07.2012 08:22:25 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 09.07.2012 15:33:23 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 12.07.2012 04:25:08 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 13.07.2012 14:25:37 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 13.07.2012 15:15:09 | Computer Name = Papa-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{337FECF1-0095-4F03-9435-E14A54ADD259} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 13.07.2012 15:17:04 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 13.07.2012 15:22:22 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
Error - 14.07.2012 03:22:35 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7022
Description =
< End of report >
--- --- ---
OTL Logfile: Code:
OTL logfile created on: 14.07.2012 17:07:54 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Katja\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 44,22% Memory free
6,22 Gb Paging File | 4,18 Gb Available in Paging File | 67,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 317,69 Gb Free Space | 55,14% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 11,50 Gb Free Space | 57,51% Space Free | Partition Type: FAT32
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Katja\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
PRC - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
PRC - C:\Program Files\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
========== Modules (No Company Name) ==========
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\libxml2.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll ()
MOD - C:\Program Files\BullGuard Ltd\BullGuard\libbz2.dll ()
========== Win32 Services (SafeList) ==========
SRV - (de_serv) -- C:\Program Files\Common Files\AVM\de_serv.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (BsMain) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll (BullGuard Ltd.)
SRV - (BsUpdate) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (BullGuard Ltd.)
SRV - (BsFire) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll (BullGuard Ltd.)
SRV - (BsFileScan) -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll (BullGuard Ltd.)
SRV - (BsScanner) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.)
SRV - (BsMailProxy) -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll (BullGuard Ltd.)
SRV - (BsBrowser) -- C:\Program Files\BullGuard Ltd\BullGuard\BsBrowser.dll (BullGuard Ltd.)
SRV - (BgRaSvc) -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe (BullGuard Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeActiveFileMonitor7.0) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (BdSpy) -- C:\Windows\System32\drivers\BdSpy.sys (BullGuard Ltd.)
DRV - (litsgt) -- C:\Windows\System32\drivers\litsgt.sys ()
DRV - (tansgt) -- C:\Windows\System32\drivers\tansgt.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (AfwCore) -- C:\Windows\System32\drivers\AfwCore.sys (Agnitum Ltd.)
DRV - (afw) -- C:\Windows\System32\drivers\Afw.sys (Agnitum Ltd.)
DRV - (Trufos) -- C:\Program Files\BullGuard Ltd\BullGuard\Antirootkit\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\BullGuard Ltd\BullGuard\Antirootkit\profos.sys (BitDefender S.R.L.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (NCPro) -- C:\Windows\System32\drivers\MTictwl.sys ()
DRV - (MagicTune) -- C:\Windows\System32\drivers\MTictwl.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?affID=110000&babsrc=HP_ss&mntrId=92372c24000000000000002185688dee
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 5E 00 3D 68 D2 C9 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110000&babsrc=SP_ss&mntrId=92372c24000000000000002185688dee
IE - HKCU\..\SearchScopes\{8B800473-82D5-4FE9-A833-EC3E47D0FFDC}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADSA_de
IE - HKCU\..\SearchScopes\{A71EF412-593F-47E5-AD41-8FF167453ACE}: "URL" = hxxp://wetter.rtl.de/cp/shared/php/search_plz_ort.php?in={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2010.05.21 17:15:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2010.05.21 17:15:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2010.07.19 19:23:54 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2011.12.22 17:11:00 | 000,000,759 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Userinit] C:\Users\Papa\AppData\Roaming\appconf32.exe File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{337FECF1-0095-4F03-9435-E14A54ADD259}: DhcpNameServer = 192.168.2.1
O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img22.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{caaeddaf-e721-11de-a98d-002185688dee}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\{e5e97178-c553-11de-ac5e-002185688dee}\Shell - "" = AutoRun
O33 - MountPoints2\{e5e97178-c553-11de-ac5e-002185688dee}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk /r \??\J:)
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.14 12:41:26 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Malwarebytes
[2012.07.14 12:41:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.14 12:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.14 12:41:02 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.07.14 12:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.07.14 12:35:14 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\BabylonToolbar
[2012.07.14 12:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.07.14 12:34:50 | 000,000,000 | ---D | C] -- C:\Users\Papa\AppData\Roaming\Babylon
[2012.07.14 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.07.11 17:35:39 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.07.11 17:33:13 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.07.11 17:33:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.07.11 17:33:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.07.11 17:33:10 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.07.11 17:33:09 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.07.11 17:33:09 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.07.11 17:33:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.07.11 17:28:20 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2012.06.25 15:39:33 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.25 15:39:32 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.25 15:38:46 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.25 15:38:46 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.25 15:38:46 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.25 15:38:17 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.25 15:38:17 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Papa\AppData\Roaming\*.tmp files -> C:\Users\Papa\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.14 16:53:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.14 16:44:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.14 15:20:28 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 15:20:28 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.14 12:41:06 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.14 12:35:07 | 000,001,491 | ---- | M] () -- C:\user.js
[2012.07.14 09:21:21 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.14 09:20:50 | 004,503,728 | ---- | M] () -- C:\ProgramData\to_r0tsef.pad
[2012.07.14 09:20:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.14 09:20:21 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.13 21:10:52 | 000,001,724 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.12 18:44:28 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.07.12 18:44:28 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.07.11 18:01:06 | 000,342,776 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.09 14:51:30 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.07.09 14:51:30 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.07.09 14:51:30 | 000,122,636 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.07.09 14:51:30 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Papa\AppData\Roaming\*.tmp files -> C:\Users\Papa\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.14 12:41:06 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.14 12:35:05 | 000,001,491 | ---- | C] () -- C:\user.js
[2012.07.13 21:10:52 | 000,001,724 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.07.13 21:10:51 | 004,503,728 | ---- | C] () -- C:\ProgramData\to_r0tsef.pad
[2012.06.05 21:08:17 | 000,000,052 | ---- | C] () -- C:\ProgramData\cvjseapdcigvakj
[2011.12.15 10:28:27 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.11.21 16:58:16 | 000,024,306 | ---- | C] () -- C:\Users\Papa\AppData\Roaming\UserTile.png
[2010.11.20 11:50:56 | 000,001,359 | ---- | C] () -- C:\Windows\disney.ini
[2010.09.08 17:14:25 | 000,137,344 | ---- | C] () -- C:\Windows\System32\drivers\litsgt.sys
[2010.09.08 17:14:23 | 000,012,032 | ---- | C] () -- C:\Windows\System32\drivers\tansgt.sys
[2010.09.08 15:18:17 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.09.08 15:17:46 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.10.01 11:27:05 | 000,000,137 | ---- | C] () -- C:\Users\Papa\markus schlesag.vcf
[2009.10.01 11:27:05 | 000,000,128 | ---- | C] () -- C:\Users\Papa\Albert Resch.vcf
[2009.08.13 19:04:33 | 048,516,125 | ---- | C] () -- C:\Users\Papa\Panorama Bourg d`Oisans_bearbeitet-1.psd
[2009.08.13 19:02:07 | 034,928,180 | ---- | C] () -- C:\Users\Papa\Panorama Bourg d`Oisans 1_bearbeitet-1.psd
[2009.08.13 18:49:10 | 038,030,875 | ---- | C] () -- C:\Users\Papa\Panorama Casse deserte_bearbeitet-1.psd
[2009.08.13 18:44:45 | 053,080,248 | ---- | C] () -- C:\Users\Papa\Panorama Col d`Izoard 1_bearbeitet-1.psd
[2009.08.13 18:36:39 | 050,285,451 | ---- | C] () -- C:\Users\Papa\Panorama Col dÌzoard 1_bearbeitet-1.psd
[2009.08.11 21:11:56 | 050,251,393 | ---- | C] () -- C:\Users\Papa\Panorama Col dÌzoard 1.psd
[2009.08.11 21:04:11 | 068,029,504 | ---- | C] () -- C:\Users\Papa\Panorama Col d`Izoard 1.psd
[2009.08.11 21:01:34 | 037,926,996 | ---- | C] () -- C:\Users\Papa\Panorama Casse deserte.psd
[2009.08.11 20:57:58 | 040,814,395 | ---- | C] () -- C:\Users\Papa\Panorama Bourg d`Oisans 1.psd
[2009.08.11 20:54:59 | 058,792,932 | ---- | C] () -- C:\Users\Papa\Panorama Bourg d`Oisans.psd
[2009.08.11 18:50:32 | 050,726,008 | ---- | C] () -- C:\Users\Papa\Panorama Gardasee.psd
[2009.05.07 11:02:34 | 000,036,864 | ---- | C] () -- C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.07 10:30:23 | 000,007,916 | ---- | C] () -- C:\Users\Papa\AppData\Local\d3d9caps.dat
========== LOP Check ==========
[2012.05.15 19:32:53 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Amazon
[2012.07.14 12:34:50 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Babylon
[2012.07.14 12:35:15 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\BabylonToolbar
[2010.05.21 17:17:27 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\BullGuard
[2010.02.23 18:50:17 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\CoSoSys
[2010.11.20 11:54:52 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Disney Interactive Studios
[2010.03.23 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\DynaGeo
[2011.07.11 20:00:25 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\FRITZ!
[2009.05.22 18:23:36 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\FUJIFILM
[2009.08.01 09:01:33 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\KIDDINX
[2011.09.09 22:55:15 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\kock
[2010.09.08 14:44:52 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\Mindscape
[2010.11.21 16:58:16 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\PeerNetworking
[2011.01.29 18:42:46 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\PTGui
[2009.07.06 20:53:31 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\ScanSoft
[2011.09.09 22:55:19 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\UAs
[2011.09.09 22:55:29 | 000,000,000 | ---D | M] -- C:\Users\Papa\AppData\Roaming\xmldm
[2012.07.13 23:51:37 | 000,032,530 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
--- --- --- |
