frau blau | 09.08.2012 19:01 | da haste natürlich recht!
deswegen hab ich dann auch todesmutig auf den startknopf gedrückt und mit ohne dem script kam folgendes bei raus:
otl.txt:OTL Logfile: Code:
OTL logfile created on: 09.08.2012 19:41:52 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\judith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,70% Memory free
4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 20,78 Gb Free Space | 23,53% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 37,77 Gb Free Space | 42,92% Space Free | Partition Type: NTFS
Computer Name: JUDITH-LAPTOP | User Name: judith | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.09 18:54:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\judith\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.07.28 12:04:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.29 00:16:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.04 14:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Stopped] -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.03.10 14:40:42 | 000,368,640 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Media Share Software\IMSSync.exe -- (IMSSync)
SRV - [2007.02.13 10:54:20 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.04.14 03:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2006.04.14 03:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 03:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.13 20:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS -- (MTOnlPktAlyX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.06.29 00:17:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 00:17:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.18 09:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010.04.28 15:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010.01.13 12:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009.11.19 15:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus)
DRV - [2009.11.19 15:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5)
DRV - [2009.11.19 15:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009.11.19 15:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic)
DRV - [2009.11.19 15:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV - [2009.11.19 15:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009.11.19 15:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.08.01 15:27:35 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.06.19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.09.08 04:09:28 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.07.12 22:38:08 | 000,029,216 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2)
DRV - [2007.05.22 15:35:00 | 007,117,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.04.26 21:09:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.04.19 08:02:38 | 000,428,800 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2007.01.23 12:18:32 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 10:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 09:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.08 09:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5F4764C9-A953-44D8-BA81-4C334ADB8090}: "URL" = hxxp://rover.ebay.com/rover/1/711-53200-19255-0/1?satitle={searchTerms}&ext={searchTerms}&customid=&toolid=10001&campid=5336017972&type=3
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}: "URL" = hxxp://www.amazon.com/gp/search?keywords={searchTerms}&index=blended&tag=dffx-20&camp=1789&creative=9325&linkCode=ur2&ie=UTF-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.1
FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.3.668
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\judith\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\judith\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 12:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.15 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\judith\AppData\Roaming\14001.012 [2012.08.09 13:09:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 12:04:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.15 21:22:15 | 000,000,000 | ---D | M]
[2008.08.28 12:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judith\AppData\Roaming\mozilla\Extensions
[2012.07.27 15:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judith\AppData\Roaming\mozilla\Firefox\Profiles\jv4u9k0i.default\extensions
[2012.07.27 15:21:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\judith\AppData\Roaming\mozilla\Firefox\Profiles\jv4u9k0i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.05.01 10:57:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\judith\AppData\Roaming\mozilla\Firefox\Profiles\jv4u9k0i.default\extensions\moveplayer@movenetworks.com
[2012.07.23 22:36:10 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-1.xml
[2012.02.09 09:25:44 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-10.xml
[2012.02.15 21:22:33 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-11.xml
[2012.03.03 10:35:44 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-12.xml
[2012.01.03 11:19:19 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-13.xml
[2011.11.07 20:23:29 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-14.xml
[2010.07.28 19:44:32 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-2.xml
[2010.09.08 13:58:58 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-3.xml
[2010.09.10 20:26:05 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-4.xml
[2010.10.22 17:47:52 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-5.xml
[2010.10.29 15:09:47 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-6.xml
[2010.12.11 05:47:05 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-7.xml
[2011.03.03 12:19:18 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-8.xml
[2011.03.05 18:54:29 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin.xml
[2012.02.15 21:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.09 13:09:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\JUDITH\APPDATA\ROAMING\14001.012
[2012.06.26 15:44:36 | 000,013,610 | ---- | M] () (No name found) -- C:\USERS\JUDITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JV4U9K0I.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012.07.28 12:04:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 00:27:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.05 16:03:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.05 16:03:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.05 16:03:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.05 16:03:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.05 16:03:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.05 16:03:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://start.icq.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\judith\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\judith\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\judith\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\judith\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1111071922\ICQToolBar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Play AVStation TV Scheduler] C:\Programme\Samsung\Play AVStation\TvScheduler.exe (SAMSUNG ELECTRONICS CO., LTD.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ViivMonitor] C:\Programme\Intel\Intel Media Share Software\Viivmonitor.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{0F8B7CF5-D11E-2F73-A9D6-AB64BD6D5E2C}] C:\Users\judith\AppData\Roaming\Zevoy\kazoce.exe File not found
O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [Spotify] "C:\Users\judith\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart File not found
O4 - HKCU..\Run: [Userinit] C:\Users\judith\AppData\Roaming\appConf32.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\judith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.36.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69BD2918-3029-45D8-A76C-C7DF7133C9C7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5CA02BA-7782-400A-8365-252747C2D0BF}: DhcpNameServer = 192.168.36.254
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\judith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\judith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16324f3b-cc3a-11dd-8ec4-00027876abef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe SOPHIA.vbs
O33 - MountPoints2\{cff1a469-fb99-11df-ad33-c20ddd37da63}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{d12eee3f-d41c-11de-9e5f-cbb449f398e5}\Shell\AutoRun\command - "" = F:\start.bat
O33 - MountPoints2\{e2932a19-a121-11df-96f7-fc4af23e93bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e2932a19-a121-11df-96f7-fc4af23e93bb}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.08.09 18:54:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\judith\Desktop\OTL.exe
[2012.08.09 13:09:14 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.012
[2012.08.08 16:05:09 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\UAs
[2012.08.08 13:38:23 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.011
[2012.08.07 13:49:03 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.010
[2012.08.07 00:29:53 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.009
[2012.07.31 19:17:14 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.008
[2012.07.30 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.007
[2012.07.28 23:31:10 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.006
[2012.07.28 05:04:42 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\13001.030
[2012.07.27 15:28:16 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\xmldm
[2012.07.27 15:28:14 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\kock
[2012.07.22 22:17:56 | 000,000,000 | ---D | C] -- C:\Users\judith\Desktop\dach
[2012.07.15 19:26:52 | 000,000,000 | ---D | C] -- C:\Users\judith\Desktop\blu
[2010.08.08 16:10:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3CDF.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\judith\AppData\Roaming\*.tmp files -> C:\Users\judith\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.09 19:40:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.09 18:54:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\judith\Desktop\OTL.exe
[2012.08.09 18:48:03 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.09 18:47:20 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.08.09 18:46:12 | 000,000,017 | ---- | M] () -- C:\Users\judith\AppData\Roaming\blckdom.res
[2012.08.09 18:44:34 | 000,144,646 | ---- | M] () -- C:\Users\judith\AppData\Roaming\nvModes.001
[2012.08.09 18:44:09 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.08.09 18:43:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 18:43:46 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 18:24:45 | 000,001,356 | ---- | M] () -- C:\Users\judith\AppData\Local\d3d9caps.dat
[2012.08.09 17:57:21 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-717154487-1992195405-1131984250-1003UA.job
[2012.08.09 16:06:15 | 000,001,716 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.09 13:10:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-717154487-1992195405-1131984250-1003Core.job
[2012.08.09 13:09:05 | 000,200,336 | ---- | M] () -- C:\Users\judith\AppData\Roaming\AcroIEHelpe186.dll
[2012.08.09 13:09:05 | 000,006,400 | ---- | M] () -- C:\Users\judith\AppData\Roaming\BAcroIEHelpe186.dll
[2012.08.08 14:50:58 | 000,235,373 | ---- | M] () -- C:\Users\judith\Desktop\grune.jpg
[2012.08.08 14:46:56 | 000,588,240 | ---- | M] () -- C:\Users\judith\Desktop\DSC01969.JPG
[2012.08.08 14:45:42 | 000,481,379 | ---- | M] () -- C:\Users\judith\Desktop\DSC01968.JPG
[2012.08.07 20:35:18 | 000,244,713 | ---- | M] () -- C:\Users\judith\Desktop\DSC01971.JPG
[2012.08.07 20:35:10 | 000,318,764 | ---- | M] () -- C:\Users\judith\Desktop\DSC01970.JPG
[2012.08.07 19:00:32 | 000,709,157 | ---- | M] () -- C:\Users\judith\Desktop\DSC01967.JPG
[2012.08.07 14:02:04 | 001,711,637 | ---- | M] () -- C:\Users\judith\Desktop\berg.jpg
[2012.08.07 11:03:22 | 211,594,047 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.05 08:25:44 | 000,011,191 | ---- | M] () -- C:\Users\judith\Desktop\RES_K6P3A130810_0.pdf
[2012.08.02 14:21:24 | 000,519,721 | ---- | M] () -- C:\Users\judith\Desktop\dith_freunde.jpg
[2012.07.31 22:16:14 | 000,388,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.28 23:32:59 | 000,750,544 | ---- | M] () -- C:\Users\judith\Desktop\spree.jpg
[2012.07.24 23:37:16 | 000,020,814 | ---- | M] () -- C:\Users\judith\Desktop\brief prüfungsamt.odt
[2012.07.24 21:18:59 | 000,144,646 | ---- | M] () -- C:\Users\judith\AppData\Roaming\nvModes.dat
[2012.07.24 00:41:48 | 001,709,754 | ---- | M] () -- C:\Users\judith\Desktop\image.gif
[2012.07.23 21:55:40 | 000,252,794 | ---- | M] () -- C:\Users\judith\Desktop\dDSC01918.jpg
[2012.07.23 21:54:54 | 000,306,248 | ---- | M] () -- C:\Users\judith\Desktop\dDSC01915.jpg
[2012.07.23 21:53:49 | 000,304,001 | ---- | M] () -- C:\Users\judith\Desktop\dDSC01916.jpg
[2012.07.23 21:49:20 | 000,243,735 | ---- | M] () -- C:\Users\judith\Desktop\DSC01917.jpg
[2012.07.23 21:47:27 | 000,373,378 | ---- | M] () -- C:\Users\judith\Desktop\DSC01927.jpg
[2012.07.13 19:47:37 | 000,007,680 | ---- | M] () -- C:\test_pre2.grf
[2012.07.11 23:28:16 | 000,103,738 | ---- | M] () -- C:\Users\judith\Documents\Klages_zu_Fraser.pdf
[2012.07.10 23:31:40 | 000,180,598 | ---- | M] () -- C:\Users\judith\Desktop\Inside Job.DE.srt
[2012.07.10 23:31:40 | 000,006,354 | ---- | M] () -- C:\Users\judith\Desktop\inside.job.(4456240).nfo
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\judith\AppData\Roaming\*.tmp files -> C:\Users\judith\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.09 16:06:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.08.09 16:06:14 | 000,001,716 | ---- | C] () -- C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.09 13:09:05 | 000,200,336 | ---- | C] () -- C:\Users\judith\AppData\Roaming\AcroIEHelpe186.dll
[2012.08.09 13:09:05 | 000,006,400 | ---- | C] () -- C:\Users\judith\AppData\Roaming\BAcroIEHelpe186.dll
[2012.08.08 14:50:58 | 000,235,373 | ---- | C] () -- C:\Users\judith\Desktop\grune.jpg
[2012.08.08 14:46:08 | 000,588,240 | ---- | C] () -- C:\Users\judith\Desktop\DSC01969.JPG
[2012.08.08 14:45:42 | 000,481,379 | ---- | C] () -- C:\Users\judith\Desktop\DSC01968.JPG
[2012.08.07 20:35:18 | 000,244,713 | ---- | C] () -- C:\Users\judith\Desktop\DSC01971.JPG
[2012.08.07 20:35:10 | 000,318,764 | ---- | C] () -- C:\Users\judith\Desktop\DSC01970.JPG
[2012.08.07 19:00:32 | 000,709,157 | ---- | C] () -- C:\Users\judith\Desktop\DSC01967.JPG
[2012.08.07 14:02:00 | 001,711,637 | ---- | C] () -- C:\Users\judith\Desktop\berg.jpg
[2012.08.07 13:56:34 | 000,608,219 | ---- | C] () -- C:\Users\judith\Desktop\kar.jpg
[2012.08.05 08:25:44 | 000,011,191 | ---- | C] () -- C:\Users\judith\Desktop\RES_K6P3A130810_0.pdf
[2012.08.02 14:21:20 | 000,519,721 | ---- | C] () -- C:\Users\judith\Desktop\dith_freunde.jpg
[2012.07.28 23:32:59 | 000,750,544 | ---- | C] () -- C:\Users\judith\Desktop\spree.jpg
[2012.07.28 05:04:21 | 000,000,017 | ---- | C] () -- C:\Users\judith\AppData\Roaming\blckdom.res
[2012.07.24 10:53:08 | 000,020,814 | ---- | C] () -- C:\Users\judith\Desktop\brief prüfungsamt.odt
[2012.07.24 00:41:29 | 001,709,754 | ---- | C] () -- C:\Users\judith\Desktop\image.gif
[2012.07.23 21:55:40 | 000,252,794 | ---- | C] () -- C:\Users\judith\Desktop\dDSC01918.jpg
[2012.07.23 21:54:53 | 000,306,248 | ---- | C] () -- C:\Users\judith\Desktop\dDSC01915.jpg
[2012.07.23 21:53:49 | 000,304,001 | ---- | C] () -- C:\Users\judith\Desktop\dDSC01916.jpg
[2012.07.23 21:49:20 | 000,243,735 | ---- | C] () -- C:\Users\judith\Desktop\DSC01917.jpg
[2012.07.23 21:47:26 | 000,373,378 | ---- | C] () -- C:\Users\judith\Desktop\DSC01927.jpg
[2012.07.11 23:28:16 | 000,103,738 | ---- | C] () -- C:\Users\judith\Documents\Klages_zu_Fraser.pdf
[2012.07.10 23:32:01 | 000,180,598 | ---- | C] () -- C:\Users\judith\Desktop\Inside Job.DE.srt
[2012.07.10 23:32:01 | 000,006,354 | ---- | C] () -- C:\Users\judith\Desktop\inside.job.(4456240).nfo
[2012.06.03 18:52:21 | 000,018,944 | ---- | C] () -- C:\Users\judith\AppData\Local\{32688a30-3a69-8fae-d0a5-73fcdd98adae}\U\800000cb.@
[2012.05.22 22:38:48 | 000,012,288 | ---- | C] () -- C:\Users\judith\AppData\Local\{32688a30-3a69-8fae-d0a5-73fcdd98adae}\U\80000000.@
[2012.05.14 10:41:44 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.12 14:50:16 | 000,002,048 | -HS- | C] () -- C:\Users\judith\AppData\Local\{32688a30-3a69-8fae-d0a5-73fcdd98adae}\@
[2011.02.23 00:24:14 | 000,000,298 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2010.03.31 19:39:42 | 000,001,356 | ---- | C] () -- C:\Users\judith\AppData\Local\d3d9caps.dat
[2009.05.12 22:41:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\judith\AppData\Roaming\appconf32.exe
[2008.05.26 12:54:18 | 000,000,218 | ---- | C] () -- C:\Users\judith\.recently-used.xbel
[2008.04.15 15:15:37 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.03.31 23:31:03 | 000,044,544 | ---- | C] () -- C:\Users\judith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.24 20:52:55 | 000,214,719 | ---- | C] () -- C:\Users\judith\GmailReader.gadget
[2008.03.22 00:51:27 | 000,000,000 | ---- | C] () -- C:\Program Files\gaimfoo.bar
[2008.03.10 12:25:30 | 000,144,646 | ---- | C] () -- C:\Users\judith\AppData\Roaming\nvModes.001
[2008.03.10 12:20:01 | 000,144,646 | ---- | C] () -- C:\Users\judith\AppData\Roaming\nvModes.dat
[2008.03.10 00:47:39 | 000,000,000 | ---- | C] () -- C:\Program Files\pidginfoo.bar
========== LOP Check ==========
[2008.07.01 21:30:49 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\.purple
[2012.07.28 05:04:42 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\13001.030
[2012.07.28 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.006
[2012.07.30 20:45:52 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.007
[2012.07.31 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.008
[2012.08.07 00:29:53 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.009
[2012.08.07 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.010
[2012.08.08 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.011
[2012.08.09 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.012
[2012.03.23 13:26:08 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Amazon
[2012.08.09 18:45:18 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Dropbox
[2008.06.30 22:29:48 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\gtk-2.0
[2012.08.08 14:36:08 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\ICQ
[2008.09.07 20:50:12 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\InfraRecorder
[2011.12.09 00:22:48 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Juniper Networks
[2012.07.27 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\kock
[2009.03.25 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\OpenOffice.org
[2010.08.08 16:07:17 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Sony
[2010.08.08 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Sony Setup
[2010.09.10 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\T-Online
[2012.08.08 16:05:09 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\UAs
[2012.04.12 20:28:00 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Utigk
[2012.08.08 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\xmldm
[2012.05.14 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Zevoy
[2012.08.09 18:48:04 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\Windows:12B08B7171003227
< End of report > --- --- ---
extras.txt:OTL Logfile: Code:
OTL Extras logfile created on: 09.08.2012 19:41:52 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\judith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,70% Memory free
4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 20,78 Gb Free Space | 23,53% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 37,77 Gb Free Space | 42,92% Space Free | Partition Type: NTFS
Computer Name: JUDITH-LAPTOP | User Name: judith | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{20FD0551-2CED-48F3-A730-E6AE37D1DCDC}" = rport=138 | protocol=17 | dir=out | app=system |
"{40179957-104E-4CEF-B717-654CB142BCDD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{49E0842D-E882-4987-8C64-3BD385072127}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DC76246-52FE-4206-85F8-F6817598EAA9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4EE7F6D0-27E9-4020-8B4B-9048996C5427}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55E38BAB-8D93-45C5-AB93-4C90720ADCB8}" = lport=445 | protocol=6 | dir=in | app=system |
"{5A7082DB-5409-4063-892D-F6C176E13BBB}" = rport=137 | protocol=17 | dir=out | app=system |
"{5E5F1CE1-E7ED-4010-8989-45B36EE549F7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{79BBB485-27DD-4963-9112-1E40778414FB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{82493D04-2FE8-43BF-B6AC-85DEC8A0DBCD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{85087067-5429-445F-8983-7BDDB50BBC54}" = rport=445 | protocol=6 | dir=out | app=system |
"{886C5E9A-7C9E-4530-9C20-02F3E5D27339}" = lport=139 | protocol=6 | dir=in | app=system |
"{90438B2F-1A56-4490-B9C4-DFA3D478432A}" = lport=138 | protocol=17 | dir=in | app=system |
"{969250CF-D10C-43FB-80EE-5B828C21C7C0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{96FE1158-BD65-43DC-87CD-31034B17FDA7}" = rport=139 | protocol=6 | dir=out | app=system |
"{C333A028-7FDD-452C-AA14-0AA18230D8D3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CF5A6BBB-F85E-49B2-89C9-85A977C790B9}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D205475C-BCFB-47EF-BA39-8C474A375199}" = lport=137 | protocol=17 | dir=in | app=system |
"{DAA0457D-6141-472D-9A48-67703C0C6966}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7133918-702B-4EEF-A793-A591120CA4AB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EF6E97AB-E496-4E8A-A172-8EA4E4FA7A86}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F81D8AD5-E2B1-4FA0-8B00-DADADB689874}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FD180561-E6A5-4386-BB60-C8A34D07DAD0}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04BA7901-6F99-4E07-95F4-116EDBAD7D9A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{085DEDAE-C8DC-48EA-9F44-EF290348437D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C066D6D-1ACB-4792-B595-ABC26F820A1E}" = protocol=17 | dir=in | app=e:\alicecd.exe |
"{12EF67FD-2B55-4318-AE47-2C47A7C7061B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{16CB8060-B38C-48DE-BB51-B4376B1A8DBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1AC25B7B-126C-4D58-BD20-E5ED87EAE76A}" = protocol=6 | dir=in | app=e:\alicecd.exe |
"{1F1BD9A9-88B1-4463-B12E-7527B4D715CE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{203F3FE2-5DDD-4374-8B18-F6655BBB9532}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24348385-9324-43BA-BBD0-BD17A11B436A}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{27F72C8E-985A-4CD2-BD86-970835870AAD}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2FB552D9-BA6C-4C9D-9971-EECB4560EEE5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3DEF80FD-FB3B-4DBA-B3BC-BBB4B94D2DDC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4329C3F8-77A5-4457-9AC2-F2D8C081A5D3}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{476BA06C-BB2E-4CE7-87B9-EDE7EC901DB7}" = protocol=6 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"{55AC742C-9CA7-4F94-856E-EBF0933A248E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5BDB0DBC-9F56-4A47-80AB-0B20B13058FB}" = protocol=6 | dir=in | app=c:\program files\intel\intel media share software\imssync.exe |
"{6D9BCA58-DEE4-4B97-9329-BD2F64133A6F}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{72382BF2-D405-4B93-9E85-D50A3BF620B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77B91757-5D24-4C7A-959F-16C8E17E63B5}" = protocol=6 | dir=in | app=c:\users\judith\appdata\roaming\dropbox\bin\dropbox.exe |
"{7AB82AD0-82B1-4787-865D-598DDEACF5DE}" = protocol=17 | dir=in | app=c:\users\judith\appdata\roaming\dropbox\bin\dropbox.exe |
"{80180A4E-1FEF-4187-9E11-321E4415DDBF}" = protocol=6 | dir=out | app=system |
"{8499DE25-F224-41A3-BB53-A7F9D7E30493}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9301212A-A148-437C-9200-5DC6D800988C}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{9370F8E7-7501-4EF9-BD00-DAAB36C17EF6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{954C539E-B85B-45AD-824D-A46DEBB1B9D1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{99013C55-0B89-40CF-8210-F1B861B657E3}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{AA0EDEE5-80E2-46B2-995C-BD8C2A80FC22}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0E45015-7D5B-44F7-B386-ECC74E1574FB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{D1681AD6-AD7B-49B9-9F72-D08AA7214B9D}" = protocol=17 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"{D5F8BA9F-52ED-423B-83A2-FAF1C42E8B89}" = protocol=17 | dir=in | app=c:\program files\intel\intel media share software\imssync.exe |
"{DAD3CFC8-09CC-428E-9149-8620FC490243}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E5E7C6A4-DADF-49D5-81D9-21D7C9E702EE}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{ECF348E4-BC35-411A-8BCC-41829DE0EF7C}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{EDD81ABD-C2F9-49B2-94CA-0C33F7218095}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7027FBD-48C4-455D-915D-261A2E29643F}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"TCP Query User{025A5A84-DC67-4021-ADDA-1A42FBAB7C50}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{04AA7938-ED7A-4135-B24E-3EEB19ACFD70}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{126B346A-E34D-4EA1-A3F7-B27EFD512079}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1CE1CBB8-0FBF-47C5-AF69-40FE51CD67AC}C:\users\judith\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\judith\appdata\roaming\spotify\spotify.exe |
"TCP Query User{6E5B17B4-2BCF-486E-9FC4-5AF6437281EB}C:\program files\intel\intel media share software\imss.exe" = protocol=6 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"TCP Query User{985554C6-21ED-4E91-B73B-CC80B82CD01D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{A43E7344-0F51-4B39-99EE-5AB0A8711002}C:\program files\digsby\lib\digsby-app.exe" = protocol=6 | dir=in | app=c:\program files\digsby\lib\digsby-app.exe |
"TCP Query User{ACA0979F-3D6F-4A6C-8AD3-69C8A047D55E}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{F953F078-3F20-48FC-8BE1-20BB23B1E45D}C:\program files\digsby\digsby.exe" = protocol=6 | dir=in | app=c:\program files\digsby\digsby.exe |
"UDP Query User{28D113B9-79AE-416D-B77D-4F029FC85C95}C:\program files\digsby\lib\digsby-app.exe" = protocol=17 | dir=in | app=c:\program files\digsby\lib\digsby-app.exe |
"UDP Query User{39BAB0C1-DD21-4E0C-930F-E59332C9D61A}C:\program files\intel\intel media share software\imss.exe" = protocol=17 | dir=in | app=c:\program files\intel\intel media share software\imss.exe |
"UDP Query User{3A787DA7-721E-4A13-99D2-105BADD2CD67}C:\users\judith\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\judith\appdata\roaming\spotify\spotify.exe |
"UDP Query User{50237F5C-DFDC-4F28-AB35-BF3AA5072FF5}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{5AD93242-2B0F-46ED-851F-C78368E4B17B}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{6B2F03FE-3EA7-434C-B567-EAD08C433667}C:\program files\digsby\digsby.exe" = protocol=17 | dir=in | app=c:\program files\digsby\digsby.exe |
"UDP Query User{70619D9D-1556-4DC3-870E-215ACA29FFE3}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{C4C2239E-E9F0-4DA3-8603-7BCEE9A0454D}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{DB8CF28E-CE7A-4DEE-8A49-05AA2DC18823}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}" = imagine digital freedom - Samsung
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution II
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{531BC138-F1F7-496B-879C-F039ECEF438D}" = Adobe Photoshop Lightroom 2
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6774184C-2DB4-4B88-BDBE-4A8535F1693D}" = MacDrive 8
"{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CC53910-973E-4DD4-AC3D-E2A3E5439346}" = Intel® Media-Share-Software
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0
"{804F1285-8CBF-408D-8CDC-D4D40003B2E4}" = PlayCamera
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"{96C267DA-0926-4C11-B4E7-4D3EF85130D0}" = Paint.NET v3.22
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A70800000002}" = Adobe Reader 7.0.8 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager für Outlook 2007" = Business Contact Manager für Outlook 2007
"CANONBJ_Deinstall_CNMCP5y.DLL" = Canon PIXMA iP1500
"Digsby" = Digsby
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"ICQToolbar" = ICQ Toolbar
"InfraRecorder" = InfraRecorder
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{685707A4-911C-468D-BFC4-64A50E5E3A0C}" = Samsung Update Plus
"InstallShield_{955597D8-E5E1-474D-B647-60AC44566D24}" = Play AVStation
"InstallShield_{FD53302C-8E7B-4730-8AD8-86A889BDBFAB}" = AVStation Now
"IsoBuster_is1" = IsoBuster 2.3
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"LEROY" = LEROY Wallpaper
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars.net" = PokerStars.net
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"XP Codec Pack" = XP Codec Pack
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Spotify" = Spotify
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.08.2012 12:12:29 | Computer Name = judith-laptop | Source = MSSQL$MSSMLBIZ | ID = 3409
Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für
Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz
neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen
Registrierungsberechtigungen verfügt.
Error - 09.08.2012 12:14:54 | Computer Name = judith-laptop | Source = EventSystem | ID = 4609
Description =
Error - 09.08.2012 12:38:44 | Computer Name = judith-laptop | Source = MSSQL$MSSMLBIZ | ID = 8313
Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren.
SQL Server-Leistungsindikatoren sind deaktiviert.
Error - 09.08.2012 12:38:44 | Computer Name = judith-laptop | Source = MSSQL$MSSMLBIZ | ID = 3409
Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für
Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz
neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen
Registrierungsberechtigungen verfügt.
Error - 09.08.2012 12:43:48 | Computer Name = judith-laptop | Source = MSSQL$MSSMLBIZ | ID = 8313
Description = Fehler beim Zuordnen von Indizes und Namen für SQL Server-Leistungsobjekte/Leistungsindikatoren.
SQL Server-Leistungsindikatoren sind deaktiviert.
Error - 09.08.2012 12:43:48 | Computer Name = judith-laptop | Source = MSSQL$MSSMLBIZ | ID = 3409
Description = Fehler beim Einrichten des gemeinsam genutzten Speicherbereichs für
Leistungsindikatoren. Fehlercode: -1. Installieren Sie 'sqlctr.ini' für diese Instanz
neu, und stellen Sie sicher, dass das Anmeldekonto der Instanz über die richtigen
Registrierungsberechtigungen verfügt.
Error - 09.08.2012 12:50:03 | Computer Name = judith-laptop | Source = EventSystem | ID = 4609
Description =
Error - 09.08.2012 13:02:02 | Computer Name = judith-laptop | Source = EventSystem | ID = 4609
Description =
Error - 09.08.2012 13:17:04 | Computer Name = judith-laptop | Source = EventSystem | ID = 4609
Description =
Error - 09.08.2012 13:40:35 | Computer Name = judith-laptop | Source = EventSystem | ID = 4609
Description =
[ Media Center Events ]
Error - 17.02.2009 09:30:31 | Computer Name = judith-laptop | Source = ehRecvr | ID = 3
Description =
Error - 17.02.2009 09:30:56 | Computer Name = judith-laptop | Source = ehRecvr | ID = 3
Description =
Error - 20.09.2009 07:22:00 | Computer Name = judith-laptop | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 09/20/2009 13:22:00
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
Error - 18.11.2009 04:02:59 | Computer Name = judith-laptop | Source = Recording | ID = 19
Description = Der Aufzeichnungszeitplan war beschädigt und wurde am 11/18/2009 09:02:59
automatisch gelöscht. Möglicherweise müssen Sie die Aufzeichnungen erneut planen.
[ System Events ]
Error - 01.10.2009 03:44:24 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 01.10.2009 15:30:14 | Computer Name = judith-laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.20 für die Netzwerkkarte mit der Netzwerkadresse
001CBF467CF4 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 01.10.2009 15:30:33 | Computer Name = judith-laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.39 für die Netzwerkkarte mit der Netzwerkadresse
001CBF467CF4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 04.10.2009 05:11:46 | Computer Name = judith-laptop | Source = HTTP | ID = 15016
Description =
Error - 04.10.2009 05:13:21 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 04.10.2009 11:46:17 | Computer Name = judith-laptop | Source = HTTP | ID = 15016
Description =
Error - 04.10.2009 11:47:53 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 05.10.2009 12:03:46 | Computer Name = judith-laptop | Source = HTTP | ID = 15016
Description =
Error - 05.10.2009 12:05:26 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 06.10.2009 04:00:01 | Computer Name = judith-laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.10.2009 um 06:57:07 unerwartet heruntergefahren.
< End of report > --- --- ---
so, eine menge infos oder so.
hee.
ich habs heute nochmal mit deinem script probiert. und es hat geklappt. dabei kam folgendes heraus.
otl:OTL Logfile: Code:
OTL logfile created on: 10.08.2012 11:05:10 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\judith\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,59 Gb Available Physical Memory | 79,46% Memory free
4,23 Gb Paging File | 3,97 Gb Available in Paging File | 93,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,31 Gb Total Space | 20,73 Gb Free Space | 23,48% Space Free | Partition Type: NTFS
Drive D: | 88,00 Gb Total Space | 37,77 Gb Free Space | 42,92% Space Free | Partition Type: NTFS
Computer Name: JUDITH-LAPTOP | User Name: judith | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.08.09 18:54:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\judith\Desktop\OTL.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
========== Win32 Services (SafeList) ==========
SRV - [2012.07.28 12:04:31 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011.06.29 00:16:59 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.05.04 14:05:16 | 000,192,512 | ---- | M] (Mediafour Corporation) [Auto | Stopped] -- C:\Programme\Mediafour\MacDrive 8\MacDrive8Service.exe -- (MacDrive8Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.04.30 11:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2008.06.19 19:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.03.10 14:40:42 | 000,368,640 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Media Share Software\IMSSync.exe -- (IMSSync)
SRV - [2007.02.13 10:54:20 | 000,073,728 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus)
SRV - [2006.10.26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.05 05:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2006.04.14 03:07:20 | 028,933,976 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ)
SRV - [2006.04.14 03:05:58 | 000,240,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006.04.14 03:04:54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2005.10.13 20:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS -- (MTOnlPktAlyX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2011.06.29 00:17:02 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 00:17:02 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.18 09:07:04 | 000,232,040 | ---- | M] (Mediafour Corporation) [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\MDFSYSNT.SYS -- (MDFSYSNT)
DRV - [2010.04.28 15:36:56 | 000,028,512 | ---- | M] (Mediafour Corporation) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\MDPMGRNT.SYS -- (MDPMGRNT)
DRV - [2010.01.13 12:15:52 | 000,057,800 | ---- | M] (EldoS Corporation) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\CBDisk.sys -- (CBDisk)
DRV - [2009.11.19 15:06:46 | 000,098,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039bus.sys -- (s1039bus)
DRV - [2009.11.19 15:06:46 | 000,025,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039nd5.sys -- (s1039nd5)
DRV - [2009.11.19 15:06:45 | 000,124,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdm.sys -- (s1039mdm)
DRV - [2009.11.19 15:06:45 | 000,123,504 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039unic.sys -- (s1039unic)
DRV - [2009.11.19 15:06:45 | 000,117,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mgmt.sys -- (s1039mgmt)
DRV - [2009.11.19 15:06:45 | 000,113,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039obex.sys -- (s1039obex)
DRV - [2009.11.19 15:06:44 | 000,014,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1039mdfl.sys -- (s1039mdfl)
DRV - [2009.04.11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.08.01 15:27:35 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2008.06.19 19:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.03.29 18:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.09.08 04:09:28 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2007.07.12 22:38:08 | 000,029,216 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2)
DRV - [2007.05.22 15:35:00 | 007,117,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.04.26 21:09:38 | 002,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.04.19 08:02:38 | 000,428,800 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2007.01.23 12:18:32 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007.01.23 10:03:28 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007.01.23 09:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.08 09:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.11.02 09:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{5F4764C9-A953-44D8-BA81-4C334ADB8090}: "URL" = hxxp://rover.ebay.com/rover/1/711-53200-19255-0/1?satitle={searchTerms}&ext={searchTerms}&customid=&toolid=10001&campid=5336017972&type=3
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6CD9BBE3-DD01-49C6-BE7D-9AC27CA79035}: "URL" = hxxp://www.amazon.com/gp/search?keywords={searchTerms}&index=blended&tag=dffx-20&camp=1789&creative=9325&linkCode=ur2&ie=UTF-8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#inbox"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.4.1
FF - prefs.js..extensions.enabledItems: ciuvo-extension@icq.de:1.3.668
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.1&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\judith\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\judith\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 12:04:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.15 21:22:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\judith\AppData\Roaming\14001.012 [2012.08.09 13:09:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.28 12:04:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.15 21:22:15 | 000,000,000 | ---D | M]
[2008.08.28 12:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judith\AppData\Roaming\mozilla\Extensions
[2012.07.27 15:21:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\judith\AppData\Roaming\mozilla\Firefox\Profiles\jv4u9k0i.default\extensions
[2012.07.27 15:21:54 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\judith\AppData\Roaming\mozilla\Firefox\Profiles\jv4u9k0i.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.05.01 10:57:02 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\judith\AppData\Roaming\mozilla\Firefox\Profiles\jv4u9k0i.default\extensions\moveplayer@movenetworks.com
[2012.07.23 22:36:10 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-1.xml
[2012.02.09 09:25:44 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-10.xml
[2012.02.15 21:22:33 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-11.xml
[2012.03.03 10:35:44 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-12.xml
[2012.01.03 11:19:19 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-13.xml
[2011.11.07 20:23:29 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-14.xml
[2010.07.28 19:44:32 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-2.xml
[2010.09.08 13:58:58 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-3.xml
[2010.09.10 20:26:05 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-4.xml
[2010.10.22 17:47:52 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-5.xml
[2010.10.29 15:09:47 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-6.xml
[2010.12.11 05:47:05 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-7.xml
[2011.03.03 12:19:18 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-8.xml
[2011.03.05 18:54:29 | 000,000,950 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Mozilla\Firefox\Profiles\jv4u9k0i.default\searchplugins\icqplugin.xml
[2012.02.15 21:22:21 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.09 13:09:15 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\JUDITH\APPDATA\ROAMING\14001.012
[2012.06.26 15:44:36 | 000,013,610 | ---- | M] () (No name found) -- C:\USERS\JUDITH\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JV4U9K0I.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012.07.28 12:04:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.09 00:27:06 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.05 16:03:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.05 16:03:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.05 16:03:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.05 16:03:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.05 16:03:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.05 16:03:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://start.icq.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\judith\AppData\Local\Google\Chrome\Application\18.0.1025.162\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\2.0.40115.0\npctrl.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\judith\AppData\Local\Google\Chrome\Application\18.0.1025.162\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\judith\AppData\Local\Google\Chrome\Application\18.0.1025.162\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\judith\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\1111071922\ICQToolBar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Getting started with MacDrive 8] C:\Program Files\Mediafour\MacDrive 8\MDGetStarted.exe (Mediafour Corporation)
O4 - HKLM..\Run: [MacDrive 8 application] C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe (Mediafour Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Play AVStation TV Scheduler] C:\Programme\Samsung\Play AVStation\TvScheduler.exe (SAMSUNG ELECTRONICS CO., LTD.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [ViivMonitor] C:\Programme\Intel\Intel Media Share Software\Viivmonitor.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{0F8B7CF5-D11E-2F73-A9D6-AB64BD6D5E2C}] C:\Users\judith\AppData\Roaming\Zevoy\kazoce.exe File not found
O4 - HKCU..\Run: [AnyDVD] C:\Programme\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - HKCU..\Run: [Spotify] "C:\Users\judith\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart File not found
O4 - HKCU..\Run: [Userinit] C:\Users\judith\AppData\Roaming\appConf32.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\judith\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.36.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{69BD2918-3029-45D8-A76C-C7DF7133C9C7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E5CA02BA-7782-400A-8365-252747C2D0BF}: DhcpNameServer = 192.168.36.254
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\judith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\judith\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16324f3b-cc3a-11dd-8ec4-00027876abef}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe SOPHIA.vbs
O33 - MountPoints2\{cff1a469-fb99-11df-ad33-c20ddd37da63}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{d12eee3f-d41c-11de-9e5f-cbb449f398e5}\Shell\AutoRun\command - "" = F:\start.bat
O33 - MountPoints2\{e2932a19-a121-11df-96f7-fc4af23e93bb}\Shell - "" = AutoRun
O33 - MountPoints2\{e2932a19-a121-11df-96f7-fc4af23e93bb}\Shell\AutoRun\command - "" = G:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Unable to start System Restore Service. Error code 1084
========== Files/Folders - Created Within 30 Days ==========
[2012.08.09 18:54:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\judith\Desktop\OTL.exe
[2012.08.09 13:09:14 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.012
[2012.08.08 16:05:09 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\UAs
[2012.08.08 13:38:23 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.011
[2012.08.07 13:49:03 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.010
[2012.08.07 00:29:53 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.009
[2012.07.31 19:17:14 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.008
[2012.07.30 20:45:52 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.007
[2012.07.28 23:31:10 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\14001.006
[2012.07.28 05:04:42 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\13001.030
[2012.07.27 15:28:16 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\xmldm
[2012.07.27 15:28:14 | 000,000,000 | ---D | C] -- C:\Users\judith\AppData\Roaming\kock
[2012.07.22 22:17:56 | 000,000,000 | ---D | C] -- C:\Users\judith\Desktop\dach
[2012.07.15 19:26:52 | 000,000,000 | ---D | C] -- C:\Users\judith\Desktop\blu
[2010.08.08 16:10:11 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe3CDF.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\judith\AppData\Roaming\*.tmp files -> C:\Users\judith\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.08.10 11:02:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.10 11:01:18 | 000,005,332 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.10 11:00:44 | 004,503,728 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.08.10 10:59:16 | 000,000,017 | ---- | M] () -- C:\Users\judith\AppData\Roaming\blckdom.res
[2012.08.10 10:58:50 | 000,144,646 | ---- | M] () -- C:\Users\judith\AppData\Roaming\nvModes.001
[2012.08.10 10:58:37 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.08.10 10:57:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.10 10:57:07 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.09 18:54:49 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\judith\Desktop\OTL.exe
[2012.08.09 18:24:45 | 000,001,356 | ---- | M] () -- C:\Users\judith\AppData\Local\d3d9caps.dat
[2012.08.09 17:57:21 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-717154487-1992195405-1131984250-1003UA.job
[2012.08.09 16:06:15 | 000,001,716 | ---- | M] () -- C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.09 13:10:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-717154487-1992195405-1131984250-1003Core.job
[2012.08.09 13:09:05 | 000,200,336 | ---- | M] () -- C:\Users\judith\AppData\Roaming\AcroIEHelpe186.dll
[2012.08.09 13:09:05 | 000,006,400 | ---- | M] () -- C:\Users\judith\AppData\Roaming\BAcroIEHelpe186.dll
[2012.08.08 14:50:58 | 000,235,373 | ---- | M] () -- C:\Users\judith\Desktop\grune.jpg
[2012.08.08 14:46:56 | 000,588,240 | ---- | M] () -- C:\Users\judith\Desktop\DSC01969.JPG
[2012.08.08 14:45:42 | 000,481,379 | ---- | M] () -- C:\Users\judith\Desktop\DSC01968.JPG
[2012.08.07 20:35:18 | 000,244,713 | ---- | M] () -- C:\Users\judith\Desktop\DSC01971.JPG
[2012.08.07 20:35:10 | 000,318,764 | ---- | M] () -- C:\Users\judith\Desktop\DSC01970.JPG
[2012.08.07 19:00:32 | 000,709,157 | ---- | M] () -- C:\Users\judith\Desktop\DSC01967.JPG
[2012.08.07 14:02:04 | 001,711,637 | ---- | M] () -- C:\Users\judith\Desktop\berg.jpg
[2012.08.07 11:03:22 | 211,594,047 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.08.05 08:25:44 | 000,011,191 | ---- | M] () -- C:\Users\judith\Desktop\RES_K6P3A130810_0.pdf
[2012.08.02 14:21:24 | 000,519,721 | ---- | M] () -- C:\Users\judith\Desktop\dith_freunde.jpg
[2012.07.31 22:16:14 | 000,388,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.28 23:32:59 | 000,750,544 | ---- | M] () -- C:\Users\judith\Desktop\spree.jpg
[2012.07.24 23:37:16 | 000,020,814 | ---- | M] () -- C:\Users\judith\Desktop\brief prüfungsamt.odt
[2012.07.24 21:18:59 | 000,144,646 | ---- | M] () -- C:\Users\judith\AppData\Roaming\nvModes.dat
[2012.07.24 00:41:48 | 001,709,754 | ---- | M] () -- C:\Users\judith\Desktop\image.gif
[2012.07.23 21:55:40 | 000,252,794 | ---- | M] () -- C:\Users\judith\Desktop\dDSC01918.jpg
[2012.07.23 21:54:54 | 000,306,248 | ---- | M] () -- C:\Users\judith\Desktop\dDSC01915.jpg
[2012.07.23 21:53:49 | 000,304,001 | ---- | M] () -- C:\Users\judith\Desktop\dDSC01916.jpg
[2012.07.23 21:49:20 | 000,243,735 | ---- | M] () -- C:\Users\judith\Desktop\DSC01917.jpg
[2012.07.23 21:47:27 | 000,373,378 | ---- | M] () -- C:\Users\judith\Desktop\DSC01927.jpg
[2012.07.13 19:47:37 | 000,007,680 | ---- | M] () -- C:\test_pre2.grf
[2012.07.11 23:28:16 | 000,103,738 | ---- | M] () -- C:\Users\judith\Documents\Klages_zu_Fraser.pdf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\judith\AppData\Roaming\*.tmp files -> C:\Users\judith\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.08.09 16:06:14 | 004,503,728 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.08.09 16:06:14 | 000,001,716 | ---- | C] () -- C:\Users\judith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012.08.09 13:09:05 | 000,200,336 | ---- | C] () -- C:\Users\judith\AppData\Roaming\AcroIEHelpe186.dll
[2012.08.09 13:09:05 | 000,006,400 | ---- | C] () -- C:\Users\judith\AppData\Roaming\BAcroIEHelpe186.dll
[2012.08.08 14:50:58 | 000,235,373 | ---- | C] () -- C:\Users\judith\Desktop\grune.jpg
[2012.08.08 14:46:08 | 000,588,240 | ---- | C] () -- C:\Users\judith\Desktop\DSC01969.JPG
[2012.08.08 14:45:42 | 000,481,379 | ---- | C] () -- C:\Users\judith\Desktop\DSC01968.JPG
[2012.08.07 20:35:18 | 000,244,713 | ---- | C] () -- C:\Users\judith\Desktop\DSC01971.JPG
[2012.08.07 20:35:10 | 000,318,764 | ---- | C] () -- C:\Users\judith\Desktop\DSC01970.JPG
[2012.08.07 19:00:32 | 000,709,157 | ---- | C] () -- C:\Users\judith\Desktop\DSC01967.JPG
[2012.08.07 14:02:00 | 001,711,637 | ---- | C] () -- C:\Users\judith\Desktop\berg.jpg
[2012.08.07 13:56:34 | 000,608,219 | ---- | C] () -- C:\Users\judith\Desktop\kar.jpg
[2012.08.05 08:25:44 | 000,011,191 | ---- | C] () -- C:\Users\judith\Desktop\RES_K6P3A130810_0.pdf
[2012.08.02 14:21:20 | 000,519,721 | ---- | C] () -- C:\Users\judith\Desktop\dith_freunde.jpg
[2012.07.28 23:32:59 | 000,750,544 | ---- | C] () -- C:\Users\judith\Desktop\spree.jpg
[2012.07.28 05:04:21 | 000,000,017 | ---- | C] () -- C:\Users\judith\AppData\Roaming\blckdom.res
[2012.07.24 10:53:08 | 000,020,814 | ---- | C] () -- C:\Users\judith\Desktop\brief prüfungsamt.odt
[2012.07.24 00:41:29 | 001,709,754 | ---- | C] () -- C:\Users\judith\Desktop\image.gif
[2012.07.23 21:55:40 | 000,252,794 | ---- | C] () -- C:\Users\judith\Desktop\dDSC01918.jpg
[2012.07.23 21:54:53 | 000,306,248 | ---- | C] () -- C:\Users\judith\Desktop\dDSC01915.jpg
[2012.07.23 21:53:49 | 000,304,001 | ---- | C] () -- C:\Users\judith\Desktop\dDSC01916.jpg
[2012.07.23 21:49:20 | 000,243,735 | ---- | C] () -- C:\Users\judith\Desktop\DSC01917.jpg
[2012.07.23 21:47:26 | 000,373,378 | ---- | C] () -- C:\Users\judith\Desktop\DSC01927.jpg
[2012.07.11 23:28:16 | 000,103,738 | ---- | C] () -- C:\Users\judith\Documents\Klages_zu_Fraser.pdf
[2012.06.03 18:52:21 | 000,018,944 | ---- | C] () -- C:\Users\judith\AppData\Local\{32688a30-3a69-8fae-d0a5-73fcdd98adae}\U\800000cb.@
[2012.05.22 22:38:48 | 000,012,288 | ---- | C] () -- C:\Users\judith\AppData\Local\{32688a30-3a69-8fae-d0a5-73fcdd98adae}\U\80000000.@
[2012.05.14 10:41:44 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.12 14:50:16 | 000,002,048 | -HS- | C] () -- C:\Users\judith\AppData\Local\{32688a30-3a69-8fae-d0a5-73fcdd98adae}\@
[2011.02.23 00:24:14 | 000,000,298 | ---- | C] () -- C:\Windows\System32\dmlg.dat
[2010.03.31 19:39:42 | 000,001,356 | ---- | C] () -- C:\Users\judith\AppData\Local\d3d9caps.dat
[2009.05.12 22:41:20 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.12.09 17:23:13 | 000,052,688 | RHS- | C] () -- C:\Users\judith\AppData\Roaming\appconf32.exe
[2008.05.26 12:54:18 | 000,000,218 | ---- | C] () -- C:\Users\judith\.recently-used.xbel
[2008.04.15 15:15:37 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2008.03.31 23:31:03 | 000,044,544 | ---- | C] () -- C:\Users\judith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.03.24 20:52:55 | 000,214,719 | ---- | C] () -- C:\Users\judith\GmailReader.gadget
[2008.03.22 00:51:27 | 000,000,000 | ---- | C] () -- C:\Program Files\gaimfoo.bar
[2008.03.10 12:25:30 | 000,144,646 | ---- | C] () -- C:\Users\judith\AppData\Roaming\nvModes.001
[2008.03.10 12:20:01 | 000,144,646 | ---- | C] () -- C:\Users\judith\AppData\Roaming\nvModes.dat
[2008.03.10 00:47:39 | 000,000,000 | ---- | C] () -- C:\Program Files\pidginfoo.bar
========== LOP Check ==========
[2008.07.01 21:30:49 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\.purple
[2012.07.28 05:04:42 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\13001.030
[2012.07.28 23:31:10 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.006
[2012.07.30 20:45:52 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.007
[2012.07.31 19:17:14 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.008
[2012.08.07 00:29:53 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.009
[2012.08.07 13:49:03 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.010
[2012.08.08 13:38:23 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.011
[2012.08.09 13:09:15 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\14001.012
[2012.03.23 13:26:08 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Amazon
[2012.08.10 10:59:23 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Dropbox
[2008.06.30 22:29:48 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\gtk-2.0
[2012.08.08 14:36:08 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\ICQ
[2008.09.07 20:50:12 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\InfraRecorder
[2011.12.09 00:22:48 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Juniper Networks
[2012.07.27 15:28:14 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\kock
[2009.03.25 13:09:02 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\OpenOffice.org
[2010.08.08 16:07:17 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Sony
[2010.08.08 16:07:18 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Sony Setup
[2010.09.10 19:30:18 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\T-Online
[2012.08.08 16:05:09 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\UAs
[2012.04.12 20:28:00 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Utigk
[2012.08.08 16:05:19 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\xmldm
[2012.05.14 10:40:08 | 000,000,000 | ---D | M] -- C:\Users\judith\AppData\Roaming\Zevoy
[2012.08.10 11:01:19 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2009.01.15 15:54:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.03.26 00:02:50 | 000,000,000 | -H-D | M] -- C:\BJPrinter
[2011.02.02 13:08:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.05.14 10:42:20 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.03.09 20:27:03 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2007.09.08 03:55:28 | 000,000,000 | ---D | M] -- C:\Intel
[2008.06.07 00:03:57 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.06.26 14:25:38 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.08.09 16:06:14 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2008.03.09 20:27:03 | 000,000,000 | -HSD | M] -- C:\Programme
[2007.09.08 04:12:42 | 000,000,000 | ---D | M] -- C:\Samsung
[2012.06.18 21:44:09 | 000,000,000 | ---D | M] -- C:\SlySoft
[2012.08.09 15:38:18 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2008.03.09 20:30:31 | 000,000,000 | R--D | M] -- C:\Users
[2012.08.07 11:03:22 | 000,000,000 | ---D | M] -- C:\Windows
< %PROGRAMFILES%\*.exe >
< %LOCALAPPDATA%\*.exe >
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2007.09.08 04:35:42 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys
[2007.09.08 04:36:13 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2007.09.08 04:36:13 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2007.09.08 04:36:12 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2007.09.08 04:35:42 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys
[2007.09.08 04:35:42 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
< MD5 for: ATAPI.SYS >
[2007.09.08 04:45:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b0f802d7\atapi.sys
[2007.09.08 04:45:37 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=1DEEDE62051F7245FB0010E995E4A6FC -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20541_none_dbb1430d3da06c42\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.09.08 04:36:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2007.09.08 04:45:04 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.09.08 04:45:04 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2007.09.08 04:36:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2007.09.08 04:36:43 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008.03.10 02:38:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.03.10 02:38:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.03.10 02:38:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008.03.10 02:38:29 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008.03.10 02:44:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008.03.10 02:44:31 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 09:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: IASTORV.SYS >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
< MD5 for: SCECLI.DLL >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
< MD5 for: USER32.DLL >
[2007.09.08 04:23:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2007.09.08 04:23:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
< MD5 for: USERINIT.EXE >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
< %systemroot%\system32\*.dll /lockedfiles >
< %USERPROFILE%\*.* >
[2008.05.26 12:54:18 | 000,000,218 | ---- | M] () -- C:\Users\judith\.recently-used.xbel
[2011.12.09 16:32:31 | 000,003,355 | ---- | M] () -- C:\Users\judith\certutil.log
[2008.03.24 20:52:56 | 000,214,719 | ---- | M] () -- C:\Users\judith\GmailReader.gadget
[2012.08.10 11:16:26 | 003,145,728 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT
[2012.08.10 11:16:26 | 000,262,144 | -H-- | M] () -- C:\Users\judith\ntuser.dat.LOG1
[2012.08.09 19:29:14 | 000,262,144 | -H-- | M] () -- C:\Users\judith\ntuser.dat.LOG2
[2012.08.09 19:29:14 | 001,048,576 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.0.regtrans-ms
[2012.08.09 19:29:14 | 001,048,576 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.1.regtrans-ms
[2012.08.09 19:29:14 | 001,048,576 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.2.regtrans-ms
[2012.08.09 19:29:14 | 000,065,536 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT{3a539870-6a70-11db-887c-d362bd253390}.TxR.blf
[2012.08.10 11:01:16 | 000,065,536 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.05.01 03:47:48 | 000,524,288 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2012.08.10 11:01:16 | 000,524,288 | -HS- | M] () -- C:\Users\judith\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2008.03.09 20:30:32 | 000,000,020 | -HS- | M] () -- C:\Users\judith\ntuser.ini
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\Windows:12B08B7171003227
< End of report > --- --- ---
extras:
[ System Events ]
Error - 01.10.2009 03:44:24 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 01.10.2009 15:30:14 | Computer Name = judith-laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.20 für die Netzwerkkarte mit der Netzwerkadresse
001CBF467CF4 wurde durch den DHCP-Server 192.168.2.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 01.10.2009 15:30:33 | Computer Name = judith-laptop | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.39 für die Netzwerkkarte mit der Netzwerkadresse
001CBF467CF4 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 04.10.2009 05:11:46 | Computer Name = judith-laptop | Source = HTTP | ID = 15016
Description =
Error - 04.10.2009 05:13:21 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 04.10.2009 11:46:17 | Computer Name = judith-laptop | Source = HTTP | ID = 15016
Description =
Error - 04.10.2009 11:47:53 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 05.10.2009 12:03:46 | Computer Name = judith-laptop | Source = HTTP | ID = 15016
Description =
Error - 05.10.2009 12:05:26 | Computer Name = judith-laptop | Source = Service Control Manager | ID = 7000
Description =
Error - 06.10.2009 04:00:01 | Computer Name = judith-laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 06.10.2009 um 06:57:07 unerwartet heruntergefahren.
< End of report >
vielleicht kann mir damit ja leichter geholfen werden (: |