Extras.txt Code:
OTL Extras logfile created on: 22.11.2010 12:40:07 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = D:\installs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 8,43 Gb Free Space | 15,07% Space Free | Partition Type: NTFS
Drive D: | 55,90 Gb Total Space | 55,39 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: NB-JOE | User Name: joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-2107571736-1698524476-619555654-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\Temp\aonInstaller.exe" = C:\Windows\Temp\aonInstaller.exe:*:Enabled:aonInstaller -- File not found
"C:\Programme\aon\aonController\aonController.exe" = C:\Programme\aon\aonController\aonController.exe:*:Enabled:aonController -- (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE" = C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE:*:Enabled:Connection Manager -- (Microsoft Corporation)
"C:\Windows\system32\lxebcoms.exe" = C:\Windows\system32\lxebcoms.exe:*:Enabled:Pro200-S500 Series Server -- ( )
"C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Programme\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{137FAA2D-7C3F-4BA9-9367-F2E01EDA5BA0}" = Caplio Software
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DAB6BE8-4B4F-4C08-AC96-4008057E3424}" = Samsung Media Studio
"{1ED31028-6D65-4CFD-AD03-8E484A052FE7}" = aonUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2107E977-C49C-400F-A0A5-117C304595DF}" = Adobe Setup
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C40E16A-EC09-4471-A3D0-7CFE01E4F243}" = ATI Catalyst Control Center
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B07D847-8077-4242-91C7-DFA3CE5113E0}" = ImageMixer
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FDB5962-943B-4D0A-8F07-FE720597F9F4}" = Karte Alpen City
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4B9919E4-6E86-485A-82CC-4E353B221031}" = Nero 7 Essentials
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B1E5A3-1B29-4582-A226-172A1FC7BA6C}" = Windows Live Family Safety
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5F65ECEE-EB1D-4C85-8D8C-9C7CE2DBB1D6}" = Marco Polo Mobile Navigator
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B7FB3C4-E71B-478D-9E15-5AE97EAD67B8}" = aonFTP
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{904B64C4-49D8-4941-A2B6-D13D06C5CD8B}" = aonController
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{911A0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Outlook 2002
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA6C642F-9640-4A80-8136-E9DAA8532688}" = ROUTE 66 Navigate 2004
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Digimax Master
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{CA01BD63-FFE5-4C4D-9433-AFEAB38F3C7B}" = Adobe Photoshop CS3
"{CB0888EE-96D8-4713-84DC-36462C33AEB4}" = Bazooka Scanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAFC9FF9-56BE-414D-B637-537E7D06E7B9}" = Serif PhotoPlus 11
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe_2ab305d4b0dea4a54f4852f3f5ed507" = Adobe Photoshop CS3
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"aonController" = aonController
"aonFTP" = aonFTP
"aonUpdate" = aonUpdate
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BIMPLite" = BIMP Lite 1.62
"Foto Steiger Digitaler Bilderservice" = Foto Steiger Digitaler Bilderservice
"Google Updater" = Google Updater
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark Pro200-S500 Series" = Lexmark Pro200-S500 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"PROSet" = Intel(R) PRO Network Connections Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Windows CE Services" = Microsoft ActiveSync 3.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 08.11.2010 09:59:04 | Computer Name = NB-JOE | Source = Adobe Version Cue CS3 | ID = 3
Description =
Error - 09.11.2010 11:24:25 | Computer Name = NB-JOE | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 21.11.2010 19:15:55 | Computer Name = NB-JOE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 21.11.2010 19:16:12 | Computer Name = NB-JOE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 21.11.2010 19:16:34 | Computer Name = NB-JOE | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Aavmker4 aswSP aswTdi Fips intelppm
Error - 21.11.2010 19:18:27 | Computer Name = NB-JOE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "MDM"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
Error - 21.11.2010 19:18:46 | Computer Name = NB-JOE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 22.11.2010 02:24:45 | Computer Name = NB-JOE | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 22.11.2010 02:25:16 | Computer Name = NB-JOE | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst WebrootSpySweeperService.
Error - 22.11.2010 04:47:33 | Computer Name = NB-JOE | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.
Error - 22.11.2010 04:47:33 | Computer Name = NB-JOE | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.
Error - 22.11.2010 04:56:26 | Computer Name = NB-JOE | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst WebrootSpySweeperService.
< End of report > OTL.txt Code:
OTL logfile created on: 22.11.2010 12:40:07 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = D:\installs
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 36,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 8,43 Gb Free Space | 15,07% Space Free | Partition Type: NTFS
Drive D: | 55,90 Gb Total Space | 55,39 Gb Free Space | 99,09% Space Free | Partition Type: NTFS
Computer Name: NB-JOE | User Name: joe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - D:\installs\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Lexmark Pro200-S500 Series\ezprint.exe ()
PRC - C:\Programme\Lexmark Pro200-S500 Series\lxebmon.exe ()
PRC - C:\Windows\system32\lxebcoms.exe ( )
PRC - C:\Windows\system32\spool\drivers\w32x86\3\lxebserv.exe (Lexmark International, Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Adobe Photoshop CS3\Photoshop.exe (Adobe Systems, Incorporated)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Modules (SafeList) ==========
MOD - D:\installs\OTL.exe (OldTimer Tools)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (FLEXnet Licensing Service) -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (avast! Web Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Mail Scanner) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (SeaPort) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (lxeb_device) -- C:\WINDOWS\System32\lxebcoms.exe ( )
SRV - (lxebCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxebserv.exe ()
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (SSIDRV) -- File not found
DRV - (SSHRMD) -- File not found
DRV - (SSFMONM) -- File not found
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)
DRV - (fssfltr) -- C:\Windows\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (HDAudBus) -- C:\Windows\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (w39n51) Intel(R) -- C:\Windows\system32\drivers\w39n51.sys (Intel® Corporation)
DRV - (e1express) Intel(R) -- C:\Windows\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\Windows\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (TcUsb) -- C:\Windows\system32\drivers\tcusb.sys (UPEK Inc.)
DRV - (O2SDRDR) -- C:\WINDOWS\system32\DRIVERS\o2sd.sys (O2Micro )
DRV - (IAMTXP) Treiber für Intel(R) -- C:\Windows\system32\drivers\IAMTXP.sys (Intel Corporation)
DRV - (O2MDRDR) -- C:\WINDOWS\system32\DRIVERS\o2media.sys (O2Micro )
DRV - (smserial) -- C:\Windows\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (O2SCBUS) -- C:\Windows\system32\drivers\ozscr.sys (O2Micro)
DRV - (fpcmbase) -- C:\Windows\system32\drivers\fpcmbase.sys (AVM GmbH)
DRV - (AVMWAN) -- C:\Windows\system32\drivers\avmwan.sys (AVM GmbH)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50
FF - prefs.js..network.proxy.ftp: ":"
FF - prefs.js..network.proxy.gopher: ":"
FF - prefs.js..network.proxy.http: ":"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":"
FF - prefs.js..network.proxy.ssl: ":"
FF - prefs.js..network.proxy.type: 0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.11.16 17:50:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.11.16 17:57:39 | 000,000,000 | ---D | M]
[2010.06.21 15:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Mozilla\Extensions
[2010.11.21 21:42:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Mozilla\Firefox\Profiles\rmsqsu4s.default\extensions
[2010.07.18 16:49:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Mozilla\Firefox\Profiles\rmsqsu4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.10 17:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Mozilla\Firefox\Profiles\rmsqsu4s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.11.21 21:42:01 | 000,001,595 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Mozilla\Firefox\Profiles\rmsqsu4s.default\searchplugins\ixquick---deutsch.xml
[2010.07.16 23:28:51 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.10.10 09:21:31 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.10 09:21:31 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.10 09:21:32 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.10 09:21:32 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.10 09:21:32 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.11.21 23:48:39 | 000,425,933 | R--- | M]) - C:\Windows\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14672 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programme\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast5] C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [EzPrint] C:\Programme\Lexmark Pro200-S500 Series\ezprint.exe ()
O4 - HKLM..\Run: [Lexmark Pro200-S500 Series Fax Server] C:\Programme\Lexmark Pro200-S500 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxebmon.exe] C:\Programme\Lexmark Pro200-S500 Series\lxebmon.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [YeppStudioAgent] C:\Programme\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe ()
O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
O4 - HKCU..\Run: [Picasa Media Detector] C:\Dokumente und Einstellungen\joe\Desktop\picasa\Picasa2\PicasaMediaDetector.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Gamma Loader.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 5.0.lnk = C:\Programme\Gemeinsame Dateien\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INETREPL.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162468014625 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_15)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab (Facebook Photo Uploader 4)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\AATP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{228cb785-4a56-11dc-92a4-001060318b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{228cb785-4a56-11dc-92a4-001060318b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{228cb785-4a56-11dc-92a4-001060318b6b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3ab68936-f521-11dd-9634-001060318b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{3ab68936-f521-11dd-9634-001060318b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3ab68936-f521-11dd-9634-001060318b6b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a96e9812-2a62-11dc-9277-001060318b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{a96e9812-2a62-11dc-9277-001060318b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a96e9812-2a62-11dc-9277-001060318b6b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{fabe5e66-d25d-11dc-93d8-001060318b6b}\Shell - "" = AutoRun
O33 - MountPoints2\{fabe5e66-d25d-11dc-93d8-001060318b6b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{fabe5e66-d25d-11dc-93d8-001060318b6b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dvduapir - (C:\WINDOWS\system32\audil386.dll) - C:\WINDOWS\System32\audil386.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: Jing - hkey= - key= - C:\Programme\TechSmith\Jing\Jing.exe File not found
MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
Drivers32: MSACM.CEGSM - C:\WINDOWS\System32\MOBILEV.ACM ()
Drivers32: msacm.iac2 - C:\Windows\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)
========== Files/Folders - Created Within 30 Days ==========
[2010.12.04 15:35:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Desktop\allianz krank.vers
[2010.12.04 13:34:06 | 000,000,000 | ---D | C] -- C:\Programme\Intel
[2010.12.04 12:16:50 | 000,000,000 | ---D | C] -- C:\ATI
[2010.12.04 12:06:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Hewlett-Packard
[2010.12.04 12:06:04 | 000,064,024 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppccompio.dll
[2010.12.04 12:06:04 | 000,018,944 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hppmopjl.dll
[2010.12.04 12:06:02 | 000,233,472 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmtp094.dll
[2010.12.04 12:06:00 | 000,249,856 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpm081.dll
[2010.12.04 12:06:00 | 000,208,896 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmpw081.dll
[2010.12.04 12:05:59 | 000,299,008 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmml094.dll
[2010.12.04 12:05:59 | 000,225,280 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpmja094.dll
[2010.12.04 12:05:54 | 000,161,280 | ---- | C] (Hewlett-Packard Corporation) -- C:\WINDOWS\System32\hpcpn094.dll
[2010.12.04 12:05:53 | 000,059,928 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\fxcompchannel.dll
[2010.12.04 12:05:51 | 000,049,252 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPMNQUE.DLL
[2010.12.04 12:05:51 | 000,049,250 | ---- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\HPMNNDPS.DLL
[2010.12.04 09:54:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\für nachbest
[2010.11.22 10:06:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.11.22 10:06:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.11.22 09:57:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Webroot
[2010.11.21 22:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\WinRAR
[2010.11.21 22:45:10 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.11.19 23:27:59 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.11.19 23:27:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.11.18 21:09:13 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
[2010.11.18 21:07:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\PackageAware
[2010.11.18 21:05:39 | 000,000,000 | ---D | C] -- C:\Programme\Bazooka Scanner
[2010.11.18 12:30:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\Kopie von johnsbach
[2010.11.18 12:10:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2010.11.18 11:54:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\SicherungEreignisprotokolle
[2010.11.18 11:35:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010.11.17 14:42:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2010.11.17 14:42:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\Panasonic
[2010.11.16 17:49:24 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.11.16 17:49:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010.11.16 17:48:58 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010.11.16 17:48:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\Apple
[2010.11.16 17:48:41 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010.11.16 17:48:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010.11.16 17:48:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010.11.16 17:16:07 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK2.dll
[2010.11.16 17:16:07 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EpPicPrt.dll
[2010.11.16 17:16:07 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICEntry.dll
[2010.11.16 17:16:07 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\PICSDK.dll
[2010.11.16 17:16:06 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\System32\EPPicMgr.dll
[2010.11.16 17:16:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\InstallShield
[2010.11.16 17:13:34 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Panasonic
[2010.11.16 17:13:19 | 000,000,000 | ---D | C] -- C:\Programme\Panasonic
[2010.11.16 17:13:09 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.11.11 16:10:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\Neuer Ordner
[2010.11.07 20:14:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\XnView
[2010.11.07 20:11:23 | 000,000,000 | ---D | C] -- C:\Programme\XnView
[2010.11.07 20:08:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\JPEGsnoop
[2010.11.07 20:08:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\TechSmith
[2010.11.05 10:24:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\marokko 10.3.-25.3.10
[2010.11.05 09:45:35 | 000,000,000 | R-SD | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\My Stationery
[2010.10.31 17:30:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\AdobeStockPhotos
[2010.10.25 15:36:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\geboren
[2010.10.25 13:13:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\sonnenblume
[2010.10.25 13:08:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\herbst, pitten, hochwechsel
[2010.04.05 19:19:14 | 000,425,984 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcoin.dll
[2010.04.05 19:08:48 | 000,446,464 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEBhcp.dll
[2010.04.05 19:08:48 | 000,368,640 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebinpa.dll
[2010.04.05 19:08:47 | 000,348,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebiesc.dll
[2010.04.05 19:08:46 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebusb1.dll
[2010.04.05 19:08:45 | 001,056,768 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebserv.dll
[2010.04.05 19:08:44 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebpmui.dll
[2010.04.05 19:08:43 | 000,581,632 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeblmpm.dll
[2010.04.05 19:08:40 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebhbn3.dll
[2010.04.05 19:08:36 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomc.dll
[2010.04.05 19:08:36 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxebcomm.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.12.05 22:37:58 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A4DC9D26-FE61-4D72-9748-2F70FAC1392B}.job
[2010.12.04 13:30:29 | 000,000,302 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010.12.04 12:07:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\HPMProp.INI
[2010.11.22 12:31:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.22 11:37:10 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.11.22 09:48:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.22 09:47:48 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.22 09:47:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.22 09:47:05 | 1073,074,176 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.21 23:48:39 | 000,425,933 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.11.21 22:14:07 | 000,089,088 | ---- | M] () -- C:\mbr.exe
[2010.11.21 21:39:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.20 06:46:10 | 000,425,933 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101121-234839.backup
[2010.11.20 01:05:04 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010.11.19 23:51:51 | 000,425,933 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101120-064610.backup
[2010.11.18 21:04:43 | 000,466,852 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.11.18 21:04:43 | 000,449,090 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.18 21:04:43 | 000,088,216 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.11.18 21:04:43 | 000,074,916 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.18 12:46:52 | 000,001,397 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Desktop\Taskmanager.lnk
[2010.11.18 11:49:50 | 000,000,212 | RHS- | M] () -- C:\boot.ini
[2010.11.17 13:23:30 | 001,564,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.11.16 19:08:25 | 000,022,016 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\Island.doc
[2010.11.16 18:00:17 | 000,000,798 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Desktop\TZ10_TZ9_TZ8 Bedienungsanleitung.lnk
[2010.11.16 17:57:32 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.11.16 17:48:47 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.16 17:15:53 | 000,002,089 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 5.0.lnk
[2010.11.16 17:13:51 | 000,001,782 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PHOTOfunSTUDIO 5.0.lnk
[2010.11.14 12:40:54 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.11.08 14:29:53 | 000,020,992 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\telbuch.doc
[2010.11.07 20:11:37 | 000,001,436 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Desktop\XnView.lnk
[2010.11.07 19:58:25 | 000,000,162 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\default.pls
[2010.11.03 15:43:17 | 000,028,672 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\Telefonnummern.doc
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\*.tmp files -> C:\Dokumente und Einstellungen\All Users\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.12.04 12:07:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2010.11.22 09:47:05 | 1073,074,176 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.21 22:14:07 | 000,089,088 | ---- | C] () -- C:\mbr.exe
[2010.11.18 12:46:44 | 000,001,397 | ---- | C] () -- C:\Dokumente und Einstellungen\joe\Desktop\Taskmanager.lnk
[2010.11.16 18:00:17 | 000,000,798 | ---- | C] () -- C:\Dokumente und Einstellungen\joe\Desktop\TZ10_TZ9_TZ8 Bedienungsanleitung.lnk
[2010.11.16 17:49:52 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010.11.16 17:48:47 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.16 17:16:07 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2010.11.16 17:16:07 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2010.11.16 17:16:07 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2010.11.16 17:16:07 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2010.11.16 17:16:07 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2010.11.16 17:16:07 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2010.11.16 17:16:07 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2010.11.16 17:16:07 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2010.11.16 17:16:07 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2010.11.16 17:16:07 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2010.11.16 17:16:07 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2010.11.16 17:16:07 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2010.11.16 17:16:07 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2010.11.16 17:16:07 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2010.11.16 17:16:07 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2010.11.16 17:16:06 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2010.11.16 17:16:06 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2010.11.16 17:16:06 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2010.11.16 17:16:06 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2010.11.16 17:16:06 | 000,013,732 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2010.11.16 17:16:06 | 000,006,442 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_IT.cfg
[2010.11.16 17:16:06 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2010.11.16 17:16:06 | 000,006,347 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2010.11.16 17:16:06 | 000,006,335 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_GE.cfg
[2010.11.16 17:16:06 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2010.11.16 17:16:06 | 000,006,195 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2010.11.16 17:16:06 | 000,006,122 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_DU.cfg
[2010.11.16 17:16:06 | 000,006,103 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2010.11.16 17:16:06 | 000,005,817 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_KO.cfg
[2010.11.16 17:16:06 | 000,005,436 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_SC.cfg
[2010.11.16 17:16:06 | 000,002,889 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_RU.cfg
[2010.11.16 17:16:06 | 000,002,426 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_TC.cfg
[2010.11.16 17:15:53 | 000,002,089 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\PHOTOfunSTUDIO 5.0.lnk
[2010.11.16 17:13:51 | 000,001,782 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\PHOTOfunSTUDIO 5.0.lnk
[2010.11.07 22:18:08 | 000,379,760 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.11.07 20:11:37 | 000,001,436 | ---- | C] () -- C:\Dokumente und Einstellungen\joe\Desktop\XnView.lnk
[2010.10.25 15:33:27 | 000,022,016 | ---- | C] () -- C:\Dokumente und Einstellungen\joe\Eigene Dateien\Island.doc
[2010.07.17 00:04:15 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2010.04.05 19:19:27 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxebvs.dll
[2010.04.05 19:18:35 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxebgcfg.dll
[2010.04.05 19:18:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxebcuir.dll
[2010.04.05 19:18:30 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxebcui.dll
[2010.04.05 19:16:07 | 004,485,120 | ---- | C] () -- C:\WINDOWS\System32\LXEBoem.dll
[2010.04.05 19:16:07 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\LXEBPMON.DLL
[2010.04.05 19:16:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXEBFXPU.DLL
[2010.04.05 19:09:21 | 000,000,044 | -H-- | C] () -- C:\WINDOWS\System32\lxebrwrd.ini
[2010.04.05 19:08:49 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEBinst.dll
[2010.04.05 19:08:43 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxebjswr.dll
[2010.04.05 19:08:42 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxebinsb.dll
[2010.04.05 19:08:42 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lxebinsr.dll
[2010.04.05 19:08:41 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxebins.dll
[2010.04.05 19:08:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxebgrd.dll
[2010.04.05 19:08:39 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxebcub.dll
[2010.04.05 19:08:38 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxebcu.dll
[2010.04.05 19:08:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxebcur.dll
[2010.04.05 19:07:27 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\LXEBsmr.dll
[2010.04.05 19:07:26 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEBsm.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2007.09.17 19:20:55 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.07.09 15:43:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\distlib.ini
[2007.06.30 15:54:06 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylistSamsung.dll
[2007.06.12 18:36:26 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2007.06.12 18:24:02 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.06.12 18:24:02 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.06.08 22:14:53 | 000,033,280 | ---- | C] () -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.04 13:01:06 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2007.06.04 13:01:06 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2007.06.04 12:58:09 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SUPPORT.INI
[2007.06.04 11:50:05 | 000,000,302 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2007.05.28 11:29:17 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.05.25 07:16:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\joe\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.05.11 08:38:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56spn.dll
[2007.05.11 08:38:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56itl.dll
[2007.05.11 08:38:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56ger.dll
[2007.05.11 08:38:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56fra.dll
[2007.05.11 08:38:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56eng.dll
[2007.05.11 08:38:04 | 000,065,536 | ---- | C] () -- C:\WINDOWS\sm56brz.dll
[2007.05.11 08:38:04 | 000,049,152 | ---- | C] () -- C:\WINDOWS\sm56jpn.dll
[2007.05.11 08:38:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56cht.dll
[2007.05.11 08:38:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\sm56chs.dll
[2007.05.11 08:37:57 | 000,000,998 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2007.05.11 08:37:01 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.05.11 08:37:01 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2007.05.11 07:54:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
========== LOP Check ==========
[2010.10.07 16:32:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alwil Software
[2010.06.14 08:56:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\F-Secure
[2009.10.21 11:52:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg
[2009.08.20 14:55:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010.09.06 08:14:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexmark Pro200-S500 Series
[2008.02.08 14:01:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\m2backup
[2008.02.08 14:02:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2010.11.17 14:42:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Panasonic
[2010.04.05 19:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pro200-S500 Series
[2010.11.18 12:17:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SecTaskMan
[2008.02.08 14:01:36 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{D6B1976C-D59B-4881-8378-7F29FE0A2822}
[2008.02.08 13:59:52 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E16513F0-65F3-4AB4-86DD-35C7C409A265}
[2008.02.08 13:59:58 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E8A874E7-129E-4647-B8C1-46227F252D4F}
[2010.11.22 09:57:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
[2009.10.21 12:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\F-Secure
[2010.11.07 20:08:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\JPEGsnoop
[2008.02.08 14:01:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\mquadr.at
[2010.06.05 10:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Pro200-S500 Series
[2010.11.18 12:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\QuickScan
[2009.10.21 09:11:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Serif
[2010.11.12 14:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\XnView
[2010.12.05 22:37:58 | 000,000,414 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A4DC9D26-FE61-4D72-9748-2F70FAC1392B}.job
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.02 14:52:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.11.22 12:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Adobe
[2007.08.28 19:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Ahead
[2007.05.25 07:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\ATI
[2009.08.20 14:55:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\CyberLink
[2009.10.21 12:06:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\F-Secure
[2007.06.04 13:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Google
[2008.01.09 18:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Help
[2007.05.11 08:35:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Identities
[2010.11.16 17:16:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\InstallShield
[2010.11.07 20:08:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\JPEGsnoop
[2007.05.25 15:57:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Macromedia
[2010.07.16 11:46:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Malwarebytes
[2009.02.23 21:42:44 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Microsoft
[2010.06.21 15:34:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Mozilla
[2008.02.08 14:01:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\mquadr.at
[2010.06.05 10:06:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Pro200-S500 Series
[2010.11.18 12:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\QuickScan
[2009.10.21 09:11:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Serif
[2008.04.08 20:49:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Sun
[2010.09.07 16:12:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\U3
[2010.11.21 22:45:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\WinRAR
[2010.11.12 14:23:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\XnView
< %APPDATA%\*.exe /s >
[2008.05.09 16:40:45 | 001,526,544 | ---- | M] (Adobe Systems Incorporated) -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\U3\temp\cleanup.exe
[2008.05.02 09:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\joe\Anwendungsdaten\U3\temp\Launchpad Removal.exe
< %SYSTEMDRIVE%\*.exe >
[2006.08.26 14:01:26 | 013,736,064 | ---- | M] (Macrovision Corporation) -- C:\GoogleEarthWin.exe
[2010.11.21 22:14:07 | 000,089,088 | ---- | M] () -- C:\mbr.exe
< MD5 for: AGP440.SYS >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows\i386\sp2.cab:AGP440.sys
[2008.10.20 11:50:59 | 023,898,261 | ---- | M] () .cab file -- C:\Windows\i386\sp3.cab:AGP440.sys
[2008.10.20 11:50:59 | 023,898,261 | ---- | M] () .cab file -- C:\Windows\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2006.02.28 13:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows\i386\sp2.cab:atapi.sys
[2008.10.20 11:50:59 | 023,898,261 | ---- | M] () .cab file -- C:\Windows\i386\sp3.cab:atapi.sys
[2008.10.20 11:50:59 | 023,898,261 | ---- | M] () .cab file -- C:\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows\system32\drivers\atapi.sys
[2006.02.28 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows\ServicePackFiles\i386\eventlog.dll
[2008.04.14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows\system32\eventlog.dll
[2006.02.28 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Windows\$NtServicePackUninstall$\eventlog.dll
[2009.12.02 17:12:14 | 000,044,032 | ---- | M] (Panasonic Corporation) MD5=C69C760478573085FA11243AE15E8A28 -- C:\Programme\Panasonic\PHOTOfunSTUDIO 5.0\Core\EventLog\EventLog.dll
< MD5 for: EXPLORER.EXE >
[2006.02.28 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Windows\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\Windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows\explorer.exe
[2008.04.14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows\ServicePackFiles\i386\explorer.exe
[2007.06.13 14:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\Windows\$NtServicePackUninstall$\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows\ServicePackFiles\i386\netlogon.dll
[2008.04.14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows\system32\netlogon.dll
[2006.02.28 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Windows\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows\system32\scecli.dll
[2006.02.28 13:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Windows\$NtServicePackUninstall$\scecli.dll
< MD5 for: USER32.DLL >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\Windows\$NtUninstallKB925902$\user32.dll
[2007.03.08 16:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\Windows\$NtServicePackUninstall$\user32.dll
[2005.03.02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\Windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[2006.02.28 13:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Windows\$NtUninstallKB890859$\user32.dll
[2007.03.08 16:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\Windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows\ServicePackFiles\i386\user32.dll
[2008.04.14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows\system32\userinit.exe
[2006.02.28 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Windows\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2006.02.28 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Windows\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2006.02.28 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2006.11.02 13:25:50 | 000,094,208 | ---- | M] () -- C:\Windows\system32\config\default.sav
[2006.11.02 13:25:50 | 000,663,552 | ---- | M] () -- C:\Windows\system32\config\software.sav
[2006.11.02 13:25:49 | 000,430,080 | ---- | M] () -- C:\Windows\system32\config\system.sav
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report > |