| ArthurDent | 05.05.2013 22:56 |
So, nach lachhaft langer Zeit die Logs, erstmal MBAM: Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.05.05.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jonas :: JBPC [Administrator]
05.05.2013 21:20:10
mbam-log-2013-05-05 (21-20-10).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|K:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 442656
Laufzeit: 2 Stunde(n), 7 Minute(n), 51 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateien: 4
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\cowi7.dat (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Jonas\Vorlagen\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Erfolgreich gelöscht und in Quarantäne gestellt.
c:\system volume information\_restore{10dba53d-6b6a-4df5-aa44-06d3f5b08601}\rp826\a0153747.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\WINDOWS\1175437.exe (Rootkit.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
...und dann OTL.txt: Code:
OTL logfile created on: 05.05.2013 23:41:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Jonas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 77,64% Memory free
6,84 Gb Paging File | 6,36 Gb Available in Paging File | 92,91% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096J:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 291,02 Gb Total Space | 216,76 Gb Free Space | 74,48% Space Free | Partition Type: NTFS
Drive K: | 7,47 Gb Total Space | 0,06 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Computer Name: JBPC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Jonas\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
PRC - C:\Programme\Alwil Software\Avast5\Setup\avast.setup (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Targa VFD Display\Targa VFD Display.exe (Ing.-Büro Dr. Ruge)
PRC - C:\Programme\Multimedia keyboard utility\LED.exe ()
PRC - C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\Programme\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte)
PRC - C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Alwil Software\Avast5\defs\13050400\algo.dll ()
MOD - C:\Programme\Alwil Software\Avast5\Setup\setiface.dll ()
MOD - C:\Programme\Tablet\Pen\libxml2.dll ()
MOD - C:\Programme\Logitech\SetPoint\khalwrapper.dll ()
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvshell.dll ()
MOD - C:\Programme\Multimedia keyboard utility\LED.exe ()
========== Services (SafeList) ==========
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (avast! Antivirus) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.)
SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.)
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (CLSched) -- C:\Programme\Cyberlink\PowerCinema\Kernel\TV\CLSched.exe ()
SRV - (CLCapSvc) -- C:\Programme\Cyberlink\PowerCinema\Kernel\TV\CLCapSvc.exe ()
SRV - (CyberLink Media Library Service) -- C:\Programme\Cyberlink\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe (Cyberlink)
SRV - (LightScribeService) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (WMConnectCDS) -- C:\Programme\Windows Media Connect 2\wmccds.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (SmcService) -- C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (wanatw) -- system32\DRIVERS\wanatw4.sys File not found
DRV - (TSMPacket) -- system32\DRIVERS\tsmpkt.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (cportclm) -- C:\DOKUME~1\Jonas\LOKALE~1\Temp\cportclm.sys File not found
DRV - (Changer) -- File not found
DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\WINDOWS\System32\drivers\aswVmm.sys ()
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswRvrt) -- C:\WINDOWS\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\WINDOWS\system32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation)
DRV - (usbsermpt) -- C:\WINDOWS\system32\drivers\usbsermpt.sys (Microsoft Corporation)
DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.)
DRV - (StMp3Rec) -- C:\WINDOWS\system32\drivers\StMp3Rec.sys (Microsoft Corporation)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (3xHybrid) -- C:\WINDOWS\system32\drivers\3xHybrid.sys (Philips Semiconductors GmbH)
DRV - (nvata) -- C:\WINDOWS\system32\drivers\nvata.sys (NVIDIA Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (JGOGO) -- C:\WINDOWS\system32\drivers\JGOGO.sys (JMicron )
DRV - (ZD1211BU(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)
DRV - (ZD1211U(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (smserial) -- C:\WINDOWS\system32\drivers\smserial.sys (Motorola Inc.)
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\system32\drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\system32\drivers\wg3n.sys (Sygate Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.targa.de
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\..\SearchScopes,DefaultScope = {6326CD7A-8276-458D-B99F-905FE5C162A2}
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\..\SearchScopes\{6326CD7A-8276-458D-B99F-905FE5C162A2}: "URL" = hxxp://www.google.de/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz=
IE - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Programme\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Programme\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Programme\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
O1 HOSTS File: ([2008.04.16 11:30:35 | 000,231,935 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.1001-search.info
O1 - Hosts: 127.0.0.1 1001-search.info
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 8127 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Programme\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avast] C:\Programme\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [FLMK08KB] C:\Programme\Multimedia keyboard utility\LED.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SmcService] C:\Programme\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Oracle Corporation)
O4 - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OnlineControl.lnk = C:\Programme\OnlineControl\ocontrol.exe (T-Com Bereich Endgeräte)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Targa VFD Display.lnk = C:\WINDOWS\Installer\{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}\_FE660C3F9D6C9BD4C0D57A.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\Software\Policies\Microsoft\Internet Explorer\InfoDelivery present
O7 - HKU\S-1-5-21-2121393497-4288219565-2237968330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231168910812 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341162699328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} hxxp://www.yoyogames.com/downloads/activex/YoYo.cab (YYGInstantPlay Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2D79E9D-25D2-458E-A50F-48BA3A1C4FAB}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Jonas\Eigene Dateien\Peacock.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Jonas\Eigene Dateien\Peacock.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.10.29 17:59:52 | 000,000,135 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.05 21:16:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas\Anwendungsdaten\Malwarebytes
[2013.05.05 21:15:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.05.05 21:15:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.05 21:15:43 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.05.05 21:15:43 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.05.05 20:10:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jonas\Desktop\OTL.exe
[2013.04.22 22:17:46 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2013.04.22 22:17:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2013.04.22 22:17:45 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2013.04.21 21:04:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas\Anwendungsdaten\Orbit
[2013.04.20 16:05:34 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2013.04.15 15:08:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas\Eigene Dateien\Terranigma 2
[2013.04.15 15:08:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas\Desktop\Terranigma 2
[2013.04.08 16:55:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Jonas\Desktop\500MS
[2007.04.30 20:19:31 | 000,024,192 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Jonas\usbsermptxp.sys
[2007.04.30 20:19:31 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Jonas\usbsermpt.sys
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Jonas\*.tmp files -> C:\Dokumente und Einstellungen\Jonas\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.05 23:35:30 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.05.05 23:35:26 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013.05.05 23:35:19 | 000,002,317 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Targa VFD Display.lnk
[2013.05.05 23:35:19 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.05 23:35:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.05.05 23:35:10 | 3219,640,320 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.05 23:18:01 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.05 22:56:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.05 22:14:38 | 000,038,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Anwendungsdaten\wklnhst.dat
[2013.05.05 20:09:57 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\defogger_reenable
[2013.05.05 19:42:41 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Defogger.exe
[2013.05.05 18:48:47 | 000,377,856 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\gmer_2.1.19163.exe
[2013.05.05 18:48:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Jonas\Desktop\OTL.exe
[2013.05.05 18:09:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.05.05 15:45:11 | 000,001,838 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2013.05.05 14:58:13 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013.05.05 14:41:41 | 095,023,320 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iwoc.pad
[2013.05.05 12:59:55 | 000,005,161 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\Global.sw2
[2013.05.05 00:01:55 | 000,004,893 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Eigene Dateien\vba.ini
[2013.05.03 00:06:34 | 000,082,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.02 18:10:27 | 163,856,211 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Lol.flv
[2013.05.02 17:41:14 | 000,048,600 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\ASS.png
[2013.05.01 00:25:00 | 000,023,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2013.04.30 23:02:55 | 001,016,898 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\DICK.it
[2013.04.22 22:16:47 | 000,492,788 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.04.22 22:16:47 | 000,468,984 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.04.22 22:16:47 | 000,100,290 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.04.22 22:16:47 | 000,083,670 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.04.22 15:05:09 | 244,693,329 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Meem.flv
[2013.04.22 13:47:24 | 000,001,094 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Contest.fsc
[2013.04.21 21:59:40 | 195,423,630 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Suus.flv
[2013.04.20 16:17:24 | 000,162,545 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2013.04.20 16:08:07 | 000,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.04.20 16:06:13 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.04.20 16:06:13 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.04.20 16:06:10 | 001,072,544 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.04.20 16:06:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013.04.20 16:04:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.04.19 20:31:32 | 000,115,395 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\iconset2-mittelalter41vonenterbrain-floa.png
[2013.04.19 20:09:18 | 000,000,332 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\peng.png
[2013.04.18 13:26:07 | 000,045,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Morg.it
[2013.04.14 23:59:53 | 004,059,995 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Sunset.mp3
[2013.04.14 13:17:12 | 000,027,944 | ---- | M] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\SUPREMACY.mid
[2013.04.12 15:50:35 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.04.12 15:50:35 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\Jonas\*.tmp files -> C:\Dokumente und Einstellungen\Jonas\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.05 20:22:56 | 000,377,856 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\gmer_2.1.19163.exe
[2013.05.05 20:09:57 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\defogger_reenable
[2013.05.05 20:09:25 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Defogger.exe
[2013.05.05 14:56:23 | 3219,640,320 | -HS- | C] () -- C:\hiberfil.sys
[2013.05.05 14:33:09 | 095,023,320 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\7iwoc.pad
[2013.05.02 17:52:52 | 163,856,211 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Lol.flv
[2013.05.02 17:41:14 | 000,048,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\ASS.png
[2013.05.01 00:25:00 | 000,023,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
[2013.04.30 22:34:45 | 001,016,898 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\DICK.it
[2013.04.22 15:05:09 | 244,693,329 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Meem.flv
[2013.04.22 13:47:24 | 000,001,094 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Contest.fsc
[2013.04.20 16:06:10 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.04.20 16:06:10 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.04.20 16:06:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.04.20 16:06:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2013.04.19 20:47:47 | 000,115,395 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\iconset2-mittelalter41vonenterbrain-floa.png
[2013.04.19 20:25:57 | 000,000,332 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\peng.png
[2013.04.18 00:47:07 | 000,045,056 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\Morg.it
[2013.04.14 13:17:12 | 000,027,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Desktop\SUPREMACY.mid
[2013.03.01 14:42:30 | 000,164,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswVmm.sys
[2013.03.01 14:42:30 | 000,049,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\aswRvrt.sys
[2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.06.24 16:26:53 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012.05.28 20:17:05 | 000,000,515 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Anwendungsdaten\Poladroid prefs.plist
[2012.04.21 15:33:52 | 000,000,040 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\language.dat
[2012.02.26 23:24:11 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2012.02.24 18:24:06 | 000,007,680 | ---- | C] () -- C:\WINDOWS\19431343.exe
[2012.02.24 18:24:06 | 000,000,004 | ---- | C] () -- C:\WINDOWS\19431343.dat
[2012.02.16 18:42:30 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.31 09:19:33 | 000,000,004 | ---- | C] () -- C:\WINDOWS\1175437.dat
[2011.09.11 13:56:51 | 000,093,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\GMModelEx.dll
[2011.09.11 13:56:51 | 000,014,894 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Logo.bmp
[2011.09.09 20:25:16 | 000,000,030 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2010.06.24 16:07:35 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Anwendungsdaten\setup_ldm.iss
[2008.08.26 18:17:14 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\more
[2008.06.20 22:29:28 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\(null)id
[2008.06.07 20:03:06 | 000,001,080 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\NORInfo.ini
[2008.06.07 20:03:06 | 000,000,084 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\USBInfo.ini
[2008.03.04 18:52:31 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\.jupload.properties
[2007.08.05 19:24:13 | 000,000,152 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\default.pls
[2007.04.30 20:19:31 | 000,007,195 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\USBMOT2000.INF
[2007.04.30 20:19:31 | 000,005,891 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\USBMOT2000XP.INF
[2007.04.30 20:19:31 | 000,005,877 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\USB_CMCS_2000.INF
[2007.01.25 21:33:48 | 000,038,372 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Anwendungsdaten\wklnhst.dat
[2007.01.22 19:18:40 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Anwendungsdaten\WavCodec.wff
[2007.01.20 21:25:48 | 000,082,944 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.01.20 21:03:06 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Jonas\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
========== ZeroAccess Check ==========
[2006.09.01 12:42:58 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.07.18 18:03:13 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 115 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:1CA73D29
< End of report >
...schließlich Extras.txt: Code:
OTL Extras logfile created on: 05.05.2013 23:41:30 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Jonas\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 77,64% Memory free
6,84 Gb Paging File | 6,36 Gb Available in Paging File | 92,91% Paging File free
Paging file location(s): C:\pagefile.sys 4096 4096J:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 291,02 Gb Total Space | 216,76 Gb Free Space | 74,48% Space Free | Partition Type: NTFS
Drive K: | 7,47 Gb Total Space | 0,06 Gb Free Space | 0,78% Space Free | Partition Type: NTFS
Computer Name: JBPC | User Name: Jonas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Connect
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Connect
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Connect
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Connect
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Connect
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Connect
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"8216:TCP" = 8216:TCP:*:Enabled:pieprt
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\CA\Etrust Antivirus\InoRpc.exe" = C:\Programme\CA\Etrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server
"C:\Programme\CA\Etrust Antivirus\InocIT.exe" = C:\Programme\CA\Etrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner
"C:\Programme\CA\Etrust Antivirus\Realmon.exe" = C:\Programme\CA\Etrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Programme\Cyberlink\PowerCinema\PowerCinema.exe" = C:\Programme\Cyberlink\PowerCinema\PowerCinema.exe:*:Enabled:CyberLink PowerCinema -- (CyberLink Corp.)
"C:\Programme\Cyberlink\PowerCinema\PCMService.exe" = C:\Programme\Cyberlink\PowerCinema\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{06100048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta 2006 Enzyklopädie Standard
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A3A4F4-B792-11D6-A78A-00B0D0142170}" = Java 2 SDK, SE v1.4.2_17
"{36A9D3F8-3FCF-4FBA-A8AD-3C1CE56C8AF4}" = Philips SA43XX Device Manager
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Foto 2006 Standard Edition Editor
"{5EF8822C-6CA1-4B4A-89C4-19CDB64B3BF0}" = Wireless LAN USB Dongle
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635EDAAB-BF20-414D-A87A-3D43BFA3EDB9}" = Targa VFD Display
"{67903736-E9BB-4664-B148-F62BCAB4FA42}_is1" = OpenMPT 1.22
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Foto 2006 Standard Edition Bibliothek
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe 1.4.97.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7148F0A8-6813-11D6-A77B-00B0D0142170}" = Java 2 Runtime Environment, SE v1.4.2_17
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90F1DDBF-0C56-44B0-A920-72CC90C51565}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A70900000002}" = Adobe Reader 7.0.9 - Deutsch
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF5914B-5730-4373-B038-9F436AC6A0D6}" = Rayman3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCA02FAD-2C86-4C8C-A815-51C09F4E51FF}" = Dual-Core Optimizer
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C9EAEE6B-741F-421D-B9CE-9FA300DA92AD}_is1" = Super Mario Bros. X version 1.2.2
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCEB53A5-A252-4CF3-8602-429AB06BF0AE}" = Terragen
"{CE28E6F5-4A03-4DED-B954-D0779B47FFBF}" = Works Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.0
"{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E7DD95EB-5D8B-4691-B268-67FC4E121031}" = Nero 7 Essentials
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! für Windows XP
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F860F390-78F4-4B45-8C1A-0489618E315B}" = Sygate Personal Firewall
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Age of Mythology 1.0" = Age of Mythology
"AnalogX SayIt" = AnalogX SayIt
"Apophysis 2.0" = Apophysis 2.0
"Applian FLV Player2.0.24" = Applian FLV Player
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 2.0.3
"avast" = avast! Free Antivirus
"Blender" = Blender
"Bryce" = Bryce 5.5c
"CCleaner" = CCleaner
"Celestia_is1" = Celestia 1.6.0
"Collab" = Collab
"ConGo" = ConGo 5.0 Beta 0.98
"DAZ|Studio" = DAZ|Studio 1.5.1.0
"Defraggler" = Defraggler
"DivX Setup" = DivX-Setup
"Drumaxx" = Drumaxx
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FL Studio 8" = FL Studio 8
"FL Studio 9" = FL Studio 9
"Game Maker 6.1" = Game Maker 6.1
"Game Maker 7.0" = Game Maker 7.0
"Game Maker 8.0" = Game Maker 8.0
"GameStudio A4" = GameStudio A4
"GDGAniTuner11" = AniTuner 1.1
"GIMP-2_is1" = GIMP 2.8.4
"Hardcore" = Hardcore
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"ie8" = Windows Internet Explorer 8
"IL Download Manager" = IL Download Manager
"IL Gross Beat" = IL Gross Beat
"InstallShield_{5EF8822C-6CA1-4B4A-89C4-19CDB64B3BF0}" = Wireless LAN USB Dongle
"InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}" = Far Cry
"IrfanView" = IrfanView (remove only)
"iZotope Vinyl_is1" = iZotope Vinyl
"jazz-bin-v30o-win32.exe" = The Jazz Midi Sequencer
"KeolabSpicyGuitar_is1" = Spicy Guitar 1.2.0.1
"LetsTrade" = LetsTrade Komponenten
"lgx4.lgx.server" = G DATA Logox 4 Speechengine
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midi2Wav Recorder DEMO" = Midi2Wav Recorder DEMO 4.0
"Mixxx (1.10.1)" = Mixxx 1.10.1
"Multimedia keyboard utility" = Multimedia keyboard utility
"NVIDIA Drivers" = NVIDIA Drivers
"Official Hamster Republic RPG Construction Engine_is1" = OHRRPGCE (ubersetzung) 20070921
"OnlineControl_is1" = OnlineControl 1.2
"Pen Tablet Driver" = Bamboo
"PictureItPrem_v11" = Microsoft Foto 2006 Standard Edition
"PoiZone" = PoiZone
"Rayman_is1" = Rayman
"Recuva" = Recuva
"Sakura" = Sakura
"Sauerbraten" = Sauerbraten
"Sawer" = Sawer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Toxic Biohazard" = Toxic Biohazard
"TweakPower" = TweakPower
"Victoria 4.2 Base DAZ Studio Content ps_pe069_Victoria4DS" = Victoria 4.2 Base DAZ Studio Content
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Internet Explorer and Netscape" = WebTablet FB Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WavePad" = WavePad Uninstall
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Wiggles" = Wiggles
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMCSetup" = Windows Media Connect
"Works2006Setup" = Setup-Start von Microsoft Works Suite 2006
"Worms2" = Worms2
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2121393497-4288219565-2237968330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MyPaint" = MyPaint 1.0.0
========== Last 20 Event Log Errors ==========
[ Antivirus Events ]
Error - 12.01.2009 13:11:36 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 14.01.2009 18:10:26 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 14.01.2009 18:11:01 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 23.01.2009 12:57:13 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 23.01.2009 12:57:43 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 11.02.2009 12:39:51 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 11.02.2009 12:40:13 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 27.06.2009 13:52:46 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 05.11.2009 15:55:59 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
Error - 12.04.2010 16:10:18 | Computer Name = JBPC | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 05.05.2013 08:33:20 | Computer Name = JBPC | Source = nview_info | ID = 11141121
Description =
Error - 05.05.2013 08:33:20 | Computer Name = JBPC | Source = nview_info | ID = 11141121
Description =
Error - 05.05.2013 08:33:49 | Computer Name = JBPC | Source = nview_info | ID = 11141121
Description =
Error - 05.05.2013 08:33:49 | Computer Name = JBPC | Source = nview_info | ID = 11141121
Description =
Error - 05.05.2013 08:56:42 | Computer Name = JBPC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.05.2013 12:11:46 | Computer Name = JBPC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.05.2013 14:07:21 | Computer Name = JBPC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 05.05.2013 14:45:15 | Computer Name = JBPC | Source = nview_info | ID = 11141121
Description =
Error - 05.05.2013 14:45:15 | Computer Name = JBPC | Source = nview_info | ID = 11141121
Description =
Error - 05.05.2013 17:35:24 | Computer Name = JBPC | Source = PerfNet | ID = 2004
Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
[ System Events ]
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
Error - 05.05.2013 14:07:13 | Computer Name = JBPC | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\D.
< End of report >
Ich bemerke keine Fehler im momentanen Betrieb außer dem Ausblenden der bekannten Dateiendungen ohne mein Zutun...
Gruß & Gute Nacht
Arthur |
Malwarebytes Anti-Malware 
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
aswMBR.exe und speichere die Datei auf deinem Desktop.
SecurityCheck und:
