| Satisfaction | 16.05.2013 20:08 |
Ist mein PC noch verseucht oder bin ich clean?
Hallo Team, ich hab unseren alten XP-Rechner rausgekramt und hab den angeschmissen. Jetzt will ich den PC auf Vordermann bringen. :) OTL: Code:
OTL logfile created on: 16.05.2013 16:53:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,25 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 58,21% Memory free
1,48 Gb Paging File | 1,16 Gb Available in Paging File | 78,09% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 26,77 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
Drive D: | 46,87 Gb Total Space | 30,33 Gb Free Space | 64,71% Space Free | Partition Type: NTFS
Drive E: | 9,02 Gb Total Space | 9,00 Gb Free Space | 99,79% Space Free | Partition Type: FAT32
Computer Name: DIDI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\Sebastian\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
========== Services (SafeList) ==========
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (AIDA32Driver) -- C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\Rar$EXa0.577\aida32.sys File not found
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de/
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\URLSearchHook: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes\{03_TL-GOOGLE-DE-E1416B8B2E3A}: "URL" = hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q={searchTerms}&affid=1&uid=B6C3E46B-3098-412A-8DC0-A3ADC66AB0AA
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.05.15 18:39:52 | 000,000,000 | ---D | M]
[2013.05.15 18:31:16 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Extensions
[2013.05.16 00:18:59 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\6j61qf8x.default\extensions
[2013.05.16 00:18:58 | 000,870,680 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla\Firefox\Profiles\6j61qf8x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.15 18:33:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.05.15 18:31:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.05.15 18:31:05 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2013.05.15 17:21:17 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (no name) - {2D1DDD38-CE4D-459b-A01C-F11BC92D5B69} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\ShellBrowser: (no name) - {4596013B-6C31-408B-A266-DEAE5C086DC2} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\ShellBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\..\Toolbar\WebBrowser: (no name) - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Programme\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKU\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - hxxp://favorites.live.com/quickadd.aspx File not found
O8 - Extra context menu item: Save YouTube Video - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm File not found
O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Programme\Gemeinsame Dateien\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.1_06\bin\npjpi141_06.dll File not found
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O16 - DPF: {32564D57-9980-0010-8000-00AA00389B71} hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab (Reg Error: Key error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1368655644421 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.1/jinstall-1_4_1_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4140E8F9-F1AA-4478-9293-C4FCA17769AF}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.16 16:52:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe
[2013.05.16 16:33:45 | 000,000,000 | ---D | C] -- C:\windows\LastGood
[2013.05.16 16:30:06 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Sebastian\IETldCache
[2013.05.16 12:56:01 | 000,000,000 | ---D | C] -- C:\windows\ie8updates
[2013.05.16 12:55:01 | 000,000,000 | ---D | C] -- C:\windows\WBEM
[2013.05.16 12:52:09 | 000,000,000 | -H-D | C] -- C:\windows\ie8
[2013.05.16 12:41:08 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsdbgui.dll
[2013.05.16 12:39:20 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2013.05.16 12:39:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2013.05.16 12:39:17 | 002,005,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2013.05.16 12:39:17 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[2013.05.16 12:39:15 | 011,112,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll
[2013.05.16 12:35:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Skype
[2013.05.16 12:34:43 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013.05.16 12:34:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2013.05.16 12:34:41 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2013.05.16 12:22:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2013.05.16 12:22:51 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2013.05.16 12:22:37 | 000,866,720 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2013.05.16 12:22:37 | 000,788,896 | ---- | C] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013.05.16 12:22:37 | 000,263,584 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.05.16 12:22:37 | 000,144,896 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl
[2013.05.16 12:22:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.05.16 12:22:23 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013.05.16 12:22:23 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.05.16 12:21:37 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2013.05.16 12:17:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Sun
[2013.05.16 12:14:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
[2013.05.16 12:14:02 | 000,000,000 | ---D | C] -- C:\Programme\TeamViewer
[2013.05.16 12:12:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\vlc
[2013.05.16 12:11:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2013.05.16 12:09:12 | 000,000,000 | ---D | C] -- C:\Programme\VideoLAN
[2013.05.16 00:15:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.16 00:15:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Desktop\mbar
[2013.05.16 00:10:03 | 000,018,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mucltui.dll.mui
[2013.05.16 00:07:50 | 000,023,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wucltui.dll.mui
[2013.05.16 00:07:49 | 000,015,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wuapi.dll.mui
[2013.05.15 19:35:47 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\nvudisp.exe
[2013.05.15 19:35:25 | 000,208,896 | ---- | C] (NVIDIA Corporation) -- C:\windows\System32\NVUNINST.EXE
[2013.05.15 19:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Startmenü\Programme\WinRAR
[2013.05.15 19:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\WinRAR
[2013.05.15 19:23:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR
[2013.05.15 19:23:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2013.05.15 19:06:32 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\TFC.exe
[2013.05.15 18:34:52 | 000,000,000 | ---D | C] -- C:\windows\tmp
[2013.05.15 18:31:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\Mozilla
[2013.05.15 18:31:02 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.05.15 17:49:10 | 000,000,000 | ---D | C] -- C:\windows\Prefetch
[2013.05.15 17:42:25 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6r.dll
[2013.05.15 17:42:24 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msxml6.dll
[2013.05.15 17:42:22 | 000,000,000 | ---D | C] -- C:\Programme\Messenger
[2013.05.15 17:42:21 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpdxm.dll
[2013.05.15 17:42:21 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpns.dll
[2013.05.15 17:42:21 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpasf.dll
[2013.05.15 17:42:21 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpband.dll
[2013.05.15 17:42:20 | 004,874,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmp.dll
[2013.05.15 17:42:20 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpvis.dll
[2013.05.15 17:42:20 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msaud32.acm
[2013.05.15 17:42:20 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmerror.dll
[2013.05.15 17:42:20 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\windows\System32\dllcache\sl_anet.acm
[2013.05.15 17:42:19 | 000,786,432 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\migrate.exe
[2013.05.15 17:42:19 | 000,384,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mp4sdmod.dll
[2013.05.15 17:42:19 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mp43dmod.dll
[2013.05.15 17:42:19 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\windows\System32\dllcache\l3codeca.acm
[2013.05.15 17:42:16 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dpcdll.dll
[2013.05.15 17:42:13 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\aaclient.dll
[2013.05.15 17:42:12 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3ui.dll
[2013.05.15 17:42:12 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\azroles.dll
[2013.05.15 17:42:12 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3cfg.dll
[2013.05.15 17:42:12 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3msm.dll
[2013.05.15 17:42:12 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dhcpqec.dll
[2013.05.15 17:42:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dot3gpclnt.dll
[2013.05.15 17:42:12 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dimsroam.dll
[2013.05.15 17:42:12 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\bitsprx4.dll
[2013.05.15 17:42:11 | 000,184,832 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapp3hst.dll
[2013.05.15 17:42:11 | 000,182,272 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapphost.dll
[2013.05.15 17:42:11 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eappgnui.dll
[2013.05.15 17:42:11 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\eapqec.dll
[2013.05.15 17:42:10 | 000,397,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcex.dll
[2013.05.15 17:42:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\microsoft.managementconsole.dll
[2013.05.15 17:42:10 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcfxcommon.dll
[2013.05.15 17:42:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\l2gpstore.dll
[2013.05.15 17:42:10 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mmcperf.exe
[2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdpash.dll
[2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdnepr.dll
[2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdiultn.dll
[2013.05.15 17:42:10 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\kbdbhc.dll
[2013.05.15 17:42:09 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napmontr.dll
[2013.05.15 17:42:09 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napstat.exe
[2013.05.15 17:42:09 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mssha.dll
[2013.05.15 17:42:09 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msshavmsg.dll
[2013.05.15 17:42:09 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\napipsec.dll
[2013.05.15 17:42:08 | 000,412,160 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\photometadatahandler.dll
[2013.05.15 17:42:08 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rhttpaa.dll
[2013.05.15 17:42:08 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qagent.dll
[2013.05.15 17:42:08 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qcliprov.dll
[2013.05.15 17:42:08 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\setupn.exe
[2013.05.15 17:42:07 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tsgqec.dll
[2013.05.15 17:42:06 | 000,346,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\windowscodecsext.dll
[2013.05.15 17:42:06 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wmphoto.dll
[2013.05.15 17:42:06 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\wlanapi.dll
[2013.05.15 17:42:05 | 000,000,000 | ---D | C] -- C:\windows\System32\de-de
[2013.05.15 17:42:03 | 000,000,000 | ---D | C] -- C:\Programme\msn
[2013.05.15 17:42:02 | 000,000,000 | ---D | C] -- C:\windows\l2schemas
[2013.05.15 17:42:02 | 000,000,000 | ---D | C] -- C:\windows\System32\de
[2013.05.15 17:39:19 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\custsat.dll
[2013.05.15 17:39:01 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\dlimport.exe
[2013.05.15 17:39:01 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\asferror.dll
[2013.05.15 17:38:58 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpg4ds32.ax
[2013.05.15 17:38:58 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mpg4dmod.dll
[2013.05.15 17:38:58 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msadds32.ax
[2013.05.15 17:38:58 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mplay32.exe
[2013.05.15 17:38:58 | 000,004,639 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mplayer2.exe
[2013.05.15 17:38:57 | 000,847,898 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msdxm.ocx
[2013.05.15 17:38:57 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\npdrmv2.dll
[2013.05.15 17:38:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msscds32.ax
[2013.05.15 17:38:57 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\npwmsdrm.dll
[2013.05.15 17:38:57 | 000,004,126 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\msdxmlc.dll
[2013.05.15 17:38:56 | 002,973,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmploc.dll
[2013.05.15 17:38:56 | 000,303,616 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmstream.dll
[2013.05.15 17:38:56 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\unregmp2.exe
[2013.05.15 17:38:56 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\shmedia.dll
[2013.05.15 17:38:56 | 000,115,200 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmsdmoe.dll
[2013.05.15 17:38:56 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpshell.dll
[2013.05.15 17:38:56 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmplayer.exe
[2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpui.dll
[2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpcore.dll
[2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmpcd.dll
[2013.05.15 17:38:56 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmp.ocx
[2013.05.15 17:38:55 | 000,278,559 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmv8ds32.ax
[2013.05.15 17:38:55 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wmvds32.ax
[2013.05.15 17:36:42 | 000,000,000 | ---D | C] -- C:\windows\network diagnostic
[2013.05.15 17:30:05 | 000,000,000 | -H-D | C] -- C:\windows\$NtServicePackUninstall$
========== Files - Modified Within 30 Days ==========
[2013.05.16 16:52:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\OTL.exe
[2013.05.16 16:27:14 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2013.05.16 16:27:12 | 001,766,704 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2013.05.16 12:57:53 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2013.05.16 12:35:27 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2013.05.16 12:34:43 | 000,001,870 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.05.16 12:22:02 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2013.05.16 12:21:56 | 000,263,584 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2013.05.16 12:21:56 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2013.05.16 12:21:55 | 000,866,720 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npDeployJava1.dll
[2013.05.16 12:21:55 | 000,788,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2013.05.16 12:21:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2013.05.16 12:21:55 | 000,144,896 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javacpl.cpl
[2013.05.16 12:16:25 | 000,000,173 | ---- | M] () -- C:\windows\RtlRack.ini
[2013.05.16 12:11:51 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2013.05.16 01:09:40 | 000,035,840 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.15 19:48:47 | 000,000,000 | ---- | M] () -- C:\boot.ini
[2013.05.15 19:06:33 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Sebastian\Desktop\TFC.exe
[2013.05.15 18:31:07 | 000,000,696 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.05.15 18:15:51 | 000,000,261 | ---- | M] () -- C:\prefs.js
[2013.05.15 17:56:22 | 000,463,150 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2013.05.15 17:56:22 | 000,442,880 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2013.05.15 17:56:22 | 000,087,386 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2013.05.15 17:56:22 | 000,072,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2013.05.15 17:51:39 | 000,316,640 | ---- | M] () -- C:\windows\WMSysPr9.prx
[2013.05.15 17:49:51 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2013.05.15 17:36:14 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2013.05.15 16:51:53 | 000,628,743 | ---- | M] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\adwcleaner_2.3.0.0.exe
[2013.04.17 00:16:49 | 006,014,976 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtml.dll
[2013.04.17 00:16:49 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\urlmon.dll
[2013.04.17 00:16:49 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\wininet.dll
[2013.04.17 00:16:49 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\vgx.dll
[2013.04.17 00:16:49 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2013.04.17 00:16:49 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeeds.dll
[2013.04.17 00:16:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2013.04.17 00:16:49 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mstime.dll
[2013.04.17 00:16:49 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsdbgui.dll
[2013.04.17 00:16:49 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\occache.dll
[2013.04.17 00:16:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2013.04.17 00:16:49 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\url.dll
[2013.04.17 00:16:49 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\mshtmled.dll
[2013.04.17 00:16:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2013.04.17 00:16:49 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\msfeedsbs.dll
[2013.04.17 00:16:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\licmgr10.dll
[2013.04.17 00:16:49 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\licmgr10.dll
[2013.04.17 00:16:49 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2013.04.17 00:16:49 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\jsproxy.dll
[2013.04.17 00:16:48 | 011,112,960 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\ieframe.dll
[2013.04.17 00:16:48 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iertutil.dll
[2013.04.17 00:16:48 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\inetcpl.cpl
[2013.04.17 00:16:48 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\inetcpl.cpl
[2013.04.17 00:16:48 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[2013.04.17 00:16:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2013.04.17 00:16:48 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedkcs32.dll
[2013.04.17 00:16:48 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2013.04.17 00:16:48 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\dllcache\iepeers.dll
========== Files Created - No Company Name ==========
[2013.05.16 12:34:43 | 000,001,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2013.05.16 12:11:51 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2013.05.15 19:48:47 | 000,000,000 | ---- | C] () -- C:\boot.ini
[2013.05.15 19:35:47 | 000,089,258 | ---- | C] () -- C:\windows\System32\nvapps.xml
[2013.05.15 19:35:47 | 000,017,056 | ---- | C] () -- C:\windows\System32\nvdisp.nvu
[2013.05.15 18:31:07 | 000,000,696 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2013.05.15 18:31:06 | 000,000,702 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2013.05.15 18:15:51 | 000,000,261 | ---- | C] () -- C:\prefs.js
[2013.05.15 18:10:49 | 003,932,214 | ---- | C] () -- C:\windows\FrameShow Wallpaper.BMP
[2013.05.15 17:42:21 | 000,660,224 | ---- | C] () -- C:\windows\System32\dllcache\wmplayer.chm
[2013.05.15 17:42:21 | 000,354,468 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud1.wav
[2013.05.15 17:42:21 | 000,343,204 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud7.wav
[2013.05.15 17:42:21 | 000,343,204 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud6.wav
[2013.05.15 17:42:21 | 000,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud9.wav
[2013.05.15 17:42:21 | 000,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud8.wav
[2013.05.15 17:42:21 | 000,172,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud3.wav
[2013.05.15 17:42:21 | 000,086,196 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud5.wav
[2013.05.15 17:42:21 | 000,086,180 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud4.wav
[2013.05.15 17:42:21 | 000,086,180 | ---- | C] () -- C:\windows\System32\dllcache\wmpaud2.wav
[2013.05.15 17:42:21 | 000,076,456 | ---- | C] () -- C:\windows\System32\dllcache\wmplayer.adm
[2013.05.15 17:42:21 | 000,058,216 | ---- | C] () -- C:\windows\System32\dllcache\wmp.inf
[2013.05.15 17:42:21 | 000,026,141 | ---- | C] () -- C:\windows\System32\dllcache\wmplay.chm
[2013.05.15 17:42:21 | 000,010,457 | ---- | C] () -- C:\windows\System32\dllcache\wmptour.hta
[2013.05.15 17:42:21 | 000,001,771 | ---- | C] () -- C:\windows\System32\dllcache\wmptour.css
[2013.05.15 17:42:21 | 000,001,730 | ---- | C] () -- C:\windows\System32\dllcache\wmpocm.inf
[2013.05.15 17:42:21 | 000,000,420 | ---- | C] () -- C:\windows\System32\dllcache\wmploc.js
[2013.05.15 17:42:20 | 000,572,557 | ---- | C] () -- C:\windows\System32\dllcache\rtuner.wmv
[2013.05.15 17:42:20 | 000,375,519 | ---- | C] () -- C:\windows\System32\dllcache\nuskin.wmv
[2013.05.15 17:42:20 | 000,300,969 | ---- | C] () -- C:\windows\System32\dllcache\viz.wmv
[2013.05.15 17:42:20 | 000,084,531 | ---- | C] () -- C:\windows\System32\dllcache\plyr_err.chm
[2013.05.15 17:42:20 | 000,066,132 | ---- | C] () -- C:\windows\System32\dllcache\revert.wmz
[2013.05.15 17:42:20 | 000,036,610 | ---- | C] () -- C:\windows\System32\dllcache\mplayer2.inf
[2013.05.15 17:42:20 | 000,034,554 | ---- | C] () -- C:\windows\System32\dllcache\wmdm.inf
[2013.05.15 17:42:20 | 000,023,829 | ---- | C] () -- C:\windows\System32\dllcache\tourbg.gif
[2013.05.15 17:42:20 | 000,022,060 | ---- | C] () -- C:\windows\System32\dllcache\npds.zip
[2013.05.15 17:42:20 | 000,017,489 | ---- | C] () -- C:\windows\System32\dllcache\videobg.gif
[2013.05.15 17:42:20 | 000,013,540 | ---- | C] () -- C:\windows\System32\dllcache\wmfsdk.inf
[2013.05.15 17:42:20 | 000,008,677 | ---- | C] () -- C:\windows\System32\dllcache\wm7.gif
[2013.05.15 17:42:20 | 000,007,892 | ---- | C] () -- C:\windows\System32\dllcache\wm9.gif
[2013.05.15 17:42:20 | 000,007,636 | ---- | C] () -- C:\windows\System32\dllcache\wm2.gif
[2013.05.15 17:42:20 | 000,007,369 | ---- | C] () -- C:\windows\System32\dllcache\wm4.gif
[2013.05.15 17:42:20 | 000,006,241 | ---- | C] () -- C:\windows\System32\dllcache\wm3.gif
[2013.05.15 17:42:20 | 000,006,060 | ---- | C] () -- C:\windows\System32\dllcache\wm6.gif
[2013.05.15 17:42:20 | 000,005,789 | ---- | C] () -- C:\windows\System32\dllcache\wm1.gif
[2013.05.15 17:42:20 | 000,005,290 | ---- | C] () -- C:\windows\System32\dllcache\vidsamp.gif
[2013.05.15 17:42:20 | 000,004,193 | ---- | C] () -- C:\windows\System32\dllcache\wm8.gif
[2013.05.15 17:42:20 | 000,003,187 | ---- | C] () -- C:\windows\System32\dllcache\tour.js
[2013.05.15 17:42:20 | 000,002,778 | ---- | C] () -- C:\windows\System32\dllcache\mplogoh.gif
[2013.05.15 17:42:20 | 000,002,545 | ---- | C] () -- C:\windows\System32\dllcache\mplogo.gif
[2013.05.15 17:42:20 | 000,002,477 | ---- | C] () -- C:\windows\System32\dllcache\wm5.gif
[2013.05.15 17:42:20 | 000,002,469 | ---- | C] () -- C:\windows\System32\dllcache\tplay.gif
[2013.05.15 17:42:20 | 000,002,450 | ---- | C] () -- C:\windows\System32\dllcache\tpause.gif
[2013.05.15 17:42:20 | 000,002,375 | ---- | C] () -- C:\windows\System32\dllcache\tplayh.gif
[2013.05.15 17:42:20 | 000,002,371 | ---- | C] () -- C:\windows\System32\dllcache\tpauseh.gif
[2013.05.15 17:42:20 | 000,001,810 | ---- | C] () -- C:\windows\System32\dllcache\skins.inf
[2013.05.15 17:42:20 | 000,001,476 | ---- | C] () -- C:\windows\System32\dllcache\plylst5.wpl
[2013.05.15 17:42:20 | 000,001,471 | ---- | C] () -- C:\windows\System32\dllcache\plylst6.wpl
[2013.05.15 17:42:20 | 000,001,471 | ---- | C] () -- C:\windows\System32\dllcache\plylst12.wpl
[2013.05.15 17:42:20 | 000,001,469 | ---- | C] () -- C:\windows\System32\dllcache\plylst3.wpl
[2013.05.15 17:42:20 | 000,001,467 | ---- | C] () -- C:\windows\System32\dllcache\plylst4.wpl
[2013.05.15 17:42:20 | 000,001,398 | ---- | C] () -- C:\windows\System32\dllcache\taon.gif
[2013.05.15 17:42:20 | 000,001,380 | ---- | C] () -- C:\windows\System32\dllcache\taonh.gif
[2013.05.15 17:42:20 | 000,001,380 | ---- | C] () -- C:\windows\System32\dllcache\taoff.gif
[2013.05.15 17:42:20 | 000,001,367 | ---- | C] () -- C:\windows\System32\dllcache\taoffh.gif
[2013.05.15 17:42:20 | 000,001,261 | ---- | C] () -- C:\windows\System32\dllcache\plylst1.wpl
[2013.05.15 17:42:20 | 000,001,148 | ---- | C] () -- C:\windows\System32\dllcache\snd.htm
[2013.05.15 17:42:20 | 000,001,055 | ---- | C] () -- C:\windows\System32\dllcache\plylst2.wpl
[2013.05.15 17:42:20 | 000,001,047 | ---- | C] () -- C:\windows\System32\dllcache\plylst7.wpl
[2013.05.15 17:42:20 | 000,001,038 | ---- | C] () -- C:\windows\System32\dllcache\plylst8.wpl
[2013.05.15 17:42:20 | 000,000,807 | ---- | C] () -- C:\windows\System32\dllcache\plylst11.wpl
[2013.05.15 17:42:20 | 000,000,800 | ---- | C] () -- C:\windows\System32\dllcache\plylst10.wpl
[2013.05.15 17:42:20 | 000,000,782 | ---- | C] () -- C:\windows\System32\dllcache\plylst9.wpl
[2013.05.15 17:42:20 | 000,000,779 | ---- | C] () -- C:\windows\System32\dllcache\plylst13.wpl
[2013.05.15 17:42:20 | 000,000,778 | ---- | C] () -- C:\windows\System32\dllcache\plylst14.wpl
[2013.05.15 17:42:20 | 000,000,725 | ---- | C] () -- C:\windows\System32\dllcache\plylst15.wpl
[2013.05.15 17:42:20 | 000,000,403 | ---- | C] () -- C:\windows\System32\dllcache\npdrmv2.zip
[2013.05.15 17:42:19 | 000,457,607 | ---- | C] () -- C:\windows\System32\dllcache\mdlib.wmv
[2013.05.15 17:42:19 | 000,381,425 | ---- | C] () -- C:\windows\System32\dllcache\copycd.wmv
[2013.05.15 17:42:19 | 000,184,109 | ---- | C] () -- C:\windows\System32\dllcache\compact.wmz
[2013.05.15 17:42:19 | 000,009,585 | ---- | C] () -- C:\windows\System32\dllcache\controls.css
[2013.05.15 17:42:19 | 000,008,298 | ---- | C] () -- C:\windows\System32\dllcache\contents.htm
[2013.05.15 17:42:19 | 000,006,878 | ---- | C] () -- C:\windows\System32\dllcache\controls.js
[2013.05.15 17:42:19 | 000,005,971 | ---- | C] () -- C:\windows\System32\dllcache\events.js
[2013.05.15 17:42:19 | 000,000,999 | ---- | C] () -- C:\windows\System32\dllcache\bktrh.gif
[2013.05.15 17:42:19 | 000,000,773 | ---- | C] () -- C:\windows\System32\dllcache\cnth.gif
[2013.05.15 17:42:19 | 000,000,773 | ---- | C] () -- C:\windows\System32\dllcache\cnt.gif
[2013.05.15 17:42:19 | 000,000,772 | ---- | C] () -- C:\windows\System32\dllcache\cntd.gif
[2013.05.15 17:42:19 | 000,000,760 | ---- | C] () -- C:\windows\System32\dllcache\cloapph.gif
[2013.05.15 17:42:19 | 000,000,717 | ---- | C] () -- C:\windows\System32\dllcache\cloapp.gif
[2013.05.15 17:35:07 | 000,001,374 | ---- | C] () -- C:\windows\imsins.BAK
[2013.05.15 16:51:52 | 000,628,743 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Desktop\adwcleaner_2.3.0.0.exe
[2010.05.07 21:23:50 | 000,010,698 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\.recently-used.xbel
[2009.02.23 16:12:19 | 000,004,220 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak
[2009.02.23 16:12:19 | 000,002,953 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak
[2009.02.23 16:12:19 | 000,001,919 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak
[2008.12.11 22:07:45 | 000,000,093 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.SimImages
[2008.04.14 20:39:44 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2008.03.09 00:26:16 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat
[2007.01.15 22:17:59 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.01.12 21:58:25 | 000,000,822 | ---- | C] () -- C:\Dokumente und Einstellungen\Sebastian\.plugin141_06.trace
[2006.10.18 19:23:17 | 000,001,391 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.09.30 17:59:10 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
========== ZeroAccess Check ==========
[2008.01.16 16:18:29 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 07:52:26 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2008.04.14 07:52:12 | 000,472,064 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2006.09.30 16:49:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2006.10.19 09:05:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BOONTY
[2007.02.01 07:13:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\exit tick tons active
[2013.05.15 18:46:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA
[2009.08.08 22:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GoldWave
[2008.03.07 15:09:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IM
[2008.03.07 10:55:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IncrediMail
[2008.10.06 19:25:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Innovative Solutions
[2007.05.24 11:44:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.03.03 19:08:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2010.02.19 20:33:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OpenFM
[2007.05.24 12:10:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2009.03.06 11:19:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-DSL SpeedManager
[2008.11.07 17:47:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009.02.28 15:12:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2009.12.07 15:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2006.09.26 12:28:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2007.05.16 11:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VManager
[2009.02.28 15:11:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357}
[2006.12.19 20:44:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\.CannaPower
[2006.11.06 15:11:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Alien Skin
[2010.02.04 14:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ashampoo
[2006.11.25 13:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\BearShare
[2008.12.03 17:34:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\DAEMON Tools
[2008.04.27 22:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Dev-Cpp
[2007.07.05 10:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\EPSON
[2007.02.01 07:29:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\FiveAtomTool
[2008.08.04 18:30:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQ
[2006.11.28 01:15:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQ Toolbar
[2006.09.24 20:19:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\ICQLite
[2009.09.21 16:38:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MAGIX
[2007.05.20 15:59:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Mayspies
[2007.10.18 16:21:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\MusicIP
[2008.11.15 12:52:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Nowe Gadu-Gadu
[2008.04.13 22:36:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Panasonic
[2007.05.26 13:27:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PC Suite
[2009.02.23 15:35:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\PhotoFrameShow
[2009.02.25 15:21:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Spyware Terminator
[2007.01.15 17:19:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Steinberg
[2009.05.10 15:05:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TeamViewer
[2009.02.28 15:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\TuneUp Software
[2006.09.26 15:29:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Michael\Anwendungsdaten\Ulead Systems
[2008.11.21 16:27:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\EFSoftware
[2007.12.08 23:34:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\EPSON
[2010.05.07 21:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Sebastian\Anwendungsdaten\gtk-2.0
[2007.03.06 12:40:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\EPSON
[2009.03.15 15:21:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\GMX
[2009.03.27 17:57:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\gtk-2.0
[2009.04.08 14:03:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\ICQ
[2006.12.04 20:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\ICQLite
[2009.02.03 11:49:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\InterTrust
[2007.05.18 12:53:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\Mayspies
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 98 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 489 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF
@Alternate Data Stream - 120 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:C95B63DA
@Alternate Data Stream - 113 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:06FE92BD
< End of report >
Extras: Code:
OTL Extras logfile created on: 16.05.2013 16:53:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Sebastian\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,25 Gb Total Physical Memory | 0,73 Gb Available Physical Memory | 58,21% Memory free
1,48 Gb Paging File | 1,16 Gb Available in Paging File | 78,09% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Programme
Drive C: | 55,89 Gb Total Space | 26,77 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
Drive D: | 46,87 Gb Total Space | 30,33 Gb Free Space | 64,71% Space Free | Partition Type: NTFS
Drive E: | 9,02 Gb Total Space | 9,00 Gb Free Space | 99,79% Space Free | Partition Type: FAT32
Computer Name: DIDI | User Name: Sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_USERS\S-1-5-21-682003330-1770027372-1801674531-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\IncrediMail\bin\IncMail.exe" = C:\Programme\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail
"C:\Programme\IncrediMail\bin\ImApp.exe" = C:\Programme\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail
"C:\Programme\TeamViewer\Version8\TeamViewer.exe" = C:\Programme\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{1845470B-EB14-4ABC-835B-E36C693DC07D}" = Skype™ 6.3
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{314F6D08-A8B7-11D8-8446-0050BA1D384D}" = EPSON Image Clip Palette
"{33D6723B-DE6B-4E86-A6BC-CD1F3E42DD26}" = OpenOffice.org 2.0
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DFF1415-4C29-44A8-BFD4-2BCE249C4991}" = SpPhones
"{560F47F7-EB23-44B1-AAFC-667F1CD8FE5C}" = Sp5
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5
"{6C3959C6-943E-44B3-BAAD-570B04B134E5}" = SpCommon
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{7FD95AAD-BABD-42F7-8ABF-1ECE49B73114}" = STOIK Software Deformer v.2.0 Trial
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{90850415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{90AF0415-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}" = Ulead Photo Express 4.0 SE
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector Pro
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = SAMSUNG PC Studio 2.0.9
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E415C943-37E5-473F-8BAE-043C56734124}" = Sp5TTInt
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F19D07BC-6240-49D3-BA5C-59B015DF8916}" = EPSON Easy Photo Print
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD4B33E1-24AE-4535-AA7B-162B30FB57CD}" = Sp5Intl
"Ashampoo Photo Illuminator 2" = Ashampoo Photo Illuminator 2
"CodInstl" = Intel A/V Codecs V2.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ie8" = Windows Internet Explorer 8
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5
"InstallShield_{D48C9BFC-FBCF-4F29-B97D-822ED6D497FE}" = SAMSUNG PC Studio 2.0.9
"LHTTSGED" = L&H TTS3000 Deutsch
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 2.0.6
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR 5.00 beta 3 (32-bit)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 15.05.2013 10:39:39 | Computer Name = DIDI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 15.05.2013 11:06:40 | Computer Name = DIDI | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 15.05.2013 11:06:41 | Computer Name = DIDI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 15.05.2013 11:09:21 | Computer Name = DIDI | Source = EventSystem | ID = 4609
Description = Das COM+-Ereignissystem hat einen ungültigen Rückgabecode während
der internen Verarbeitung erkannt. HRESULT war 800706BA von Zeile 44 von d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Wenden Sie sich an den Microsoft-Produktsuppor
Error - 15.05.2013 11:09:22 | Computer Name = DIDI | Source = VSS | ID = 8193
Description = Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance"
ist ein unerwarteter Fehler aufgetreten. hr = 0x80040206.
Error - 15.05.2013 11:50:52 | Computer Name = DIDI | Source = WinMgmt | ID = 4
Description = .MOF.Datei C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET.MOF
konnte während der Wiederherstellung der Repositorydatei nicht geladen werden.
Error - 15.05.2013 11:50:52 | Computer Name = DIDI | Source = WinMgmt | ID = 4
Description = .MOF.Datei C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION
FOUNDATION\SERVICEMODEL.MOF konnte während der Wiederherstellung der Repositorydatei
nicht geladen werden.
Error - 15.05.2013 12:32:06 | Computer Name = DIDI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 15.05.2013 18:12:17 | Computer Name = DIDI | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung msconfig.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul mfc42u.dll, Version 6.2.8071.0, Fehleradresse 0x000040bc.
Error - 16.05.2013 06:27:49 | Computer Name = DIDI | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 21.0.0.4879, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 15.05.2013 19:12:59 | Computer Name = DIDI | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sisagp
Error - 15.05.2013 19:13:02 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker EPSON Stylus DX3800 Series konnte nicht initialisiert
werden, da der Treiber EPSON Stylus DX3800 Series nicht gefunden wurde.
Error - 15.05.2013 19:13:02 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker Microsoft Office Document Image Writer konnte nicht initialisiert
werden, da der Treiber Microsoft Office Document Image Writer Driver nicht gefunden
wurde.
Error - 16.05.2013 05:59:24 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker EPSON Stylus DX3800 Series konnte nicht initialisiert
werden, da der Treiber EPSON Stylus DX3800 Series nicht gefunden wurde.
Error - 16.05.2013 05:59:24 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker Microsoft Office Document Image Writer konnte nicht initialisiert
werden, da der Treiber Microsoft Office Document Image Writer Driver nicht gefunden
wurde.
Error - 16.05.2013 06:27:49 | Computer Name = DIDI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 16.05.2013 06:27:56 | Computer Name = DIDI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits
2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 2000 Millisekunden durchgeführt:
Starten Sie den Dienst neu..
Error - 16.05.2013 06:28:03 | Computer Name = DIDI | Source = Service Control Manager | ID = 7034
Description = Dienst "TeamViewer 8" wurde unerwartet beendet. Dies ist bereits 3
Mal passiert.
Error - 16.05.2013 10:27:46 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker EPSON Stylus DX3800 Series konnte nicht initialisiert
werden, da der Treiber EPSON Stylus DX3800 Series nicht gefunden wurde.
Error - 16.05.2013 10:27:46 | Computer Name = DIDI | Source = Print | ID = 23
Description = Der Drucker Microsoft Office Document Image Writer konnte nicht initialisiert
werden, da der Treiber Microsoft Office Document Image Writer Driver nicht gefunden
wurde.
< End of report >
MBAR: Code:
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org
Database version: v2013.05.15.11
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Sebastian :: DIDI [administrator]
16.05.2013 01:04:12
mbar-log-2013-05-16 (01-04-12).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 26526
Time elapsed: 47 minute(s), 50 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKLM\SOFTWARE\CLASSES\APPID\{36DBC179-A19F-48F2-B16A-6A3E19B42A87} (Trojan.BHO) -> Delete on reboot.
HKCU\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SOFTWARE\Bifrost (Bifrose.Trace) -> Delete on reboot.
HKLM\SOFTWARE\NetPumper (Adware.NetPumper) -> Delete on reboot.
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 4
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\NetPumper (Adware.NetPumper) -> Delete on reboot.
c:\Dokumente und Einstellungen\Pati\Anwendungsdaten\NetPumper (Adware.NetPumper) -> Delete on reboot.
c:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\NetPumper (Adware.NetPumper) -> Delete on reboot.
c:\WINDOWS\system32\Bifrost (Backdoor.Bifrose) -> Delete on reboot.
Files Detected: 8
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\addon.dat (Malware.Trace) -> Delete on reboot.
c:\Dokumente und Einstellungen\Pati\Anwendungsdaten\addon.dat (Malware.Trace) -> Delete on reboot.
c:\Dokumente und Einstellungen\Waldi\Anwendungsdaten\addon.dat (Malware.Trace) -> Delete on reboot.
c:\Dokumente und Einstellungen\Michael\Favoriten\Online Security Test.url (Rogue.Link) -> Delete on reboot.
c:\WINDOWS\Jimmy Neutron 2.dat (Trojan.Agent) -> Delete on reboot.
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\NetPumper\Michael.1.ini (Adware.NetPumper) -> Delete on reboot.
c:\Dokumente und Einstellungen\Michael\Anwendungsdaten\NetPumper\Michael.ini (Adware.NetPumper) -> Delete on reboot.
c:\WINDOWS\system32\Bifrost\klog.dat (Backdoor.Bifrose) -> Delete on reboot.
(end)
GMER: Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-16 20:45:29
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 ST3120023A rev.3.30 111,79GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\SEBAST~1\LOKALE~1\Temp\pxtdapog.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\windows\system32\DRIVERS\nv4_mini.sys section is writeable [0xB921A360, 0x24BBAD, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] ntdll.dll!LdrLoadDll 7C9263A3 5 Bytes JMP 01539CF0 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] kernel32.dll!lstrlenW + 43 7C809ADC 7 Bytes JMP 01AE542B C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] kernel32.dll!MapViewOfFileEx + 6A 7C80B990 7 Bytes JMP 01AE5408 C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] kernel32.dll!ValidateLocale + B1E8 7C8449F8 7 Bytes JMP 0154369E C:\Programme\Mozilla Firefox\xul.dll
.text C:\Programme\Mozilla Firefox\firefox.exe[1320] GDI32.dll!SetDIBitsToDevice + 209 77EF9E04 7 Bytes JMP 01AE5389 C:\Programme\Mozilla Firefox\xul.dll
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV A2528261AB2A310DF22EF71EEF7E9D0641A89100DD1462BF4E7BB807C2246E0ABA8A66D494B94EB7AE786C53018E16CF4CC60AEA4971FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E667C038D530D6EB34529DB7CE019D40AA5CA6A0AC4980AC7933B8ADED0AC24BCE167F9214AFC6A71AAA07BD0EF3ECB3E79B9800FC3DA8A373AB1B1550D84BDCF3EF8AD1B7981FACFDC0B0E5ED0C508EABACBFA3C53FA2809D872B67148B7D6AC182597DE3FE4197745928A6F5497139EB0C37A39AC12D7EF3A88DD3D47AF53C7AA289E44D61CDA1EC441D9198F0957EE3A4E3ED4BF5501C1FB1FE495C5F2521554C4919DDA3B90B4B74D4787D31582FC500BE39DAF06FD83FE7CB7EAC58506A7E9F5B6F330ECF94E80327F17E1B299D3552557B81ACBCB96535D66C79678F6D14DC17059ECAAD07112C80DAA9A14A234DED4971AA86BFC797A79550ACF3D00429ED6834A5E9C52B03CDE051C29E539A1ACDCF9B76BFD40FCF7214A960C7538B45DA4EA2025FDBD074EC5CB83F4DAC639B8CB1BEB77D2C207BE86F4068112DE5E2D45B3321808B4A8BB29B38C9CD9860C76D4CE175C9C810FD86D91BC5634578F0AD3893A48A436E66685C3AC126A6FB885411D1EA9202772CE99A09B3B35BADD3DB1F2FE01D439892806BEE37BDBF1EBA49079
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\InprocServer32@ C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\ProgID@ AcroIEHelper.AcroIEHlprObj.1
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\Programmable@
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\TypeLib@ {5F226421-415D-408D-9A09-0DCD94E25B48}
Reg HKLM\SOFTWARE\Classes\CLSID\{3BA74ADF-B72F-FD75-92F5-8BF4FC3976BE}\VersionIndependentProgID@ AcroIEHelper.AcroIEHlprObj
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\AVIFile@ 7
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\InprocServer@ avifile.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\InprocServer32@ avifil32.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{7A8B53A6-D68D-DCF7-D8D5-793E4C78375F}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\DefaultIcon@ C:\WINDOWS\System32\nvshell.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@ C:\WINDOWS\System32\nvshell.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ContextMenuHandlers
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ContextMenuHandlers\{1E9B04FB-F9E5-4718-997B-B8DA88302A47}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\DropHandler
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\DropHandler@ {1CDB2949-8F65-4355-8456-263E7C208A5D}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews\{8BEBB290-52D0-11d0-B7F4-00C04FD706EC}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews\{8BEBB290-52D0-11d0-B7F4-00C04FD706EC}@Attributes 1610612736
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\shellex\ExtShellFolderViews\{8BEBB290-52D0-11d0-B7F4-00C04FD706EC}@ISV {8BEBB290-52D0-11d0-B7F4-00C04FD706EC}
Reg HKLM\SOFTWARE\Classes\CLSID\{9AED5D30-9D2E-D167-C810-42EC6B3814C2}\ShellFolder@WantsFORPARSING
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32@Class 0x57 0x10 0x30 0x30 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-1be6-7578-4531fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32@Class 0xFA 0x2F 0x1D 0xDF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-2933-ccd3-2c31fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32@Class 0x7C 0xB4 0x65 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-3133-bf54-0c81fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32@Class 0x2A 0xCA 0x4A 0xEB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-353a-1d1c-c0c1fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32@Class 0x92 0xF7 0x24 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-62f1-de3c-1758fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32@Class 0x32 0x39 0xD5 0xAC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-a0fa-8d58-3155fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32@Class 0xF5 0xEF 0x31 0xF4 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{C09C5BC9-8988-f550-c992-af71fa0fa39f}\InprocServer32@ C:\windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{C5593E1D-880D-37FC-1F20-F5B689B30C92}\InprocServer32@ C:\WINDOWS\System32\wbem\dsprov.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{C5593E1D-880D-37FC-1F20-F5B689B30C92}\InprocServer32@ThreadingModel Both
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ C:\PROGRA~1\EPSON\CREATI~1\Common\Module\EpInet.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\InprocServer32@ThreadingModel Free
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\ProgID@ EpInet.PxFile.1
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\TypeLib@ {254BE3F2-4B82-412C-B6AB-CC3BC551FBF4}
Reg HKLM\SOFTWARE\Classes\CLSID\{DA07BE83-B97B-BA2D-4FC8-30F1027AA7BE}\VersionIndependentProgID@ EpInet.PxFile
---- Files - GMER 2.1 ----
File C:\Programme\MSXML 4.0 0 bytes
Ich bedanke mich im voraus. :dankeschoen: |
Lesestoff: