Trojaner-Board - Desktop speichert Einstellungen nicht mehr ab

Hallo Cosinus,

anbei das Log-File

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 21.08.2011 19:36:07 - Run 1

OTL by OldTimer - Version 3.2.26.5     Folder = C:\Dokumente und Einstellungen\Herr Baumann\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale:  | Country:  | Language:  | Date Format: 

 

1023,48 Mb Total Physical Memory | 683,57 Mb Available Physical Memory | 66,79% Memory free

2,91 Gb Paging File | 2,47 Gb Available in Paging File | 84,88% Paging File free

Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 74,56 Gb Total Space | 20,98 Gb Free Space | 28,13% Space Free | Partition Type: NTFS

 

Computer Name: PC | User Name: Herr Baumann | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)

.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

txtfile [printto] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [Digital Photo Professional] -- C:\Programme\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

"65533:TCP" = 65533:TCP:*:Enabled:Services

"52344:TCP" = 52344:TCP:*:Enabled:Services

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Programme\ICQ6\ICQ.exe" = C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6

"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Programme\Netscape\Netscape\Netscp.exe" = C:\Programme\Netscape\Netscape\Netscp.exe:*:Disabled:Netscape -- (Mozilla, Netscape)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation)

"C:\Programme\ICQ6.5\ICQ.exe" = C:\Programme\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

"C:\Programme\Mozilla Thunderbird\thunderbird.exe" = C:\Programme\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Thunderbird -- (Mozilla Messaging)

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional

"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Disc 2

"{00170407-78E1-11D2-B60F-006097C998E7}" = Microsoft Word 2000

"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers

"{20F1FFAF-1BFF-450C-A8C7-03D1BE24B950}" = Microsoft .NET Framework (German)

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22

"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel

"{7148F0A8-6813-11D6-A77B-00B0D0142050}" = Java 2 Runtime Environment, SE v1.4.2_05

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = File Viewer Utility 1.2.2

"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU

"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = RemoteCapture 2.7.2

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.4 - Deutsch

"{B023185F-F1EF-4F97-B0BD-AE6D802226D1}" = NVIDIA WDM Drivers

"{B2C54124-0A2A-4E4E-B7B6-46E46D38C2F9}" = Sinus 1054 data

"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility

"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon Camera WIA Driver

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb

"{EDDDC607-91D9-4758-9F57-265FDCD8A772}" = Microsoft Works 7.0 

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F31EC6DC-B5C0-4B21-B6D1-10543F304BCE}" = Slovencina Start Ger

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9

"AVG8Uninstall" = AVG Free 8.5

"AVM ISDN CAPI Port" = AVM ISDN CAPI Port

"Beauty Strippoker" = Beauty Strippoker 1.4 

"CAL" = Canon Camera Access Library

"CameraWindowDC" = Canon Utilities CameraWindow DC

"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX

"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

"CameraWindowLauncher" = Canon Utilities CameraWindow

"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder

"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX

"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX

"Canon MP540 series Benutzerregistrierung" = Canon MP540 series Benutzerregistrierung

"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CokeFridgeRadioPlayer_is1" = CokeFridge Radioplayer Version 1.51.4

"conduitEngine" = Conduit Engine 

"CSCLIB" = Canon Camera Support Core Library

"DPP" = Canon Utilities Digital Photo Professional 3.4

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"EOS Utility" = Canon Utilities EOS Utility

"ESET Online Scanner" = ESET Online Scanner v3

"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20

"freenet.de Internet-by-Call" = freenet.de

"Google Chrome" = Google Chrome

"ICQToolbar" = ICQ Toolbar

"InstallShield_{755D3B4E-D3A3-4D05-99D8-FC35E26A331C}" = Canon Utilities File Viewer Utility 1.2

"InstallShield_{AB3AC39D-9915-435D-ACC4-9881E75326BC}" = Canon Utilities RemoteCapture 2.7

"InstallShield_{B2C54124-0A2A-4E4E-B7B6-46E46D38C2F9}" = Sinus 1054 data

"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA-Treiber

"InstallShield_{E1CDCB03-A90F-4A74-BE8C-CD3AF43190CA}" = Canon IXY 320, PowerShot S230, IXUS v3 WIA-Treiber

"Java Web Start" = Java Web Start

"Language pack for Ad-Aware SE" = Language pack for Ad-Aware SE

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800

"MIBA Smartcat 2.0_is1" = MIBA Smartcat 2.1 (MIBA Spezial 1-65)

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework Full v1.0.3705 (1031)" = Microsoft .NET Framework (German) v1.0.3705

"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX

"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)

"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MyCamera" = Canon Utilities MyCamera

"MyCameraDC" = Canon Utilities MyCamera DC

"NeroMultiInstaller!UninstallKey" = Nero Suite

"Netscape (7.1)" = Netscape (7.1)

"NVIDIA Display Driver" = NVIDIA Display Driver

"Original Data Security Tools" = Canon Utilities Original Data Security Tools

"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.2

"PhotoRecord" = Canon PhotoRecord

"PhotoStitch" = Canon Utilities PhotoStitch

"Picasa 3" = Picasa 3

"Picture Style Editor" = Canon Utilities Picture Style Editor

"PowerArchiver" = PowerArchiver

"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX

"RealPlayer 6.0" = RealPlayer

"Recuva" = Recuva

"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX

"softonic-de3 Toolbar" = softonic-de3 Toolbar

"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)

"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility

"WildTangent CDA" = WildTangent Web Driver

"Winamp" = Winamp (remove only)

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinRAR archiver" = WinRAR

"WinZip" = WinZip

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.08.2011 13:08:18 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b.

 

Error - 18.08.2011 13:11:16 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b.

 

Error - 18.08.2011 13:14:28 | Computer Name = PC | Source = Application Error | ID = 1004

Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b.

 

Error - 18.08.2011 16:49:17 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b.

 

Error - 18.08.2011 16:50:17 | Computer Name = PC | Source = crypt32 | ID = 131080

Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer

 von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung

 zurückgegeben.  .

 

Error - 18.08.2011 16:51:48 | Computer Name = PC | Source = Application Error | ID = 1000

Description = Fehlgeschlagene Anwendung spoolsv.exe, Version 5.1.2600.6024, fehlgeschlagenes

 Modul kernel32.dll, Version 5.1.2600.5781, Fehleradresse 0x0003147b.

 

Error - 18.08.2011 17:18:01 | Computer Name = PC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 5.0.0.4183, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 18.08.2011 17:18:06 | Computer Name = PC | Source = Application Hang | ID = 1001

Description = Fehlerhafter Speicherbereich -1805600120.

 

Error - 18.08.2011 17:19:35 | Computer Name = PC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 5.0.0.4183, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

Error - 18.08.2011 17:20:41 | Computer Name = PC | Source = Application Hang | ID = 1002

Description = Stillstehende Anwendung firefox.exe, Version 5.0.0.4183, Stillstandmodul

 hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

 

[ System Events ]

Error - 21.08.2011 04:11:27 | Computer Name = PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1058

 

Error - 21.08.2011 04:12:04 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 21.08.2011 11:26:31 | Computer Name = PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1058

 

Error - 21.08.2011 11:27:09 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 21.08.2011 11:30:16 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist

 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 21.08.2011 11:33:23 | Computer Name = PC | Source = Service Control Manager | ID = 7034

Description = Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits

 3 Mal passiert.

 

Error - 21.08.2011 12:30:31 | Computer Name = PC | Source = Service Control Manager | ID = 7000

Description = Der Dienst "nVidia WDM Video Capture (universal)" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1058

 

Error - 21.08.2011 12:31:02 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 21.08.2011 12:34:09 | Computer Name = PC | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist

 bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 21.08.2011 12:37:15 | Computer Name = PC | Source = Service Control Manager | ID = 7034

Description = Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits

 3 Mal passiert.

 

 

< End of report >

--- --- ---

Besten Dank vorab!

Hallo Cosinus,

anbei das OTL-File

OTL Logfile:

Code:

OTL logfile created on: 21.08.2011 20:17:24 - Run 1

OTL by OldTimer - Version 3.2.26.5     Folder = C:\Dokumente und Einstellungen\Herr Baumann\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale:  | Country:  | Language:  | Date Format: 

 

1023,48 Mb Total Physical Memory | 399,36 Mb Available Physical Memory | 39,02% Memory free

2,91 Gb Paging File | 2,22 Gb Available in Paging File | 76,32% Paging File free

Paging file location(s): C:\pagefile.sys 2048 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 74,56 Gb Total Space | 20,94 Gb Free Space | 28,09% Space Free | Partition Type: NTFS

 

Computer Name: PC | User Name: Herr Baumann | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.08.21 19:34:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Herr Baumann\Desktop\OTL.exe

PRC - [2011.08.02 21:51:56 | 000,399,536 | ---- | M] (Mozilla Messaging) -- C:\Programme\Mozilla Thunderbird\thunderbird.exe

PRC - [2011.06.24 20:18:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2010.09.21 00:07:44 | 000,932,288 | R--- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe

PRC - [2010.07.12 21:53:07 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgtray.exe

PRC - [2010.05.14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe

PRC - [2010.05.14 12:44:46 | 000,248,552 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe

PRC - [2009.09.01 21:05:45 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG8\avgcsrvx.exe

PRC - [2009.09.01 21:05:45 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgrsx.exe

PRC - [2009.09.01 21:05:41 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgnsx.exe

PRC - [2009.09.01 21:05:38 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgemc.exe

PRC - [2009.09.01 21:05:31 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

PRC - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe

PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE

PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMyPrt.exe

PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE

PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Programme\Canon\CAL\CALMAIN.exe

PRC - [2005.11.23 13:59:18 | 001,024,000 | ---- | M] (TECOM) -- C:\Programme\DT\Sinus 1054 data\Wifiusb.exe

PRC - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe

PRC - [2004.08.27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCDsrv.exe

PRC - [2004.08.27 04:01:08 | 001,450,096 | ---- | M] (Ahead Software AG) -- C:\Programme\Ahead\InCD\InCD.exe

PRC - [2003.06.10 13:12:28 | 000,055,296 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE

PRC - [2002.04.26 19:53:36 | 000,012,288 | ---- | M] () -- C:\Programme\Winamp\Winampa.exe

PRC - [2001.03.15 07:18:18 | 000,049,254 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.08.02 21:52:02 | 001,849,520 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\mozjs.dll

MOD - [2011.08.02 21:52:02 | 000,161,968 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldap32v60.dll

MOD - [2011.08.02 21:52:01 | 000,021,680 | ---- | M] () -- C:\Programme\Mozilla Thunderbird\nsldappr32v60.dll

MOD - [2011.07.31 20:36:38 | 000,076,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Mozilla\Firefox\Profiles\l5mpcbne.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko5.dll

MOD - [2011.06.24 20:18:18 | 001,850,328 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll

MOD - [2011.04.25 16:57:05 | 006,053,536 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe

MOD - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (MSDTC)

SRV - File not found [Disabled | Stopped] --  -- (HidServ)

SRV - File not found [On_Demand | Stopped] --  -- (de_serv)

SRV - [2011.05.30 11:33:54 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)

SRV - [2009.09.01 21:05:38 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~1\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009.09.01 21:05:31 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2009.06.01 22:20:12 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)

SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Programme\Canon\CAL\CALMAIN.exe -- (CCALib8)

SRV - [2004.10.22 04:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2004.09.29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2004.08.27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)

SRV - [2004.08.27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Programme\Ahead\InCD\InCDsrv.exe -- (InCDsrv)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Running] --  -- (xpsec)

DRV - File not found [Kernel | On_Demand | Running] --  -- (xcpip)

DRV - [2009.09.01 21:05:45 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009.09.01 21:05:45 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009.05.10 18:36:31 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2008.04.13 20:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum)

DRV - [2005.10.19 09:20:30 | 000,357,792 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\PRISMA02.sys -- (PRISM_A02)

DRV - [2004.08.27 10:02:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass)

DRV - [2004.08.27 10:02:30 | 000,092,928 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)

DRV - [2004.08.27 04:02:50 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)

DRV - [2003.08.14 23:16:38 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ALCXSENS.SYS -- (ALCXSENS)

DRV - [2003.06.19 09:30:18 | 000,752,764 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)

DRV - [2003.04.09 10:47:00 | 000,120,780 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\DRIVERS\nvcap.sys -- (nvcap) nVidia WDM Video Capture (universal)

DRV - [2003.04.09 10:47:00 | 000,020,480 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\nvtunep.sys -- (nvTUNEP)

DRV - [2003.04.09 10:47:00 | 000,020,224 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\nvtvsnd.sys -- (nvtvSND)

DRV - [2003.04.09 10:47:00 | 000,013,070 | ---- | M] (NVIDIA Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\DRIVERS\NVxbar.sys -- (NVXBAR)

DRV - [2002.05.29 08:54:00 | 000,038,400 | R--- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\EL910N51.sys -- (EL910)

DRV - [2002.05.02 13:52:22 | 000,017,134 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PCANDIS5.SYS -- (PCANDIS5)

DRV - [2001.10.23 00:00:00 | 000,059,520 | ---- | M] (AVM Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\avmport.sys -- (AVMPORT)

DRV - [2001.08.17 15:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\msmpu401.sys -- (ms_mpu401)

DRV - [2001.08.17 12:14:24 | 000,444,416 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\fpcibase.sys -- (fpcibase)

DRV - [2001.08.17 12:13:48 | 000,037,568 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\avmwan.sys -- (AVMWAN)

DRV - [1997.05.29 16:51:22 | 000,064,512 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2897: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2955: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1675: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Programme\AVG\AVG8\Firefox [2009.12.21 17:54:38 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Programme\AVG\AVG8\Toolbar\Firefox\avg@igeared [2011.06.21 23:26:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.06.24 20:18:24 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.06.05 12:39:39 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2011.08.02 21:52:07 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Programme\Netscape\Netscape\Components [2011.04.05 07:47:27 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Programme\Netscape\Netscape\Plugins [2011.06.05 12:39:39 | 000,000,000 | ---D | M]

 

[2011.05.10 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2009.07.14 21:26:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2010.06.11 23:37:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.11.01 12:30:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2011.06.24 20:18:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

[2011.05.10 23:33:25 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.05.10 23:33:25 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2011.05.10 23:33:26 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2011.05.10 23:33:26 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.05.10 23:33:26 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.05.10 23:33:26 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2001.08.18 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Programme\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [InCD] C:\Programme\Ahead\InCD\InCD.exe (Ahead Software AG)

O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\Winampa.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)

O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB (Reg Error: Key error.)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.)

O16 - DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} hxxp://ua.foto.com/ImageUploader6.cab (Uploader Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38028.2715625 (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Programme\AVG\AVG8\Toolbar\IEToolbar.dll ()

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O22 - SharedTaskScheduler: {E802FFFF-8E58-4d2c-A435-8BEEFB10AB77} - Reload Browse - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004.02.11 16:23:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.08.15 23:05:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Works

[2011.08.15 23:04:20 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Works

[2011.08.15 19:33:44 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2011.08.14 21:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[2011.08.14 21:20:08 | 000,000,000 | ---D | C] -- C:\My Documents

[2011.08.14 21:20:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\Application Data

[2011.08.13 14:11:12 | 000,000,000 | ---D | C] -- C:\spoolerlogs

[2011.08.13 14:09:09 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011.08.13 14:09:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware

[2011.08.13 14:09:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes

[2011.08.13 14:09:05 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011.08.13 14:09:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.08.12 17:31:04 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files

[1999.03.11 19:22:04 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRAABOUT.DLL

[1998.12.09 04:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAREG.DLL

[1998.12.09 04:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAMDMTR.DLL

[1998.12.09 04:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRALPTTR.DLL

[1998.12.09 04:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Programme\Gemeinsame Dateien\IRAWEBTR.DLL

[1998.12.09 04:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Programme\Gemeinsame Dateien\IRASRIAL.DLL

[8 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.08.21 19:36:02 | 000,001,102 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011.08.21 18:41:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011.08.21 18:27:58 | 000,001,098 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011.08.21 18:27:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011.08.21 10:13:25 | 081,758,811 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2011.08.20 18:35:00 | 000,459,244 | ---- | M] () -- C:\WINDOWS\System32\prfh0407.dat

[2011.08.20 18:35:00 | 000,441,546 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011.08.20 18:35:00 | 000,071,482 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011.08.20 18:34:59 | 000,084,748 | ---- | M] () -- C:\WINDOWS\System32\prfc0407.dat

[2011.08.20 17:40:48 | 000,186,880 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Baumann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.08.20 17:40:47 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2011.08.16 07:21:18 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011.08.14 21:24:30 | 000,000,864 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 5.0.lnk

[2011.08.14 21:24:10 | 000,000,892 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk

[2011.08.14 21:18:22 | 000,000,403 | ---- | M] () -- C:\WINDOWS\ODBC.INI

[2011.08.13 14:09:09 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.08.11 19:35:46 | 000,459,244 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat

[2011.08.11 19:35:46 | 000,084,748 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat

[2011.08.11 19:32:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011.08.10 21:39:05 | 000,001,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk

[2011.07.31 21:47:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

 
 ========== Files Created - No Company Name ==========

 

[2011.08.20 18:35:00 | 000,459,244 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat

[2011.08.20 18:34:59 | 000,084,748 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat

[2011.08.15 23:05:35 | 000,001,561 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Works-Start.lnk

[2011.08.14 21:24:30 | 000,001,776 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Acrobat Distiller 5.0.lnk

[2011.08.14 21:24:30 | 000,000,870 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Acrobat 5.0.lnk

[2011.08.14 21:24:30 | 000,000,864 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Acrobat 5.0.lnk

[2011.08.14 21:24:10 | 000,000,892 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acrobat Assistant.lnk

[2011.08.14 21:23:26 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\adistres.dll

[2011.08.13 14:09:09 | 000,000,766 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.08.02 21:52:13 | 000,001,648 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Thunderbird.lnk

[2010.07.11 23:04:05 | 000,000,068 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2010.06.13 14:49:34 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2008.05.16 07:47:44 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2007.04.14 20:34:41 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2006.02.13 23:01:15 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Herr Baumann\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2005.08.12 18:33:31 | 000,000,012 | ---- | C] () -- C:\WINDOWS\screenmx.ini

[2005.08.12 17:27:05 | 000,000,089 | ---- | C] () -- C:\WINDOWS\vpetting.ini

[2005.06.21 13:42:35 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2005.06.19 21:14:26 | 000,001,741 | ---- | C] () -- C:\WINDOWS\winzip32.ini

[2005.04.19 11:40:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI

[2005.04.19 11:36:41 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005.03.13 16:07:01 | 000,186,880 | ---- | C] () -- C:\Dokumente und Einstellungen\Herr Baumann\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005.03.12 16:09:20 | 000,000,121 | ---- | C] () -- C:\WINDOWS\telephon.ini

[2005.02.12 21:20:10 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2005.02.12 21:17:53 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll

[2005.02.12 21:17:53 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll

[2005.02.12 21:16:15 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2005.02.12 21:16:15 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2004.09.25 22:18:59 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll

[2004.09.22 21:20:21 | 000,000,121 | ---- | C] () -- C:\WINDOWS\Winamp.ini

[2004.09.22 21:01:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2004.09.21 22:21:58 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2004.09.21 22:21:27 | 000,087,184 | ---- | C] () -- C:\WINDOWS\NSUninst.exe

[2004.09.21 22:21:19 | 000,087,184 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe

[2004.09.21 22:21:18 | 000,009,214 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2004.09.21 19:36:51 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll

[2004.09.21 18:55:10 | 000,027,136 | R--- | C] () -- C:\WINDOWS\System32\nvcod.dll

[2004.08.10 13:38:28 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\SENTINEL.SYS

[2004.08.10 13:38:28 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\SNTI386.DLL

[2004.08.10 13:38:28 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\RNBOVDD.DLL

[2004.08.10 13:38:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MTSTACK.INI

[2004.08.10 11:51:15 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini

[2004.08.10 11:51:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI

[2004.08.10 11:41:52 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004.07.16 22:28:34 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2004.07.14 17:59:36 | 000,000,284 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2004.02.11 17:30:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004.02.11 16:48:03 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004.02.11 16:30:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2004.02.11 16:25:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2004.02.11 16:20:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2004.02.11 16:16:27 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004.02.11 16:15:37 | 000,318,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2001.10.24 17:39:42 | 000,045,056 | ---- | C] () -- C:\WINDOWS\WSUtil.exe

[2001.08.18 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2001.08.18 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2001.08.18 13:00:00 | 000,459,244 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat

[2001.08.18 13:00:00 | 000,441,546 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2001.08.18 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2001.08.18 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat

[2001.08.18 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2001.08.18 13:00:00 | 000,084,748 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat

[2001.08.18 13:00:00 | 000,071,482 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2001.08.18 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2001.08.18 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat

[2001.08.18 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2001.08.18 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2001.08.18 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

[2000.03.29 22:00:00 | 000,125,440 | ---- | C] () -- C:\WINDOWS\System32\UNZDLL.DLL

[1999.10.23 18:29:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\UNRAR.DLL

[1999.08.11 15:28:02 | 000,101,888 | ---- | C] () -- C:\WINDOWS\System32\LIBBZ2.DLL

[1999.05.21 21:10:00 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ZIPDLL.DLL

[1999.01.22 20:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

[1998.01.28 00:06:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\UNACE.DLL

 
 ========== LOP Check ==========

 

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2008.09.25 21:42:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Adobe

[2005.04.19 21:16:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Ahead

[2011.03.07 21:23:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Amazon

[2009.01.18 11:29:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\AVGTOOLBAR

[2011.07.31 20:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\CameraWindowDC

[2010.12.05 18:44:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Canon

[2009.08.27 21:50:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\CANON INC

[2005.04.20 17:56:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\CyberLink

[2005.02.12 21:20:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\EPSON

[2005.08.20 15:25:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\FRITZ!

[2004.09.25 10:40:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Help

[2010.06.12 20:48:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\ICQ

[2008.06.07 09:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\ICQ Toolbar

[2004.07.14 18:03:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Identities

[2004.09.22 10:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Macromedia

[2011.08.13 14:10:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Malwarebytes

[2011.08.02 22:07:34 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Microsoft

[2004.08.10 11:40:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Microsoft Web Folders

[2008.08.28 23:56:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Mozilla

[2011.05.21 18:15:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\MSN6

[2009.12.20 17:44:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\phonostar GmbH

[2009.12.20 17:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\phonostar-Player

[2011.08.16 21:00:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\PriceGong

[2006.03.16 21:41:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\PTC

[2010.04.04 12:40:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Real

[2011.05.26 11:13:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Strokes 4.0

[2004.09.22 11:11:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Sun

[2011.04.03 23:48:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Thunderbird

[2010.01.31 19:05:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\U3

[2010.06.01 00:30:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\WinRAR

[2011.07.31 20:40:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\ZoomBrowser EX

 
 < %APPDATA%\*.exe /s >

[2011.05.26 11:11:36 | 000,022,486 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Microsoft\Installer\{F31EC6DC-B5C0-4B21-B6D1-10543F304BCE}\_18be6784.exe

[2011.05.26 11:11:36 | 000,022,486 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Microsoft\Installer\{F31EC6DC-B5C0-4B21-B6D1-10543F304BCE}\_294823.exe

[2010.05.30 16:48:37 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Real\Update\setup3.10\setup.exe

[2010.09.21 18:49:51 | 000,456,200 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Real\Update\setup3.12\setup.exe

[2011.01.25 12:07:22 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\Real\Update\setup3.13\setup.exe

[2007.10.23 10:27:20 | 000,110,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\U3\temp\cleanup.exe

[2008.05.02 11:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Dokumente und Einstellungen\Herr Baumann\Anwendungsdaten\U3\temp\Launchpad Removal.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2007.06.23 14:03:24 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

[2009.03.06 15:34:40 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

[2007.06.23 14:03:24 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys

[2009.03.06 15:34:40 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

 
 < MD5 for: ATAPI.SYS  >

[2004.02.11 17:23:52 | 012,112,981 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys

[2007.06.23 14:03:24 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys

[2009.03.06 15:34:40 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys

[2004.02.11 17:23:52 | 012,112,981 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys

[2007.06.23 14:03:24 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys

[2009.03.06 15:34:40 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys

[2002.08.29 10:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

[2002.08.29 09:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

 
 < MD5 for: EVENTLOG.DLL  >

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

[2004.08.04 09:57:18 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

 
 < MD5 for: NETLOGON.DLL  >

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008.04.14 04:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

[2004.08.04 09:57:30 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

 
 < MD5 for: SCECLI.DLL  >

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008.04.14 04:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

[2004.08.04 09:57:33 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$hf_mig$\KB890859\SP2GDR\user32.dll

[2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll

[2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll

[2004.08.04 09:57:36 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll

[2007.03.08 17:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll

[2003.09.25 18:52:01 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=8D928268AFBF31F8A34CE610DA175352 -- C:\WINDOWS\$NtUninstallKB890859_0$\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll

[2008.04.14 04:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

[2002.11.22 21:28:16 | 000,530,432 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtUninstallKB824141$\user32.dll

[2002.08.29 12:43:32 | 000,561,664 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\$NtUninstallKB826939$\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008.04.14 04:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

[2004.08.04 09:58:16 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2004.08.04 09:58:19 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008.04.14 04:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys

[2001.08.18 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2004.02.11 17:14:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav

[2004.02.11 17:14:53 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav

[2004.02.11 17:14:53 | 000,405,504 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >
 

< End of report >

--- --- ---

Nochmals vielen Dank vorab!