hey, also hier nun das ergebins des scans:
OTL.TxtOTL Logfile: Code:
OTL logfile created on: 17.07.2012 21:38:44 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Regina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free
3,85 Gb Paging File | 2,83 Gb Available in Paging File | 73,50% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 414,62 Gb Free Space | 89,02% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Regina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.17 14:29:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\**\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.16 15:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.04.22 13:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.04.22 13:50:36 | 000,126,504 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2012.04.22 13:50:28 | 000,142,376 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclMSBTSrv.exe
PRC - [2012.01.18 14:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2011.02.24 14:44:00 | 000,123,392 | ---- | M] (RealTek Inc.) -- C:\WINDOWS\ControllLite.exe
PRC - [2010.12.18 18:56:48 | 000,095,272 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\softLCP.exe
PRC - [2010.12.18 18:56:34 | 000,291,384 | ---- | M] (EnTech Taiwan) -- C:\Programme\softOSD\softOSD.exe
PRC - [2010.11.23 14:23:40 | 000,126,976 | -H-- | M] (Controller Inc.) -- C:\WINDOWS\Controll.exe
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.05.26 14:21:52 | 000,651,264 | ---- | M] (Nokia) -- C:\Programme\Nokia\PC Internet Access\NPCIA.exe
PRC - [2008.05.29 22:30:18 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.bin
PRC - [2008.05.29 22:28:18 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.exe
PRC - [2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.23 14:33:22 | 000,406,832 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\apvxdwin.exe
PRC - [2007.11.14 13:31:18 | 000,083,248 | ---- | M] (Panda Security International) -- C:\Programme\Panda Security\Panda Internet Security 2008\WebProxy.exe
PRC - [2007.10.24 16:25:50 | 000,406,832 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\TPSrv.exe
PRC - [2007.09.28 13:29:00 | 000,148,272 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
PRC - [2007.09.28 13:28:58 | 000,096,560 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
PRC - [2007.07.26 06:47:30 | 000,111,920 | ---- | M] (Panda Software International, S.L.) -- C:\Programme\Panda Security\Panda Internet Security 2008\PavBckPT.exe
PRC - [2007.07.12 10:47:30 | 000,169,264 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
PRC - [2007.07.12 10:47:26 | 000,173,360 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
PRC - [2007.06.27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe
PRC - [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.06.20 11:32:28 | 000,091,440 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\SrvLoad.exe
PRC - [2007.06.14 17:38:02 | 000,063,024 | ---- | M] (Panda Software) -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\PavPrSrv.exe
PRC - [2007.05.24 09:31:26 | 000,108,592 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\PsImSvc.exe
PRC - [2007.04.04 10:45:08 | 000,226,864 | ---- | M] (Panda Software International) -- c:\Programme\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
PRC - [2007.01.15 13:42:16 | 000,067,120 | ---- | M] (Panda Software International) -- C:\Programme\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
PRC - [2006.07.12 11:26:58 | 000,237,568 | ---- | M] () -- C:\WINDOWS\system32\CmUCREye.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.16 15:45:56 | 000,276,392 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.05.16 15:45:40 | 002,652,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.05.16 15:45:40 | 000,363,944 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.05.16 15:45:38 | 011,166,120 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.05.16 15:45:36 | 001,346,472 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.05.16 15:45:36 | 000,205,736 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.05.16 15:45:34 | 001,013,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.05.16 15:45:34 | 000,720,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.05.16 15:45:32 | 008,506,280 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.05.16 15:45:32 | 000,520,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.05.16 15:45:30 | 002,480,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.05.16 15:45:30 | 002,353,576 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.05.16 15:45:28 | 000,445,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.05.16 15:45:22 | 000,206,760 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.05.16 15:45:22 | 000,035,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.05.16 15:45:20 | 000,032,680 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.05.16 15:44:54 | 000,437,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll
MOD - [2012.05.16 15:44:16 | 000,604,072 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.05.16 13:46:28 | 000,391,056 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.05.16 13:46:28 | 000,059,280 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.05.16 13:45:30 | 000,110,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2009.04.16 17:31:16 | 004,210,688 | ---- | M] () -- C:\Programme\Nokia\PC Internet Access\GraphicsResources.ngr
MOD - [2009.02.27 17:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2008.11.12 11:17:54 | 000,013,312 | ---- | M] () -- C:\Programme\Nokia\PC Internet Access\TextResources_ger.nlr
MOD - [2008.09.17 09:55:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.12.19 15:04:24 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\libxml2.dll
MOD - [2006.07.12 11:26:58 | 000,237,568 | ---- | M] () -- C:\WINDOWS\system32\CmUCREye.exe
MOD - [2004.05.19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Programme\Panda Security\Panda Internet Security 2008\LIBXML2.DLL
========== Win32 Services (SafeList) ==========
SRV - [2012.07.13 19:36:55 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.21 15:13:16 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.22 13:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.12.18 18:56:34 | 000,291,384 | ---- | M] (EnTech Taiwan) [Auto | Running] -- C:\Programme\softOSD\softOSD.exe -- (softOSD)
SRV - [2010.03.29 08:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [Disabled | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.10.24 16:25:50 | 000,406,832 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Security\Panda Internet Security 2008\TPSrv.exe -- (TPSrv)
SRV - [2007.09.28 13:29:00 | 000,148,272 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE -- (PAVSRV)
SRV - [2007.07.12 10:47:30 | 000,169,264 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Security\Panda Internet Security 2008\PsCtrlS.exe -- (Panda Software Controller)
SRV - [2007.07.12 10:47:26 | 000,173,360 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE -- (PAVFNSVR)
SRV - [2007.06.27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007.06.14 17:38:02 | 000,063,024 | ---- | M] (Panda Software) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Panda Software\PavShld\PavPrSrv.exe -- (PavPrSrv)
SRV - [2007.05.24 09:31:26 | 000,108,592 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Security\Panda Internet Security 2008\PsImSvc.exe -- (PSIMSVC)
SRV - [2007.04.04 10:45:08 | 000,226,864 | ---- | M] (Panda Software International) [Auto | Running] -- c:\Programme\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe -- (PSHost)
SRV - [2007.01.15 13:42:16 | 000,067,120 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Programme\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\PLCMPR5.SYS -- (PLCMPR5)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOKUME~1\Regina\LOKALE~1\Temp\pgtdapob.sys -- (pgtdapob)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PavTPK.sys -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\PavSRK.sys -- (PavSRK.sys)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\OlyCamComm.sys -- (OlyCamComm)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\DRIVERS\intelide.sys -- (IntelIde)
DRV - File not found [Kernel | Disabled | Stopped] -- D:\FXDrv32.sys -- (FXDrv32)
DRV - File not found [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\av5flt.sys -- (AvFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2012.07.17 14:40:56 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2012.07.17 14:24:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.04.22 13:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2011.05.24 18:21:44 | 006,554,624 | ---- | M] (ATI Technologies Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2011.03.03 17:59:22 | 000,119,272 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2009.10.07 16:28:50 | 000,017,544 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RkPavproc1.sys -- (RkPavproc1)
DRV - [2009.08.14 12:13:10 | 000,007,164 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CMFileDisk.sys -- (CMFileDisk)
DRV - [2009.06.17 18:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.06.17 18:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.03.31 10:39:36 | 000,036,608 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.27 08:33:42 | 000,130,816 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.03.25 14:29:52 | 000,130,432 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2009.01.15 17:36:24 | 000,114,496 | ---- | M] (Protection Technology Co.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\prodrv04.sys -- (prodrv04)
DRV - [2008.06.02 18:10:18 | 004,752,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.11.19 13:01:50 | 000,143,160 | ---- | M] (Panda Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\netimflt.sys -- (NETIMFLT01050097)
DRV - [2007.11.14 17:48:22 | 000,021,816 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2007.11.02 14:22:36 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdm.sys -- (s217mdm)
DRV - [2007.11.02 14:22:36 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217bus.sys -- (s217bus) Sony Ericsson Device 217 driver (WDM)
DRV - [2007.11.02 14:22:36 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2007.10.25 08:50:32 | 000,132,664 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2007.10.12 10:40:12 | 000,009,096 | R--- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\amdide.sys -- (amdide)
DRV - [2007.09.28 14:24:18 | 000,083,896 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2007.09.28 13:05:40 | 000,071,608 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2007.07.12 14:49:38 | 000,178,872 | ---- | M] (Panda Software International) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2007.07.11 10:39:48 | 000,191,672 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2007.06.08 07:44:06 | 000,024,760 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2007.05.23 16:40:30 | 000,038,968 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2007.05.11 08:33:34 | 000,030,648 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2007.05.11 08:33:32 | 000,037,304 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2007.05.11 08:33:06 | 000,051,256 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2007.05.03 18:19:32 | 000,012,112 | ---- | M] (EnTech Taiwan) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\se32.sys -- (se32)
DRV - [2007.01.05 18:21:06 | 000,093,056 | ---- | M] (C-Media Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2006.10.09 16:03:56 | 000,017,152 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX)
DRV - [2004.05.17 12:21:54 | 000,017,280 | ---- | M] (Intellon, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\plcndis5.sys -- (PLCNDIS5)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_de
IE - HKCU\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q={searchTerms}&crm=1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Programme\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.05.01 19:11:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.21 15:13:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.06.21 15:09:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012.06.21 15:21:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins
[2011.03.18 22:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Mozilla\Extensions
[2012.06.27 14:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Mozilla\Firefox\Profiles\3mtsnw1f.default\extensions
[2012.06.21 15:09:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.21 15:09:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.21 15:13:16 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012.06.21 15:13:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.21 15:13:13 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.06.21 15:13:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.21 15:13:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.21 15:13:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.21 15:13:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://de.msn.com/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\10.0.648.205\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\10.0.648.205\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\10.0.648.205\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Programme\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Programme\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Programme\Panda Security\ActiveScan 2.0\npwrapper.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Emma Bridgewater = C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ennchkafgbngcmjcbbicbobbdomhmklc\2_0\
CHR - Extension: IE Tab Classic = C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\miedgcmlgpmdagojnnbemlkgidepfjfi\0.9.8_0\
O1 HOSTS File: ([2010.12.06 14:49:40 | 000,426,767 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 14696 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe File not found
O4 - HKLM..\Run: [APVXDWIN] C:\Programme\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [CMExplorer] C:\WINDOWS\CMExplorer.exe ()
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SCANINICIO] C:\Programme\Panda Security\Panda Internet Security 2008\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [NokiaPCInternetAccess] C:\Programme\Nokia\PC Internet Access\NPCIA.exe (Nokia)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKCU..\Run: [WindowsController] C:\WINDOWS\Controll.exe (Controller Inc.)
O4 - HKCU..\Run: [WindowsControllerLite] C:\WINDOWS\ControllLite.exe (RealTek Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Regina\Startmenü\Programme\Autostart\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 4 = TASKMAN.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 1 = MSCONFIG.EXE
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = REGEDT32.EXE (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Programme\Panda Security\Panda Internet Security 2008\pavlsp.dll (Panda Software International)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1341420381015 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C2B4BEB3-D543-4870-B350-E143CC1DCF1A}: NameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E28BC8C5-6013-4A45-B38E-3E87DC78306C}: NameServer = 192.168.2.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (Panda Software International)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logitech\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.03 10:40:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d6a65b6-4a75-11e1-a798-00226809e442}\Shell - "" = AutoRun
O33 - MountPoints2\{0d6a65b6-4a75-11e1-a798-00226809e442}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0d6a65b6-4a75-11e1-a798-00226809e442}\Shell\AutoRun\command - "" = F:\NokiaPCIA_Autorun.exe
O33 - MountPoints2\{125cff7d-b0e8-11dd-9ae7-001d928269a1}\Shell - "" = AutoRun
O33 - MountPoints2\{125cff7d-b0e8-11dd-9ae7-001d928269a1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{125cff7d-b0e8-11dd-9ae7-001d928269a1}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{4d5e1729-79a3-11dd-9d34-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{4d5e1729-79a3-11dd-9d34-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4d5e1729-79a3-11dd-9d34-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O33 - MountPoints2\{ebbea0c4-3781-11e0-a4ed-00226809e442}\Shell\AutoRun\command - "" = F:\AUTORUN.BAT
O33 - MountPoints2\{ebbea0c4-3781-11e0-a4ed-00226809e442}\Shell\OPEN\COMMAND - "" = F:\AUTORUN.BAT
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - StartUpReg: EPSON Stylus D78 Series - hkey= - key= - File not found
MsConfig - StartUpReg: Inkognito for Windows - hkey= - key= - File not found
MsConfig - StartUpReg: LGODDFU - hkey= - key= - C:\Programme\lg_fwupdate\fwupdate.exe (BitLeader)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.07.17 14:29:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Regina\Desktop\OTL.exe
[2012.07.17 14:18:10 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.16 17:52:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Regina\Eigene Dateien\rkill
[2012.07.16 09:54:43 | 043,975,616 | ---- | C] (Safer-Networking Ltd. ) -- C:\Dokumente und Einstellungen\Regina\Desktop\spybotsd-2.0.8-beta6.exe
[2012.07.16 09:51:31 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Regina\Recent
[2012.07.13 19:15:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Malwarebytes
[2012.07.13 19:15:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.07.13 19:15:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.07.13 19:15:04 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.07.13 19:15:04 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.07.12 18:23:26 | 000,000,000 | ---D | C] -- C:\Programme\ASUS
[2012.07.12 18:23:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.07.12 18:03:11 | 000,000,000 | ---D | C] -- C:\Programme\My Company Name
[2012.07.07 11:06:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Regina\Desktop\Documents
[2012.07.04 18:59:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nokia
[2012.07.04 18:56:46 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2012.07.04 17:04:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\ATI
[2012.07.04 17:04:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\ATI
[2012.07.04 16:55:56 | 000,128,000 | R--- | C] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdAud.sys
[2012.07.04 16:42:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2012.07.04 16:41:42 | 000,000,000 | ---D | C] -- C:\82797a0638b663022b5607
[2012.07.04 16:40:29 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2012.06.29 15:35:32 | 000,000,000 | ---D | C] -- C:\Programme\BusinessCLASS
[2012.06.29 15:35:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MS-Business-Class
[2012.06.29 15:35:22 | 000,000,000 | ---D | C] -- C:\Programme\MS-Business-Class
[2012.06.29 15:26:46 | 000,000,000 | ---D | C] -- C:\SP
[2012.06.29 15:26:36 | 000,000,000 | ---D | C] -- C:\Programme\Snapshot Viewer
[2012.06.21 15:15:48 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2012.06.21 15:10:13 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.07.17 21:49:13 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2012.07.17 21:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.07.17 21:30:53 | 000,000,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt.bck
[2012.07.17 21:30:53 | 000,000,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt
[2012.07.17 21:30:53 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2012.07.17 21:30:53 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2012.07.17 14:41:01 | 000,393,852 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2012.07.17 14:41:01 | 000,393,852 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2012.07.17 14:41:01 | 000,249,116 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2012.07.17 14:41:01 | 000,249,116 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2012.07.17 14:41:01 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2012.07.17 14:41:01 | 000,001,264 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2012.07.17 14:41:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2012.07.17 14:41:01 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2012.07.17 14:41:01 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2012.07.17 14:41:01 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2012.07.17 14:41:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2012.07.17 14:41:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2012.07.17 14:41:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck
[2012.07.17 14:41:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg
[2012.07.17 14:41:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2012.07.17 14:41:01 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2012.07.17 14:40:56 | 000,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2012.07.17 14:40:04 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.07.17 14:39:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.07.17 14:39:18 | 2146,619,392 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.17 14:39:17 | 2145,386,496 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2012.07.17 14:31:46 | 000,302,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Regina\Desktop\q0gyfhcr.exe
[2012.07.17 14:29:39 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Regina\Desktop\OTL.exe
[2012.07.17 14:28:23 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Regina\defogger_reenable
[2012.07.17 14:27:34 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\Regina\Desktop\Defogger.exe
[2012.07.17 14:24:46 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.07.16 17:52:09 | 000,997,164 | ---- | M] () -- C:\Dokumente und Einstellungen\Regina\Eigene Dateien\rkill.zip
[2012.07.16 15:02:17 | 000,430,984 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.07.16 14:42:35 | 001,012,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Regina\Eigene Dateien\rkill.com
[2012.07.16 14:42:35 | 001,012,656 | ---- | M] () -- C:\Dokumente und Einstellungen\Regina\Desktop\rkill.com
[2012.07.16 13:35:24 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.07.16 13:20:57 | 000,008,224 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012.07.16 09:56:34 | 043,975,616 | ---- | M] (Safer-Networking Ltd. ) -- C:\Dokumente und Einstellungen\Regina\Desktop\spybotsd-2.0.8-beta6.exe
[2012.07.13 19:15:06 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\mabw.exe.lnk
[2012.07.13 18:40:29 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1010UA.job
[2012.07.13 18:40:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1010Core.job
[2012.07.13 18:40:23 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.13 18:40:22 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.13 18:40:21 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012.07.13 17:57:22 | 000,000,530 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2012.07.13 17:57:17 | 000,001,212 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1006UA.job
[2012.07.13 17:57:17 | 000,001,160 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1006Core.job
[2012.07.13 17:57:16 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1010UA.job
[2012.07.13 17:57:15 | 000,000,996 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1010Core.job
[2012.07.13 17:48:54 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2012.07.13 17:06:36 | 000,000,386 | ---- | M] () -- C:\WINDOWS\lgfwup.ini
[2012.07.12 18:26:28 | 000,000,488 | RHS- | M] () -- C:\Dokumente und Einstellungen\Regina\ntuser.pol
[2012.07.12 18:25:03 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.07.12 18:23:17 | 000,257,280 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.07.12 18:23:17 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.07.12 18:15:53 | 000,257,280 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.07.12 18:01:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2012.07.07 11:20:49 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.07.04 18:59:46 | 000,001,723 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.06.29 15:25:15 | 000,001,585 | ---- | M] () -- C:\WINDOWS\ODEUNST.000
[2012.06.21 15:18:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012.06.21 15:03:20 | 000,012,540 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak
[2012.06.21 14:57:31 | 000,195,690 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.18 09:53:22 | 000,450,734 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.06.18 09:53:22 | 000,434,218 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.18 09:53:22 | 000,081,226 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.06.18 09:53:22 | 000,068,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[38 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.07.17 14:31:48 | 000,302,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\Desktop\q0gyfhcr.exe
[2012.07.17 14:28:23 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\defogger_reenable
[2012.07.17 14:27:39 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\Desktop\Defogger.exe
[2012.07.16 17:52:09 | 000,997,164 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\Eigene Dateien\rkill.zip
[2012.07.16 17:51:41 | 001,012,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\Eigene Dateien\rkill.com
[2012.07.16 14:42:08 | 001,012,656 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\Desktop\rkill.com
[2012.07.16 13:28:44 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012.07.13 19:15:06 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\mabw.exe.lnk
[2012.07.12 18:27:47 | 2146,619,392 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.12 18:26:28 | 000,000,488 | RHS- | C] () -- C:\Dokumente und Einstellungen\Regina\ntuser.pol
[2012.07.12 18:23:08 | 000,003,630 | R--- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2012.07.12 18:01:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2012.07.12 18:01:23 | 000,166,672 | R--- | C] () -- C:\WINDOWS\System32\atiapfxx.blb
[2012.07.12 18:01:15 | 000,808,736 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.07.04 18:59:46 | 000,001,723 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Nokia Suite.lnk
[2012.07.04 16:42:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2012.07.04 16:42:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2012.07.04 16:42:39 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2012.07.04 16:42:39 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2012.07.04 16:42:39 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2012.07.04 16:42:39 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2012.07.04 16:41:01 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2012.07.04 16:40:59 | 000,032,635 | R--- | C] () -- C:\WINDOWS\atiogl.xml
[2012.07.04 16:40:56 | 000,007,069 | R--- | C] () -- C:\WINDOWS\System32\atifglpf.xml
[2012.07.04 16:40:53 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2012.07.04 16:40:52 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012.07.04 16:40:51 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2012.07.04 16:40:50 | 000,233,765 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2012.07.04 16:40:49 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativdkxx.vp
[2012.07.04 16:40:48 | 001,311,202 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.cpa
[2012.07.04 16:40:48 | 000,043,136 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativvpxx.vp
[2012.07.04 16:40:48 | 000,002,096 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativckxx.vp
[2012.07.04 16:40:48 | 000,000,929 | R--- | C] () -- C:\WINDOWS\System32\drivers\ativcaxx.vp
[2012.06.29 15:24:59 | 000,001,585 | ---- | C] () -- C:\WINDOWS\ODEUNST.000
[2012.06.21 15:18:10 | 000,257,280 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012.06.21 15:18:10 | 000,257,280 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012.06.21 15:18:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012.06.21 15:18:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nvdrswr.lk
[2012.06.21 15:17:28 | 002,294,198 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2012.03.27 19:03:25 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\$_hpcst$.hpc
[2012.02.16 09:51:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.11.15 10:13:28 | 000,000,583 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011.07.19 09:20:54 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2011.07.19 09:20:54 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2011.07.19 09:20:54 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Lffpx90n.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011.05.03 17:42:07 | 000,000,812 | ---- | C] () -- C:\WINDOWS\System32\okiscnda.ini
[2011.05.03 17:24:05 | 000,031,864 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2011.03.26 19:37:39 | 000,081,564 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.03.18 23:01:55 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2011.03.18 22:18:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.10.27 18:06:46 | 000,016,386 | ---- | C] () -- C:\WINDOWS\System32\sipdl202.dll
[2010.03.19 20:42:44 | 000,008,627 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\PAV_FOG.OPC
[2009.03.25 19:03:54 | 000,035,840 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.02.25 11:54:11 | 000,009,454 | ---- | C] () -- C:\Dokumente und Einstellungen\Regina\default.pls
[2008.10.20 13:43:12 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_CDS.exe
========== LOP Check ==========
[2009.10.24 14:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avery
[2010.06.30 17:13:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Backup
[2010.03.02 18:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BIFAB
[2010.11.19 18:16:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012.05.01 19:07:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2009.01.14 19:56:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Joblab&Diversity
[2010.11.17 09:21:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Netzmanager
[2012.02.12 17:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012.03.16 15:39:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011.05.03 17:31:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Okidata
[2010.03.12 18:33:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OLYMPUS
[2010.02.02 18:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011.10.28 12:05:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PF-CD
[2011.05.03 17:24:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2008.10.20 13:41:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sentinel
[2011.10.02 09:08:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\System
[2010.11.15 19:18:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online
[2010.06.25 15:42:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2008.10.29 15:47:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL
[2011.05.03 17:29:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zeon
[2010.11.17 09:21:21 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{290883D4-FF33-4C80-B8FB-E5D5A89C103B}
[2010.06.01 11:24:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.11.09 20:15:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2012.02.06 20:36:26 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{BC3827BC-FEE6-47F6-A08C-EAFB1CE3AA56}
[2010.11.19 10:03:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\.#
[2012.04.06 15:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Amazon
[2011.02.18 21:30:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Canon
[2009.10.10 18:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\EPSON
[2012.06.01 09:36:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Freemium
[2011.08.02 10:17:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Jens Lorek
[2009.01.14 19:54:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Joblab&Diversity
[2012.05.01 19:11:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Nokia
[2011.05.30 20:33:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\OkiData
[2009.10.18 17:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\OpenCandy
[2012.01.29 15:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\PC Suite
[2011.01.18 17:37:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Reviversoft
[2011.05.03 20:28:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\ScanSoft
[2010.10.27 18:06:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Sigel
[2010.11.16 16:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\T-Online
[2012.02.24 11:41:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Thunderbird
[2009.09.13 17:01:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\TubeBox
[2011.05.03 20:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Regina\Anwendungsdaten\Zeon
[2012.07.13 17:57:15 | 000,000,996 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1010Core.job
[2012.07.13 17:57:16 | 000,001,018 | ---- | M] () -- C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-2979428493-3470612895-2999443920-1010UA.job
[2012.07.13 17:57:22 | 000,000,530 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2012.07.13 19:14:47 | 000,000,000 | ---D | M] -- C:\!PC-Installations-Software
[2012.04.11 09:38:29 | 000,000,000 | ---D | M] -- C:\3ccdfa260a976dfb54486dbbca
[2011.03.18 22:41:21 | 000,000,000 | ---D | M] -- C:\6758453cbcb04092d311ce9a7d56828e
[2012.07.04 16:41:42 | 000,000,000 | ---D | M] -- C:\82797a0638b663022b5607
[2011.03.18 22:40:37 | 000,000,000 | ---D | M] -- C:\a03b083d4269c41d50
[2008.10.29 15:51:05 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2012.07.16 09:43:54 | 000,000,000 | ---D | M] -- C:\Config.Msi
[2011.02.05 17:23:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009.10.03 15:17:04 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft
[2010.05.31 16:20:08 | 000,000,000 | ---D | M] -- C:\fd8b0e2c529013db07636bc157b0
[2008.11.01 11:40:46 | 000,000,000 | ---D | M] -- C:\Games
[2012.01.03 12:40:28 | 000,000,000 | ---D | M] -- C:\HERMA
[2011.11.27 12:38:31 | 000,000,000 | ---D | M] -- C:\I386
[2011.11.27 12:38:31 | 000,000,000 | ---D | M] -- C:\IIYAMA-Treiber
[2011.03.18 22:56:44 | 000,000,000 | ---D | M] -- C:\Kiddinx
[2008.10.20 13:18:04 | 000,000,000 | ---D | M] -- C:\OpenOffice.org 2.4 (de) Installation Files
[2012.07.16 14:25:34 | 000,000,000 | R--D | M] -- C:\Programme
[2009.05.11 13:39:25 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012.04.17 15:11:00 | 000,000,000 | ---D | M] -- C:\scans
[2012.06.29 15:26:46 | 000,000,000 | ---D | M] -- C:\SP
[2010.05.31 13:14:02 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.19 23:42:32 | 000,000,000 | ---D | M] -- C:\Temp
[2011.05.03 17:39:59 | 000,000,000 | ---D | M] -- C:\TWAIN
[2012.07.17 21:49:30 | 000,000,000 | ---D | M] -- C:\WINDOWS
< %PROGRAMFILES%\*.exe >
[2004.10.01 15:00:16 | 000,040,960 | ---- | M] () -- C:\Programme\Uninstall_CDS.exe
Invalid Environment Variable: LOCALAPPDATA
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 14:00:00 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: AHCIX86.SYS >
[2006.09.21 08:30:48 | 000,120,320 | ---- | M] (ATI Technologies Inc.) MD5=6763E07BDC8AFFBA5F3A5E6F71D93D1B -- C:\WINDOWS\OEMDRV\ahcix86.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX0\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX1\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX10\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX11\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX12\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX14\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX17\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX2\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX3\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX4\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX5\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX6\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX7\procs\explorer.exe
[2011.01.16 15:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX8\procs\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\system32\dllcache\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX0\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX1\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX10\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX11\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX12\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX14\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX17\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX2\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX3\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX4\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX5\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX6\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX7\h\explorer.exe
[2005.08.16 01:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX8\h\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\dllcache\user32.dll
[2008.04.14 14:00:00 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX0\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX1\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX10\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX11\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX14\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX17\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX3\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX4\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX5\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX6\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX7\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX8\userinit.exe
< MD5 for: WINLOGON.EXE >
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX0\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX1\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX10\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX11\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX14\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX17\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX2\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX3\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX4\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX5\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX6\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX7\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Dokumente und Einstellungen\**\Lokale Einstellungen\Temp\RarSFX8\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2008.04.14 14:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.05.31 14:47:48 | 003,649,536 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.05.31 12:35:33 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2010.05.31 14:47:48 | 033,554,432 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.05.31 14:47:48 | 006,553,600 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[38 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %USERPROFILE%\*.* >
[2011.08.05 09:10:40 | 000,009,454 | ---- | M] () -- C:\Dokumente und Einstellungen\**\default.pls
[2012.07.17 14:28:23 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\**\defogger_reenable
[2012.07.16 20:05:34 | 013,107,200 | ---- | M] () -- C:\Dokumente und Einstellungen\**\ntuser.dat
[2012.07.17 21:44:18 | 000,001,024 | -H-- | M] () -- C:\Dokumente und Einstellungen\**\ntuser.dat.LOG
[2012.07.16 20:05:16 | 000,000,300 | -HS- | M] () -- C:\Dokumente und Einstellungen\**\ntuser.ini
[2012.07.12 18:26:28 | 000,000,488 | RHS- | M] () -- C:\Dokumente und Einstellungen\**\ntuser.pol
[2010.07.11 15:48:31 | 000,008,627 | ---- | M] () -- C:\Dokumente und Einstellungen\**\PAV_FOG.OPC
[2009.09.05 20:20:47 | 000,007,680 | -HS- | M] () -- C:\Dokumente und Einstellungen\**\Thumbs.db
< %USERPROFILE%\Local Settings\Temp\*.exe >
< %USERPROFILE%\Local Settings\Temp\*.dll >
< %USERPROFILE%\Application Data\*.exe >
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2012.06.13 15:55:13 | 001,866,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
========== Alternate Data Streams ==========
@Alternate Data Stream - 105 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A4C0DDD1
< End of report >
--- --- ---
Extras.Txt
OTL Extras logfile created on: 17.07.2012 21:38:44 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Dokumente und Einstellungen\Regina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 0,94 Gb Available Physical Memory | 47,02% Memory free
3,85 Gb Paging File | 2,83 Gb Available in Paging File | 73,50% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465,75 Gb Total Space | 414,62 Gb Free Space | 89,02% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Regina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
.wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Internet Security 2008\PAVSCRIP.EXE (Panda Software International)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* (Panda Software International)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2 ========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0 |
