| fake "Bundespolizei" und/oder JS/iFrame.HZ.3 auf Windows XP Hallo liebes Trojaner-Board Team,
Ich hatte gerade das System neu aufgesetzt und es schien alles OK als plötzlich wieder Probleme auftauchten. Nun, ich nehme an, dass dieser vermeintliche Aufruf der Bundespolizei 100€ zu zahlen bekannt ist. Es erscheint eine Internetseite, die alle relevanten Windows-Befehle blockiert (Windows-Button, Task-Manager, Strg+Esc, etc.. ). Ich nehme an, dass ich diesen... was auch immer das ist... noch auf dem Rechner habe. Aus dieser Maske bin ich herausgekommen, indem ich auf die Mailadresse geklickt habe, das führte mich nach Outlook und von dort aus lies sich der Explorer öffnen (einfach so tun als ob man eine Mail schreibt, dann "speichern unter" und dann Rechtsklick auf irgendeine Datei/Ordner und Explorer wählen, vielleicht ist diese Info auch für andere Betroffene interessant)
Hier sind jedenfalls die drei Logs:
OTL 1: Zitat:
OTL logfile created on: 15.12.2011 13:32:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 75,49% Memory free
3,35 Gb Paging File | 3,06 Gb Available in Paging File | 91,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,23 Gb Total Space | 115,78 Gb Free Space | 85,62% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 13,70 Gb Free Space | 14,03% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ==========
PRC - [2011.12.15 13:17:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2011.12.09 12:40:20 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.12.09 12:39:54 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2005.09.24 09:05:38 | 000,032,256 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
PRC - [2005.09.24 07:30:38 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2005.09.22 09:42:24 | 000,090,112 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2005.05.11 03:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe ========== Modules (No Company Name) ==========
MOD - [2011.12.09 12:40:07 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2007.12.04 18:41:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll
MOD - [2005.10.19 11:56:28 | 000,125,952 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2005.09.24 10:10:56 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU ========== Win32 Services (SafeList) ==========
SRV - [2011.12.12 12:46:42 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2011.12.09 12:40:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.12.09 12:39:54 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.16 10:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2006.06.01 20:06:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.03.03 21:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005.08.24 02:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Programme\TuneUpUtilities2006\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2005.05.11 03:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) ========== Driver Services (SafeList) ==========
DRV - [2011.12.13 11:02:38 | 000,428,088 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.04.14 00:15:30 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006.05.01 20:28:31 | 000,019,200 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2005.12.21 10:16:34 | 000,470,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2005.09.22 09:34:18 | 003,727,680 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005.07.29 10:11:04 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005.07.29 10:11:02 | 000,034,048 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005.04.12 09:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2005.03.09 15:53:00 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.05.05 22:17:28 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.12 14:06:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2011.12.12 14:06:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2011.12.12 17:30:17 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1u5br845.default\extensions
[2011.12.12 17:30:17 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\1u5br845.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.12 14:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.21 05:21:43 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.06.01 20:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Programme\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 0
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1269CA60-EBA0-EA40-6ECA-549419A9943D} - Internet Explorer
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {220D0464-0617-F88B-43B1-83ADC8CAB868} - Browseranpassungen
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ==========
[2011.12.15 13:28:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.12.15 13:17:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.15 13:16:54 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.12.15 00:13:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.12.15 00:11:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Identities
[2011.12.13 17:05:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag
[2011.12.13 17:05:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\O&O
[2011.12.12 23:45:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\SKIDROW
[2011.12.12 23:42:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011.12.12 23:19:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro
[2011.12.12 23:19:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools
[2011.12.12 23:11:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.12.12 23:11:24 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2011.12.12 22:56:28 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Hewlett-Packard
[2011.12.12 22:53:41 | 000,000,000 | ---D | C] -- C:\Programme\HP
[2011.12.12 22:53:31 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.12.12 22:53:10 | 000,098,304 | ---- | C] (Hewlett Packard Company) -- C:\WINDOWS\System32\hpzjsn01.dll
[2011.12.12 22:46:25 | 000,428,088 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2011.12.12 22:46:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2011.12.12 22:09:15 | 000,000,000 | ---D | C] -- C:\Film
[2011.12.12 21:26:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\AdobeUM
[2011.12.12 20:50:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Steam
[2011.12.12 20:50:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Steam
[2011.12.12 20:49:56 | 000,000,000 | ---D | C] -- C:\Programme\Steam
[2011.12.12 20:09:17 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.12.12 17:16:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Skype
[2011.12.12 17:16:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011.12.12 17:16:25 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2011.12.12 17:16:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype
[2011.12.12 16:55:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Teeworlds
[2011.12.12 15:59:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\foobar2000
[2011.12.12 15:59:46 | 000,000,000 | ---D | C] -- C:\Programme\foobar2000
[2011.12.12 15:13:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Macromedia
[2011.12.12 14:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2011.12.12 14:36:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Avira
[2011.12.12 14:33:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2011.12.12 14:33:24 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.12.12 14:33:23 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.12 14:33:23 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.12 14:33:23 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.12 14:33:22 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2011.12.12 14:33:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
[2011.12.12 14:25:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de-de
[2011.12.12 14:25:06 | 000,000,000 | ---D | C] -- C:\Programme\msn
[2011.12.12 14:25:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011.12.12 14:25:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\de
[2011.12.12 14:25:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011.12.12 14:23:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011.12.12 14:22:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2011.12.12 14:20:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011.12.12 14:08:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
[2011.12.12 14:06:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Mozilla
[2011.12.12 14:06:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla
[2011.12.12 14:06:44 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.12.12 13:18:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2011.12.12 13:12:24 | 000,470,048 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\drivers\ar5211.sys
[2011.12.12 13:12:24 | 000,470,048 | ---- | C] (Atheros Communications, Inc.) -- C:\WINDOWS\System32\ar5211.sys
[2011.12.12 12:56:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Cool Edit Pro 2.1
[2011.12.12 12:53:49 | 000,000,000 | ---D | C] -- C:\Temp
[2011.12.12 12:53:41 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Application Data
[2011.12.12 12:52:16 | 000,000,000 | ---D | C] -- C:\Programme\coolpro2
[2011.12.12 12:49:05 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2011.12.12 12:49:05 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2011.12.12 12:49:05 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2011.12.12 12:49:05 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Temp
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Provisioning
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\PeerNet
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\pchealth
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ehome
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2011.12.12 12:49:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2011.12.12 12:47:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Ahead
[2011.12.12 12:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinRAR
[2011.12.12 12:47:10 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.12.12 12:45:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Norton PartitionMagic 8.0
[2011.12.12 12:45:53 | 000,000,000 | ---D | C] -- C:\Programme\Symantec
[2011.12.12 12:45:40 | 000,000,000 | ---D | C] -- C:\Programme\OO Software
[2011.12.12 12:45:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\O&O Software
[2011.12.12 12:45:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Office
[2011.12.12 12:44:51 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2011.12.12 12:43:47 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DESIGNER
[2011.12.12 12:42:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2011.12.12 12:42:39 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2011.12.12 12:42:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Nero 7 Premium
[2011.12.12 12:42:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ahead
[2011.12.12 12:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Nero
[2011.12.12 12:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Ahead
[2011.12.12 12:40:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DVD Shrink
[2011.12.12 12:40:42 | 000,000,000 | ---D | C] -- C:\Programme\DVD Shrink DE
[2011.12.12 12:40:36 | 000,000,000 | ---D | C] -- C:\Programme\Elaborate Bytes
[2011.12.12 12:40:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Elaborate Bytes
[2011.12.12 12:40:31 | 000,000,000 | ---D | C] -- C:\Programme\SlySoft
[2011.12.12 12:40:31 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SlySoft
[2011.12.12 12:40:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe Systems
[2011.12.12 12:40:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Adobe
[2011.12.12 12:40:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Adobe
[2011.12.12 12:40:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared
[2011.12.12 12:39:46 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Adobe
[2011.12.12 12:39:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Adobe
[2011.12.12 12:39:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Adobe PDF
[2011.12.12 12:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2011.12.12 12:31:23 | 000,000,000 | ---D | C] -- C:\Programme\AMD
[2011.12.12 12:30:38 | 000,000,000 | ---D | C] -- C:\Programme\Realtek Sound Manager
[2011.12.12 12:30:36 | 000,000,000 | ---D | C] -- C:\Programme\AvRack
[2011.12.12 12:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Realtek AC97
[2011.12.12 12:30:21 | 000,000,000 | -H-D | C] -- C:\Programme\InstallShield Installation Information
[2011.12.12 12:29:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2011.12.12 12:27:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2011.12.12 12:27:04 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\InstallShield
[2011.12.12 12:23:46 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011.12.12 12:20:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Identities
[2011.12.12 12:20:05 | 000,000,000 | -H-D | C] -- C:\Programme\Uninstall Information
[2011.12.12 12:20:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Musik
[2011.12.12 12:20:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien
[2011.12.12 12:20:04 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Eigene Bilder
[2011.12.12 12:19:03 | 000,000,000 | ---D | C] -- C:\Programme\TuneUpUtilities2006
[2011.12.12 12:19:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\TuneUp Utilities 2006
[2011.12.12 12:19:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2011.12.12 12:19:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.12.12 12:17:58 | 000,000,000 | ---D | C] -- C:\Programme\HighMAT CD Writing Wizard
[2011.12.12 12:17:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2011.12.12 12:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2011.12.12 12:17:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2011.12.12 12:16:10 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Microsoft
[2011.12.12 12:16:10 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator\Cookies
[2011.12.12 12:16:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\SendTo
[2011.12.12 12:16:10 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten
[2011.12.12 12:16:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Favoriten
[2011.12.12 12:16:10 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart
[2011.12.12 12:16:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Netzwerkumgebung
[2011.12.12 12:16:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen
[2011.12.12 12:16:10 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Druckumgebung
[2011.12.12 12:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.12.12 12:16:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop
[2011.12.12 12:16:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Zubehör
[2011.12.12 12:16:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü
[2011.12.12 12:16:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Vorlagen
[2011.12.12 12:16:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2011.12.12 12:16:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2011.12.12 12:16:03 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2011.12.12 12:16:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.12.12 12:16:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2011.12.12 12:15:59 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[2011.12.12 12:14:25 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011.12.12 12:14:25 | 000,081,408 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011.12.12 12:13:39 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011.12.12 12:13:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2011.12.12 12:13:15 | 000,000,000 | ---D | C] -- C:\Programme\xerox
[2011.12.12 12:13:15 | 000,000,000 | ---D | C] -- C:\Programme\msn gaming zone
[2011.12.12 12:13:15 | 000,000,000 | ---D | C] -- C:\Programme\microsoft frontpage
[2011.12.12 12:11:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2011.12.12 12:08:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2011.12.12 12:07:39 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\DRM
[2011.12.12 12:07:32 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2011.12.12 12:07:32 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2011.12.12 12:07:24 | 000,000,000 | -H-D | C] -- C:\Programme\WindowsUpdate
[2011.12.12 12:07:21 | 000,000,000 | ---D | C] -- C:\Programme\Online-Dienste
[2011.12.12 12:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2011.12.12 12:06:41 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Dienste
[2011.12.12 12:06:39 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2011.12.12 12:06:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\MSSoap
[2011.12.12 12:06:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2011.12.12 12:06:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2011.12.12 12:06:27 | 000,000,000 | ---D | C] -- C:\Programme\Movie Maker
[2011.12.12 12:06:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2011.12.12 12:06:17 | 000,000,000 | ---D | C] -- C:\Programme\NetMeeting
[2011.12.12 12:06:14 | 000,000,000 | ---D | C] -- C:\Programme\Outlook Express
[2011.12.12 12:06:08 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\System
[2011.12.12 12:06:07 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Musik
[2011.12.12 12:06:07 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\Eigene Bilder
[2011.12.12 12:06:07 | 000,000,000 | ---D | C] -- C:\Programme\Internet Explorer
[2011.12.12 12:05:46 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spiele
[2011.12.12 12:05:36 | 000,000,000 | ---D | C] -- C:\Programme\ComPlus Applications
[2011.12.12 12:05:31 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Verwaltung
[2011.12.12 12:05:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2011.12.12 12:05:25 | 000,000,000 | ---D | C] -- C:\Programme\Windows Media Player
[2011.12.12 12:04:59 | 000,000,000 | ---D | C] -- C:\Programme\Windows NT
[2011.12.12 12:04:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2011.12.12 12:04:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2011.12.12 12:04:28 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Zubehör
[2011.12.12 12:01:18 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2011.12.12 12:01:18 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\ODBC
[2011.12.12 12:01:15 | 000,000,000 | R--D | C] -- C:\Programme
[2011.12.12 12:01:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\SpeechEngines
[2011.12.12 12:01:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared
[2011.12.12 12:01:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien
[2011.12.12 12:00:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü
[2011.12.12 12:00:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente
[2011.12.12 12:00:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2011.12.12 12:00:55 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Vorlagen
[2011.12.12 12:00:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Favoriten
[2011.12.12 12:00:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011.12.12 12:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2011.12.12 12:00:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2011.12.12 12:00:32 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft
[2011.12.12 12:00:32 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten
[2011.12.12 12:00:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen
[2011.12.12 12:00:09 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ==========
[2011.12.15 13:29:41 | 000,002,319 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2011.12.15 13:29:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.12.15 13:29:21 | 000,005,529 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2011.12.15 13:28:32 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.12.15 13:20:30 | 000,191,384 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.15 13:17:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.12.15 13:15:15 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.12.13 14:56:13 | 000,316,924 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.12.13 14:56:13 | 000,311,740 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.12.13 14:56:13 | 000,048,354 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.12.13 14:56:13 | 000,040,128 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.12.12 23:39:09 | 000,015,872 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.12 22:56:50 | 000,110,399 | ---- | M] () -- C:\WINDOWS\hpoins11.dat
[2011.12.12 22:28:19 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.12 20:54:34 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.12.12 16:55:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\T.lnk
[2011.12.12 14:50:42 | 000,940,794 | ---- | M] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011.12.12 14:50:42 | 000,146,650 | ---- | M] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011.12.12 14:30:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.12.12 14:22:34 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2011.12.12 12:53:38 | 000,156,910 | ---- | M] () -- C:\WINDOWS\WMSysPr8.prx
[2011.12.12 12:45:32 | 000,000,400 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011.12.12 12:28:45 | 000,003,590 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.12.12 12:27:41 | 000,163,353 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.12.12 12:19:10 | 000,000,408 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.12.12 12:17:42 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.12.12 12:17:42 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.12.12 12:17:06 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.12.12 12:16:02 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2011.12.12 12:14:58 | 000,003,292 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011.12.12 12:08:27 | 000,002,951 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.12.12 12:08:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011.12.12 12:08:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011.12.12 12:08:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011.12.12 12:08:17 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011.12.12 12:08:08 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011.12.12 12:05:44 | 000,021,740 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.12.12 12:04:04 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.12.09 12:40:20 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.12.09 12:40:20 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.12.09 12:40:20 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011.12.06 19:48:02 | 001,554,240 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d.mp3 ========== Files Created - No Company Name ==========
[2011.12.15 13:28:24 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\defogger_reenable
[2011.12.14 18:23:46 | 016,044,721 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Das Schwarze Auge Basisregelwerk Hardcover-Ausgabe 2008.pdf
[2011.12.12 22:53:18 | 000,110,399 | ---- | C] () -- C:\WINDOWS\hpoins11.dat
[2011.12.12 22:53:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2011.12.12 22:53:01 | 000,006,947 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2011.12.12 22:10:20 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.12.12 22:10:17 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.12 20:54:34 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2011.12.12 16:55:16 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\T.lnk
[2011.12.12 15:59:48 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\foobar2000.lnk
[2011.12.12 14:50:42 | 000,940,794 | ---- | C] () -- C:\WINDOWS\System32\LoopyMusic.wav
[2011.12.12 14:50:42 | 000,146,650 | ---- | C] () -- C:\WINDOWS\System32\BuzzingBee.wav
[2011.12.12 14:30:32 | 000,000,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Internet Explorer.lnk
[2011.12.12 14:30:32 | 000,000,723 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Outlook Express.lnk
[2011.12.12 14:22:46 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2011.12.12 14:22:46 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2011.12.12 14:22:44 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2011.12.12 14:06:45 | 000,000,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Mozilla Firefox.lnk
[2011.12.12 13:12:25 | 000,042,484 | ---- | C] () -- C:\WINDOWS\System32\net5211.inf
[2011.12.12 13:12:25 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\net5211.cat
[2011.12.12 12:58:11 | 000,000,211 | -HS- | C] () -- C:\boot.ini
[2011.12.12 12:58:08 | 000,003,292 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2011.12.12 12:53:38 | 000,156,910 | ---- | C] () -- C:\WINDOWS\WMSysPr8.prx
[2011.12.12 12:49:07 | 000,005,529 | ---- | C] () -- C:\WINDOWS\System32\OODBS.lor
[2011.12.12 12:47:12 | 000,000,695 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\WinRAR.lnk
[2011.12.12 12:46:38 | 000,001,761 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Photoshop CS2.lnk
[2011.12.12 12:45:32 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.12.12 12:39:50 | 000,002,319 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Acrobat Speed Launcher.lnk
[2011.12.12 12:39:50 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Acrobat 7.0 Professional.lnk
[2011.12.12 12:31:04 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.12.12 12:30:42 | 000,157,184 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2011.12.12 12:30:42 | 000,141,016 | R--- | C] () -- C:\WINDOWS\System32\alsndmgr.wav
[2011.12.12 12:30:36 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2011.12.12 12:29:37 | 000,003,632 | ---- | C] () -- C:\WINDOWS\System32\nvnrm.nvu
[2011.12.12 12:29:35 | 000,001,348 | R--- | C] () -- C:\WINDOWS\System32\nvsmb.nvu
[2011.12.12 12:28:44 | 000,003,590 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.12.12 12:28:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.12.12 12:27:33 | 000,163,353 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2011.12.12 12:27:30 | 000,017,737 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2011.12.12 12:19:10 | 000,000,408 | ---- | C] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2011.12.12 12:19:07 | 000,000,804 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\TuneUp Utilities 2006.lnk
[2011.12.12 12:17:06 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2011.12.12 12:16:10 | 000,000,773 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows Media Player.lnk
[2011.12.12 12:16:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2011.12.12 12:14:53 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.12.12 12:08:27 | 000,002,951 | ---- | C] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.12.12 12:08:27 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2011.12.12 12:08:27 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2011.12.12 12:08:27 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2011.12.12 12:08:18 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2011.12.12 12:08:17 | 000,316,640 | ---- | C] () -- C:\WINDOWS\WMSysPr9.prx
[2011.12.12 12:08:17 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2011.12.12 12:07:13 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2011.12.12 12:06:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2011.12.12 12:06:48 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2011.12.12 12:06:43 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2011.12.12 12:05:44 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011.12.12 12:05:09 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Seifenblase.bmp
[2011.12.12 12:05:09 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Präriewind.bmp
[2011.12.12 12:05:09 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe-Stuck.bmp
[2011.12.12 12:05:09 | 000,026,680 | ---- | C] () -- C:\WINDOWS\Fächer.bmp
[2011.12.12 12:05:09 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Granit.bmp
[2011.12.12 12:05:09 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2011.12.12 12:05:09 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Angler.bmp
[2011.12.12 12:05:09 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Kaffeetasse.bmp
[2011.12.12 12:05:09 | 000,016,730 | ---- | C] () -- C:\WINDOWS\Feder.bmp
[2011.12.12 12:05:09 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotek.bmp
[2011.12.12 12:05:09 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blaue Spitzen 16.bmp
[2011.12.12 12:05:07 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2011.12.12 12:05:07 | 000,001,237 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2011.12.12 12:05:06 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2011.12.12 12:05:01 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2011.12.12 12:01:21 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011.12.12 12:01:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.12.12 12:01:16 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2011.12.12 12:01:16 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2011.12.12 12:01:16 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2011.12.12 12:01:15 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2011.12.12 12:01:03 | 000,001,806 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2011.12.12 12:00:47 | 000,817,199 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011.12.12 12:00:47 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011.12.12 12:00:47 | 000,106,147 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011.12.12 12:00:47 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plus.cat
[2011.12.12 12:00:47 | 000,041,270 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011.12.12 12:00:47 | 000,017,916 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sonic.cat
[2011.12.12 12:00:47 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011.12.12 12:00:47 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011.12.12 12:00:47 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011.12.12 12:00:47 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011.12.12 12:00:09 | 000,191,384 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.12.12 09:37:34 | 001,554,240 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\d.mp3
[2007.12.04 18:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.12.04 18:41:00 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007.12.04 18:41:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.12.04 18:41:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007.12.04 18:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.12.04 18:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.12.04 18:41:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007.12.04 18:41:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007.12.04 18:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.06.01 20:06:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.06.01 20:06:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.06.01 20:06:00 | 000,316,924 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006.06.01 20:06:00 | 000,311,740 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.06.01 20:06:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.06.01 20:06:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006.06.01 20:06:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.06.01 20:06:00 | 000,048,354 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006.06.01 20:06:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.06.01 20:06:00 | 000,040,128 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.06.01 20:06:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006.06.01 20:06:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\cmdow.exe
[2006.06.01 20:06:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.06.01 20:06:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2006.06.01 20:06:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.06.01 20:06:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.06.01 20:06:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.06.01 20:06:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat ========== LOP Check ==========
[2011.12.12 23:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools
[2011.12.13 15:23:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Lite
[2011.12.12 23:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DAEMON Tools Pro
[2011.12.14 19:58:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\foobar2000
[2011.12.12 17:12:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Teeworlds
[2011.12.12 12:19:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TuneUp Software
[2011.12.13 11:02:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011.12.12 12:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.12.12 12:19:10 | 000,000,408 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. >
[2011.12.12 23:41:29 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2011.12.12 12:16:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.12.12 22:29:57 | 000,000,000 | ---D | M] -- C:\Film
[2011.12.15 12:24:33 | 000,000,000 | R--D | M] -- C:\Programme
[2011.12.12 12:23:46 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011.12.15 13:22:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.12 13:11:53 | 000,000,000 | ---D | M] -- C:\Temp
[2011.12.15 13:21:17 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2011.12.15 13:17:10 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe >
Invalid Environment Variable: LOCALAPPDATA < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS >
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3GDR\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.14 00:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3qfe\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP3QFE\afd.sys
[2008.08.14 10:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP2GDR\afd.sys
[2006.06.01 20:06:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2006.06.01 20:06:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\SoftwareDistribution\Download\c42427ff134b9d3c82d8b2dc0c3e89b3\backup\afd.sys
[2008.08.14 10:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP2QFE\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\SoftwareDistribution\Download\e424457fa03b62ac525a28d5c035253c\sp3gdr\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\SoftwareDistribution\Download\aea616e16ad5c2769a1797d4d8c932aa\SP3GDR\afd.sys
[2008.06.20 11:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp2gdr\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3qfe\afd.sys
[2008.06.20 11:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp2qfe\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\SoftwareDistribution\Download\c2d977c5e0eed03f3e49e46d53b9cd20\sp3gdr\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\SoftwareDistribution\Download\43f8920a763d09a9c6404053368aa5ee\SP3QFE\afd.sys < MD5 for: EXPLORER.EXE >
[2006.06.01 20:06:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2006.06.01 20:06:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\SoftwareDistribution\Download\c42427ff134b9d3c82d8b2dc0c3e89b3\backup\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: IPSEC.SYS >
[2008.04.14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.14 00:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2006.06.01 20:06:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
[2006.06.01 20:06:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\SoftwareDistribution\Download\c42427ff134b9d3c82d8b2dc0c3e89b3\backup\ipsec.sys < MD5 for: REGEDIT.EXE >
[2006.06.01 20:06:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2006.06.01 20:06:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\SoftwareDistribution\Download\c42427ff134b9d3c82d8b2dc0c3e89b3\backup\regedit.exe
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 07:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe < MD5 for: USERINIT.EXE >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2006.06.01 20:06:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2006.06.01 20:06:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\SoftwareDistribution\Download\c42427ff134b9d3c82d8b2dc0c3e89b3\backup\userinit.exe < MD5 for: WINLOGON.EXE >
[2006.06.01 20:06:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2006.06.01 20:06:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\SoftwareDistribution\Download\c42427ff134b9d3c82d8b2dc0c3e89b3\backup\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-15 12:15:21 < >
< End of report >
| OTL2: Zitat:
OTL Extras logfile created on: 15.12.2011 13:32:19 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,50 Gb Total Physical Memory | 1,13 Gb Available Physical Memory | 75,49% Memory free
3,35 Gb Paging File | 3,06 Gb Available in Paging File | 91,45% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 135,23 Gb Total Space | 115,78 Gb Free Space | 85,62% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 13,70 Gb Free Space | 14,03% Space Free | Partition Type: NTFS
Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2 ========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0 ========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Steam\Steam.exe" = C:\Programme\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation) ========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A316611-45D1-429C-AA26-B71259C44689}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{42347B75-9660-2DA4-63FD-D35E344E1031}" = Nero 7 Premium
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{868D7896-99D4-4513-BC62-2B3AD3E24926}" = TuneUp Utilities 2006
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000002}" = Adobe Acrobat 7.0 Professional - English, Français, Deutsch
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"Adobe Acrobat 7.0 Professional - EFG" = Adobe Acrobat 7.0.5 Professional - English, Français, Deutsch
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}" = Adobe Photoshop CS2
"AnyDVD" = AnyDVD
"Avira AntiVir Desktop" = Avira Free Antivirus
"CloneDVD2" = CloneDVD2
"Cool Edit Pro 2.1" = Cool Edit Pro 2.1
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch
"ESET Online Scanner" = ESET Online Scanner v3
"foobar2000" = foobar2000 v1.1.10
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR Archivierer
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) ========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2011 08:19:27 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2873, Fehleradresse 0x0009d0ca.
Error - 12.12.2011 08:28:27 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2873, Fehleradresse 0x00071fb6.
Error - 12.12.2011 08:28:43 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.2180, fehlgeschlagenes
Modul mshtml.dll, Version 6.0.2900.2873, Fehleradresse 0x00071fb6.
Error - 12.12.2011 09:34:03 | Computer Name = HOME-PC | Source = crypt32 | ID = 131080
Description = Der automatische Aktualisierungsabruf der Drittanbieterstammlisten-Sequenznummer
von <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
ist fehlgeschlagen mit dem Fehler: Dieser Vorgang wurde wegen Zeitüberschreitung
zurückgegeben. .
Error - 13.12.2011 09:52:45 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung magic_2012.exe, Version 0.0.0.0, fehlgeschlagenes
Modul magic_2012.exe, Version 0.0.0.0, Fehleradresse 0x002edc36.
Error - 13.12.2011 10:22:59 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung daemon.exe, Version 4.30.3.0, fehlgeschlagenes
Modul daemon.exe, Version 4.30.3.0, Fehleradresse 0x0001ddd2.
[ System Events ]
Error - 12.12.2011 07:14:58 | Computer Name = HOME-PC | Source = Setup | ID = 60055
Description = Während der Installation sind Fehler aufgetreten. Weitere Informationen
finden Sie in der Datei "setuperr.log" im Windows-Verzeichni
Error - 12.12.2011 07:19:49 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst SharedAccess.
Error - 12.12.2011 07:20:19 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst Browser.
Error - 12.12.2011 07:20:19 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Computerbrowser" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 12.12.2011 07:43:21 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 12.12.2011 07:54:19 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 12.12.2011 08:23:52 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 12.12.2011 08:42:26 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet: %%1460
Error - 12.12.2011 08:46:19 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.
Error - 12.12.2011 18:40:43 | Computer Name = HOME-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Pml Driver HPZ12" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
< End of report >
| und Gmer: Zitat:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-15 14:06:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP2514N rev.VF100-50
Running: y9o55l5h.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\pwldipow.sys
---- System - GMER 1.0.15 ----
SSDT BA78D744 ZwClose
SSDT BA78D6FE ZwCreateKey
SSDT BA78D74E ZwCreateSection
SSDT BA78D6F4 ZwCreateThread
SSDT BA78D703 ZwDeleteKey
SSDT BA78D70D ZwDeleteValueKey
SSDT BA78D73F ZwDuplicateObject
SSDT BA78D712 ZwLoadKey
SSDT BA78D6E0 ZwOpenProcess
SSDT BA78D6E5 ZwOpenThread
SSDT BA78D767 ZwQueryValueKey
SSDT BA78D71C ZwReplaceKey
SSDT BA78D758 ZwRequestWaitReplyPort
SSDT BA78D717 ZwRestoreKey
SSDT BA78D753 ZwSetContextThread
SSDT BA78D75D ZwSetSecurityObject
SSDT BA78D708 ZwSetValueKey
SSDT BA78D762 ZwSystemDebugControl
SSDT BA78D6EF ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB968D380, 0x346307, 0xE8000020]
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x77 0x93 0xBA ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3F 0x93 0x28 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0xBB 0x9A 0xDF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0xDB 0xA2 0x38 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0x5D 0x73 0xA5 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0x24 0xFB 0x08 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x89 0x77 0x93 0xBA ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3F 0x93 0x28 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD4 0xBB 0x9A 0xDF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Programme\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0xDB 0xA2 0x38 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD8 0x5D 0x73 0xA5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x79 0x24 0xFB 0x08 ...
---- EOF - GMER 1.0.15 ----
| Achso, was ich noch erwähnen sollte, ich hab den C:\Temp und den C:\Windows\Temp Ordner gelöscht, jeweils mit TuneUp-Shredder und seit dem kann ich den PC wieder starten OHNE dass die Aufforderung kommt (welche übrigens eine Internetseite ist, sie erscheint also nicht, wenn man die Netzwerkkarte zieht oder den Router ausschaltet, stattdessen erscheint eine Fehlermeldung, dass man eben keine Inetverbindung hat, die relevanten Prozesse sind aber trotzdem blockiert)
Sooo, falls ich etwas vergessen haben sollte möge man mir einfach Bescheid sagen. Besten Dank bereits im Vorraus, ihr leistet wirklich gute Arbeit. Gruß - Christian |