TR/Kexject.A.57 und HTML/Rce.Gen gefunden

Santuro · 23.01.2012, 08:47

Hallo zusammen!

gestern abend kam gleich aus zwei verschiedenen Ordnern die Meldung, dass sie von TR/kexject.A.57 befallen sind. Eine Recherche im Internet ergab nicht viel, scheint neu zu sein, allerdings würde die Schädlichkeit auf "severe"

eingestuft, was micht ein wenig beunruhigt.
In der Quarantäne vonAvira hatte ich dann auch noch den HTML/Rce.Gen entdeckt, den ich wohl vorher übersehen habe.

Die geforderten Scans hab ich gemacht:

HTML-Code:

OTL logfile created on: 23.01.2012 00:12:15 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 64,38% Memory free
3,35 Gb Paging File | 2,91 Gb Available in Paging File | 86,98% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74,54 Gb Total Space | 53,93 Gb Free Space | 72,35% Space Free | Partition Type: NTFS
Drive D: | 47,54 Gb Total Space | 42,07 Gb Free Space | 88,49% Space Free | Partition Type: NTFS
Drive E: | 7,87 Gb Total Space | 4,61 Gb Free Space | 58,57% Space Free | Partition Type: FAT32
Drive F: | 4,23 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 19,07 Gb Total Space | 19,01 Gb Free Space | 99,67% Space Free | Partition Type: NTFS
Drive J: | 146,48 Gb Total Space | 29,91 Gb Free Space | 20,42% Space Free | Partition Type: NTFS
Drive K: | 151,61 Gb Total Space | 32,57 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012.01.23 00:06:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011.12.02 16:39:44 | 000,495,616 | ---- | M] (PaperCut Software International Pty Ltd) -- C:\Programme\PaperCut Print Logger\pcpl.exe
PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.11.10 18:36:04 | 000,431,456 | ---- | M] (Seagate) -- C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe
PRC - [2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.10.04 13:12:00 | 000,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012.01.03 14:10:46 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2011.10.11 13:59:51 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.12.02 16:39:44 | 000,495,616 | ---- | M] (PaperCut Software International Pty Ltd) [Auto | Running] -- C:\Programme\PaperCut Print Logger\pcpl.exe -- (PCPrintLogger)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.11.10 18:36:04 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009.08.17 07:54:36 | 000,093,336 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2006.10.26 18:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.22 15:00:09 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.05.22 15:00:09 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.04.03 15:21:13 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.04.03 15:21:13 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010.04.03 15:21:11 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.04.03 15:21:10 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010.02.11 08:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.08.07 22:46:56 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2010.SP1a\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007.08.08 17:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007.01.25 21:04:30 | 000,005,273 | ---- | M] (Arrowkey) [Kernel | Auto | Running] -- C:\Programme\Quintessential Media Player\cdrpdacc.sys -- (CDRPDACC) Quinnware CDDA Driver (by InfinaDyne)
DRV - [2006.04.06 00:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2005.11.14 07:19:28 | 000,027,264 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiU5F0D.sys -- (SaiU5F0D)
DRV - [2005.11.14 07:19:26 | 000,176,640 | R--- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH5F0D.sys -- (SaiH5F0D)
DRV - [2005.10.04 16:39:00 | 003,797,632 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) NT-Treiber für Realtek RTL8139(A/B/C)
DRV - [2004.03.29 03:06:24 | 000,090,464 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.19
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.3.50136
FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.2
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.01.08 10:19:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.01.12 01:00:12 | 000,000,000 | ---D | M]
 
[2010.04.03 15:46:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011.12.17 14:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions
[2011.12.09 14:05:29 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.04.27 13:34:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.03.20 10:08:38 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}
[2011.11.19 14:18:22 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.07.02 19:53:06 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.26 12:02:02 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011.12.17 14:41:10 | 000,000,000 | ---D | M] (Cooliris) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\piclens@cooliris.com
[2010.04.03 18:04:02 | 000,000,000 | ---D | M] (TimeTracker) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\extensions\timetrack@usablehack.com
[2012.01.22 08:50:31 | 000,002,492 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\wum78yz8.default\searchplugins\ixquick-https.xml
[2011.11.09 17:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.01.08 10:19:22 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.05.16 13:25:50 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.11.09 17:35:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.09 17:35:17 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.11.09 17:35:17 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.09 17:35:17 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.09 17:35:17 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.09 17:35:17 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.13 23:07:31 | 000,000,884 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 0.0.0.0 www.google-analytics.com
O1 - Hosts: 0.0.0.0 google-analytics.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Galoris\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Galoris\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.04.03 13:57:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.04.02 20:54:34 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012.01.23 00:06:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.22 23:59:39 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2012.01.22 08:56:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2012.01.20 22:35:45 | 000,000,000 | ---D | C] -- C:\Programme\Gnuplot
[2012.01.20 15:59:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\Latex
[2012.01.19 21:14:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MiKTeX
[2012.01.19 21:13:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\MiKTeX
[2012.01.19 21:12:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\MiKTeX 2.9
[2012.01.19 21:11:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MiKTeX
[2012.01.19 21:06:08 | 000,000,000 | ---D | C] -- C:\Programme\MiKTeX 2.9
[2012.01.19 20:15:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeXnicCenter
[2012.01.19 20:15:43 | 000,000,000 | ---D | C] -- C:\Programme\TeXnicCenter
[2012.01.12 19:51:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\PDF
[2012.01.12 00:59:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.01.10 18:39:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner (3)
[2012.01.06 15:42:21 | 000,000,000 | ---D | C] -- C:\Programme\DEUTSCHLAND SPIELT
[2012.01.06 15:42:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DEUTSCHLAND SPIELT
[2012.01.06 15:41:59 | 000,000,000 | ---D | C] -- C:\Programme\OXXOGames
[2012.01.03 20:45:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner (2)
[2012.01.01 23:21:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\PaperCut Print Logger
[2012.01.01 23:21:28 | 000,000,000 | ---D | C] -- C:\Programme\PaperCut Print Logger
[2012.01.01 20:10:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2012.01.01 11:45:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Neuer Ordner
[2011.12.30 22:30:31 | 000,000,000 | ---D | C] -- C:\Programme\Kyocera
[2010.06.02 04:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012.01.23 00:09:54 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.23 00:07:54 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.23 00:06:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012.01.23 00:06:29 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.22 23:48:12 | 000,452,408 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.01.22 23:48:12 | 000,435,688 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.22 23:48:12 | 000,081,348 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.01.22 23:48:12 | 000,068,584 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.22 23:35:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.20 22:36:41 | 000,000,840 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Gnuplot.lnk
[2012.01.19 20:15:46 | 000,000,757 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\TeXnicCenter.lnk
[2012.01.19 18:51:40 | 000,017,408 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012.01.23 00:09:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012.01.23 00:06:29 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Defogger.exe
[2012.01.19 20:15:46 | 000,000,757 | ---- | C] () -- C:\Dokumente und Einstellungen\***s\Desktop\TeXnicCenter.lnk
[2011.06.07 21:37:35 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2011.06.04 09:19:56 | 000,000,640 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gnuplot_history
[2011.05.23 18:33:03 | 000,000,092 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2010.09.16 19:54:09 | 000,000,068 | ---- | C] () -- C:\WINDOWS\Mensa2.ini
[2010.07.21 18:46:48 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2010.07.21 18:46:48 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2010.06.24 08:05:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\GraphEdt.INI
[2010.06.08 14:19:24 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2010.06.08 14:19:24 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2010.06.07 17:13:21 | 000,000,063 | ---- | C] () -- C:\WINDOWS\PixieTool.INI
[2010.06.02 04:22:54 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab
[2010.06.02 04:22:54 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab
[2010.06.02 04:22:54 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab
[2010.06.02 04:22:54 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab
[2010.06.02 04:22:54 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab
[2010.06.02 04:22:54 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab
[2010.06.02 04:22:54 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab
[2010.06.02 04:22:54 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab
[2010.06.02 04:22:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab
[2010.06.02 04:22:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab
[2010.06.02 04:22:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab
[2010.06.02 04:22:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab
[2010.06.02 04:22:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab
[2010.06.02 04:22:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab
[2010.06.02 04:22:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab
[2010.06.02 04:22:50 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab
[2010.06.02 04:22:50 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab
[2010.06.02 04:22:50 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab
[2010.06.02 04:22:50 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab
[2010.06.02 04:22:50 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab
[2010.06.02 04:22:48 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab
[2010.06.02 04:22:48 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab
[2010.06.02 04:22:48 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab
[2010.06.02 04:22:48 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab
[2010.06.02 04:22:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab
[2010.06.02 04:22:46 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab
[2010.06.02 04:22:46 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab
[2010.06.02 04:22:46 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab
[2010.06.02 04:22:38 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab
[2010.06.02 04:22:38 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab
[2010.06.02 04:22:36 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab
[2010.06.02 04:22:36 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab
[2010.06.02 04:22:36 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab
[2010.06.02 04:22:36 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab
[2010.06.02 04:22:36 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab
[2010.06.02 04:22:36 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab
[2010.06.02 04:22:36 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab
[2010.06.02 04:22:36 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab
[2010.06.02 04:22:34 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab
[2010.06.02 04:22:34 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab
[2010.06.02 04:22:34 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab
[2010.06.02 04:22:34 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab
[2010.06.02 04:22:34 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab
[2010.06.02 04:22:32 | 000,937,246 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x64.cab
[2010.06.02 04:22:32 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab
[2010.06.02 04:22:32 | 000,768,036 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x86.cab
[2010.06.02 04:22:32 | 000,278,060 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x86.cab
[2010.06.02 04:22:32 | 000,277,338 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x64.cab
[2010.06.02 04:22:32 | 000,124,596 | ---- | C] () -- C:\Programme\Jun2010_XACT_x64.cab
[2010.06.02 04:22:32 | 000,093,686 | ---- | C] () -- C:\Programme\Jun2010_XACT_x86.cab
[2010.06.02 04:22:30 | 000,762,188 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x86.cab
[2010.06.02 04:22:30 | 000,235,955 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x64.cab
[2010.06.02 04:22:30 | 000,197,283 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x86.cab
[2010.06.02 04:22:30 | 000,138,205 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x64.cab
[2010.06.02 04:22:30 | 000,109,445 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x86.cab
[2010.06.02 04:22:28 | 000,944,460 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x64.cab
[2010.06.02 04:22:28 | 000,931,471 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x86.cab
[2010.06.02 04:22:28 | 000,752,783 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x64.cab
[2010.06.02 04:22:20 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab
[2010.06.02 04:22:18 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab
[2010.06.02 04:22:18 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab
[2010.06.02 04:22:18 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab
[2010.06.02 04:22:18 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab
[2010.06.02 04:22:18 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab
[2010.06.02 04:22:18 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab
[2010.06.02 04:22:18 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab
[2010.06.02 04:22:18 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab
[2010.06.02 04:22:18 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab
[2010.06.02 04:22:18 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab
[2010.06.02 04:22:16 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab
[2010.06.02 04:22:16 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab
[2010.06.02 04:22:16 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab
[2010.06.02 04:22:16 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab
[2010.06.02 04:22:16 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab
[2010.06.02 04:22:16 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab
[2010.06.02 04:22:16 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab
[2010.06.02 04:22:16 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab
[2010.06.02 04:22:14 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab
[2010.06.02 04:22:14 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab
[2010.06.02 04:22:14 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab
[2010.06.02 04:22:14 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab
[2010.06.02 04:22:14 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab
[2010.06.02 04:22:12 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab
[2010.06.02 04:22:12 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab
[2010.06.02 04:22:12 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab
[2010.06.02 04:22:12 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab
[2010.06.02 04:22:10 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab
[2010.06.02 04:22:10 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab
[2010.06.02 04:22:04 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab
[2010.06.02 04:22:02 | 001,801,048 | ---- | C] () -- C:\Programme\dsetup32.dll
[2010.06.02 04:22:02 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab
[2010.06.02 04:22:02 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab
[2010.06.02 04:22:02 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab
[2010.06.02 04:22:02 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab
[2010.06.02 04:22:02 | 000,537,432 | ---- | C] () -- C:\Programme\DXSETUP.exe
[2010.06.02 04:22:02 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab
[2010.06.02 04:22:02 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab
[2010.06.02 04:22:02 | 000,094,011 | ---- | C] () -- C:\Programme\dxupdate.cab
[2010.06.02 04:22:02 | 000,042,410 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab
[2010.06.02 04:22:00 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab
[2010.06.02 04:22:00 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab
[2010.06.02 04:22:00 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab
[2010.06.02 04:22:00 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab
[2010.06.02 04:22:00 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab
[2010.06.02 04:22:00 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab
[2010.06.02 04:22:00 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab
[2010.06.02 04:22:00 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab
[2010.06.02 04:22:00 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab
[2010.06.02 04:21:58 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab
[2010.06.02 04:21:58 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab
[2010.06.02 04:21:58 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab
[2010.06.02 04:21:58 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab
[2010.06.02 04:21:58 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab
[2010.06.02 04:21:58 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab
[2010.06.02 04:21:56 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab
[2010.06.02 04:21:56 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab
[2010.06.02 04:21:56 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab
[2010.06.02 04:21:46 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab
[2010.06.02 04:21:46 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab
[2010.06.02 04:21:46 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab
[2010.06.02 04:21:44 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab
[2010.06.02 04:21:44 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab
[2010.06.02 04:21:44 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab
[2010.06.02 04:21:44 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab
[2010.06.02 04:21:44 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab
[2010.06.02 04:21:44 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab
[2010.06.02 04:21:44 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab
[2010.06.02 04:21:42 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab
[2010.06.02 04:21:42 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab
[2010.06.02 04:21:42 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab
[2010.06.02 04:21:42 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab
[2010.06.02 04:21:42 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab
[2010.06.02 04:21:40 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab
[2010.06.02 04:21:40 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab
[2010.06.02 04:21:40 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab
[2010.06.02 04:21:40 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab
[2010.06.02 04:21:40 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab
[2010.06.02 04:21:40 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab
[2010.06.02 04:21:40 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab
[2010.06.02 04:21:38 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab
[2010.06.02 04:21:38 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab
[2010.06.02 04:21:38 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab
[2010.06.02 04:21:38 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab
[2010.06.02 04:21:36 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab
[2010.06.02 04:21:36 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab
[2010.06.02 04:21:36 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab
[2010.06.02 04:21:34 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab
[2010.06.02 04:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab
[2010.06.02 04:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab
[2010.06.02 04:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab
[2010.06.02 04:21:18 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab
[2010.06.02 04:21:18 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab
[2010.06.02 04:21:16 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab
[2010.06.02 04:21:16 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab
[2010.06.02 04:21:16 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab
[2010.06.02 04:21:16 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab
[2010.05.31 12:55:28 | 000,056,004 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.05.22 15:00:09 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010.05.22 15:00:09 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010.04.24 20:25:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\neosetup.INI
[2010.04.24 18:07:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.04.03 21:48:23 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.04.03 21:48:22 | 000,074,240 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.03 20:21:03 | 000,037,886 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010.04.03 20:15:51 | 000,000,540 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AutoGK.ini
[2010.04.03 20:06:02 | 012,603,392 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2010.04.03 15:46:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.04.03 15:45:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.04.03 15:45:04 | 003,605,080 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.03 15:42:39 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2010.04.03 14:48:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.04.03 14:47:51 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2010.04.03 14:45:47 | 000,004,940 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mtbjfghn.xbe
[2010.04.03 14:41:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010.04.03 14:39:18 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010.04.03 13:58:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.04.03 13:54:35 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.02.11 05:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010.02.11 05:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.04.23 23:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.08.08 17:54:10 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2005.07.01 12:15:20 | 000,001,022 | ---- | C] () -- C:\WINDOWS\System32\Generic.ini
[2005.07.01 09:38:06 | 000,000,232 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP3.ini
[2005.07.01 09:37:46 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SwapDrvrSP2.ini
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,452,408 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,435,688 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,081,348 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,068,584 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.03.18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2001.09.04 14:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.09.04 14:10:20 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2011.05.23 18:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EmailNotifier
[2011.11.02 11:38:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2010.11.13 16:16:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MySQL
[2010.06.07 17:11:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle
[2010.04.03 15:21:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Seagate
[2010.04.03 21:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Auslogics
[2010.05.31 12:55:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.12.05 21:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ChessBase
[2011.06.22 08:56:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoft
[2011.05.03 11:04:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011.12.20 20:11:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Faustkeil
[2011.09.19 13:38:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Foxit Software
[2011.01.10 17:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***s\Anwendungsdaten\GetRightToGo
[2011.10.31 11:52:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\gtk-2.0
[2010.04.03 18:30:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2010.11.16 19:44:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Miranda Fusion
[2011.09.08 18:54:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mp3tag
[2011.11.09 22:27:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011.08.04 14:18:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\photopos
[2011.05.23 18:32:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\PhotoposComtb
[2011.03.03 21:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\supertuxkart
[2012.01.22 08:56:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Custom Scans ==========[/color]
 
 
[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2010.04.03 20:56:16 | 000,000,000 | ---D | M] -- C:\4a15b8ae3e3ec6adf027e9
[2010.11.03 20:48:43 | 000,000,000 | ---D | M] -- C:\adaptec
[2010.04.03 14:37:29 | 000,000,000 | ---D | M] -- C:\ATI
[2012.01.12 12:40:01 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.07.09 21:53:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011.09.28 19:32:57 | 000,000,000 | ---D | M] -- C:\MENSA_2
[2010.04.03 20:25:43 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.09.19 13:47:38 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.01.20 22:36:30 | 000,000,000 | R--D | M] -- C:\Programme
[2010.04.03 15:19:21 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.07.09 22:37:50 | 000,000,000 | ---D | M] -- C:\rsit
[2012.01.23 00:00:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.01.22 23:59:46 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]
[2010.06.02 04:22:02 | 000,537,432 | ---- | M] () -- C:\Programme\DXSETUP.exe
 
Invalid Environment Variable: LOCALAPPDATA
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.manifest /3 >[/color]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
 
[color=#A23BEC]< MD5 for: AFD.SYS  >[/color]
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011.08.17 14:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\$NtUninstallKB951748$\afd.sys
[2008.04.13 23:49:24 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011.02.16 14:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008.10.16 16:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008.08.14 11:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2004.08.04 13:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008.10.16 15:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008.08.14 11:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011.02.16 14:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008.06.20 12:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008.06.20 12:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\WINDOWS\$NtUninstallKB956803$\afd.sys
[2011.08.17 14:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2004.08.04 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: IPSEC.SYS  >[/color]
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008.04.13 23:49:44 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004.08.04 13:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys
 
[color=#A23BEC]< MD5 for: REGEDIT.EXE  >[/color]
[2004.08.04 13:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 06:53:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004.08.04 13:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >[/color]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Kmode: %SystemRoot%\system32\win32k.sys [2011.11.23 15:40:13 | 001,859,712 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]
 
[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-18 09:18:47
 
[color=#A23BEC]<           >[/color]

< End of report >

Die anderen 3 Logfiles sind im Anhang!

Ich hoffe dass ihr mir helfen könnt!
Viele Grüße

TR/Kexject.A.57 und HTML/Rce.Gen gefunden

Plagegeister aller Art und deren Bekämpfung: TR/Kexject.A.57 und HTML/Rce.Gen gefunden

TR/Kexject.A.57 und HTML/Rce.Gen gefunden

Ähnliche Themen: TR/Kexject.A.57 und HTML/Rce.Gen gefunden