Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 30.01.2012, 09:46   #1
bizhub
 
Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log - Standard

Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log



Hallo, ich habe mir einen GEMA Virus eingefangen.
Der Abgesicherte Modus ist ohne Funktion, die Rescue CDs von Avira und Kasperskz haben nicht geholfen.

Ich habe nun nach Anleitung aus dem Forum die Log Datei erstellt.

Kann mir bitte jemand helfen, wie ich weiter verfahren soll ?

Zitat:
OTL logfile created on: 1/30/2012 9:38:20 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 195.31 Gb Total Space | 49.99 Gb Free Space | 25.59% Space Free | Partition Type: NTFS
Drive D: | 270.45 Gb Total Space | 268.55 Gb Free Space | 99.30% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2011/10/24 15:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/12/08 05:53:32 | 000,267,944 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/11/03 04:04:04 | 000,403,624 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010/11/03 04:04:04 | 000,339,624 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010/11/03 04:04:04 | 000,135,336 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/10/06 14:40:50 | 000,056,040 | ---- | M] (Xobni Corporation) [Auto] -- C:\Programme\Xobni\XobniService.exe -- (XobniService)
SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Disabled] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/02/19 06:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/28 04:35:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/08 18:00:56 | 000,098,304 | ---- | M] (Electronics For Imaging) [Auto] -- C:\Programme\Fiery\Applications3\Fiery Bridge\x86\MailboxSyncService.exe -- (Fiery Bridge Mailbox Synchronization)
SRV - [2008/12/11 07:53:38 | 000,098,488 | ---- | M] (SiSoftware) [Disabled] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008/11/03 18:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/19 07:30:02 | 000,222,456 | ---- | M] () [Disabled] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008/08/14 22:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\Programme\Gemeinsame Dateien\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008/07/17 10:37:44 | 002,549,248 | ---- | M] (Aladdin Knowledge Systems Ltd.) [On_Demand] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/06/13 07:24:02 | 000,081,920 | ---- | M] (Firebird Project) [Auto] -- C:\Programme\Firebird\Firebird_2_1\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2008/06/13 07:22:50 | 002,723,840 | ---- | M] (Firebird Project) [On_Demand] -- C:\Programme\Firebird\Firebird_2_1\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2008/04/11 09:29:10 | 000,009,216 | ---- | M] (Electronics for Imaging, Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\EFI\EFI ES-1000 Service\ES1000Service.exe -- (EFI ES1000)
SRV - [2007/07/24 04:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2006/10/26 08:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/19 16:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (UltraMonMirror)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (ALLOW-IO)
DRV - [2011/11/04 07:42:02 | 000,158,512 | ---- | M] (Oracle Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2011/11/04 07:42:02 | 000,116,016 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2011/11/04 07:42:02 | 000,104,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2011/11/04 07:42:02 | 000,091,440 | ---- | M] (Oracle Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/12/20 05:58:41 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/22 06:04:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/25 12:07:14 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2010/01/21 09:42:14 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/01/21 09:41:56 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/30 14:57:31 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009/03/15 05:25:46 | 000,056,268 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/11/25 15:57:04 | 000,022,432 | ---- | M] (SiSoftware) [Kernel | On_Demand] -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP2\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2008/11/13 19:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto] -- C:\Programme\Gemeinsame Dateien\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/03/27 12:50:00 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/11 10:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2007/10/16 05:38:30 | 004,615,168 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/10/03 08:31:40 | 000,102,656 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/08/24 13:45:22 | 000,101,120 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2007/01/05 11:21:06 | 000,093,056 | ---- | M] (C-Media Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmiucr.SYS -- (CMISTOR)
DRV - [2006/09/01 06:32:50 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/07/19 06:29:08 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/07/19 06:28:56 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/07/19 06:28:04 | 000,036,736 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2006/07/19 06:27:46 | 000,055,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2006/07/19 06:27:26 | 000,013,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2006/07/01 16:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Land_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKU\Land_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\Land_ON_C\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\Land_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Land_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\Land_ON_C\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
IE - HKU\Land_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Land_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s

IE - HKU\systemprofile_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\systemprofile_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Wildbrett_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\Wildbrett_ON_C\Software\Microsoft\Internet Explorer\SearchURL\g, = hxxp://www.google.com/search?q=%s
IE - HKU\Wildbrett_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Programme\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010/05/11 05:40:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/16 09:17:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/03/23 02:11:49 | 000,000,000 | ---D | M]

[2011/11/23 02:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/11/23 02:37:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/01/19 06:57:19 | 000,000,000 | ---D | M] (Internal security) -- C:\Programme\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}
[2012/01/16 09:16:58 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010/03/27 11:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\mozilla firefox\plugins\npContribute.dll
[2011/02/02 15:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/05 02:00:31 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/05 02:00:31 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/10/05 02:00:31 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011/09/20 04:33:13 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/10/05 02:00:31 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/05 02:00:31 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/05 02:00:31 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010/06/21 04:44:32 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (IECatcher Class) - {0682E46A-7040-4049-A6FD-0BCFBC673AD8} - C:\Programme\FlashDownloader\IntQd.dll ()
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\Land_ON_C\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\Land_ON_C\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\prxtbsof0.dll (Conduit Ltd.)
O3 - HKU\Land_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [CmUCRRun] C:\WINDOWS\system32\CmUCREye.exe ()
O4 - HKLM..\Run: [InetAccelerator] C:\WINDOWS\system32\InetAccelerator.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [InetAccelerator.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InetAccelerator\InetAccelerator.exe (Корпорация Майкрософт)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\Programme\Gemeinsame Dateien\Logitech\khalshared\KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\Communications_Helper.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\Programme\Gemeinsame Dateien\Logitech\LComMgr\LVComSX.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDFDrucker\PDFPrintBackend.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [Seagull Drivers] C:\WINDOWS\ssdal_nc.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Programme\Visagesoft\eXPert PDF\vspdfprsrv.exe ()
O4 - HKU\Administrator_ON_C..\Run: [InetAccelerator] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InetAccelerator\InetAccelerator.exe (Корпорация Майкрософт)
O4 - HKU\Administrator_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKU\Land_ON_C..\Run: [AdobeBridge] File not found
O4 - HKU\Land_ON_C..\Run: [InetAccelerator] C:\Dokumente und Einstellungen\Land\Anwendungsdaten\InetAccelerator\InetAccelerator.exe (Корпорация Майкрософт)
O4 - HKU\Land_ON_C..\Run: [LDM] C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] File not found
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [nltide_2] File not found
O4 - HKU\LocalService_ON_C..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [nltide_2] File not found
O4 - HKU\NetworkService_ON_C..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\systemprofile_ON_C..\RunOnce: [nltide_2] File not found
O4 - HKU\systemprofile_ON_C..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\klickTel OEM 2008 - Schnellstarter.lnk = C:\Programme\klickTel\klickTel OEM 2008\KSTART32.EXE (klickTel AG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\netz.lnk = File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\goScreen.lnk = C:\Programme\goScreen\goScreen.exe (Andrei Gourianov)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Programme\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ProKal Internet,EMail,Hintergrundalarm.lnk = C:\Programme\ProSteuer GbR\ProKal\ProKalWorker.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk = C:\WINDOWS\Installer\{537056B7-32A4-4408-9B54-0341963C7C9C}\IcoUltraMon.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: RTHDBPL = C:\Dokumente und Einstellungen\Land\Anwendungsdaten\SystemProc\lsass.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\Land_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: softonic-de3 = C:\Dokumente und Einstellungen\Land\Anwendungsdaten\479A80.exe (Корпорация Майкрософт)
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\Wildbrett_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\Wildbrett_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\Wildbrett_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\Wildbrett_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\Wildbrett_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\Wildbrett_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\Wildbrett_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O9 - Extra Button: FlashKeeper - {86301D40-94C1-4a5e-843B-7F43965E364A} - C:\Programme\FlashKeeper\GetFlash.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Programme\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O18 - Protocol\Handler\bw+0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw+0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw00s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw-0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw10s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw20s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw30s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw40s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw50s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw60s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw70s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw80s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bw90s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwa0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwb0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwc0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwd0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwe0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwf0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwg0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwh0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwi0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwj0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwk0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwl0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwm0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwn0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwo0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwp0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwq0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwr0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bws0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwt0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwu0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwv0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bww0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwx0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwy0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0 {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\bwz0s {750ba720-c565-488e-bf21-d458a2235b12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {750BA720-C565-488E-BF21-D458A2235B12} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (Logitech)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InetAccelerator\InetAccelerator.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InetAccelerator\InetAccelerator.exe (Корпорация Майкрософт)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\InetAccelerator.exe) - C:\WINDOWS\system32\InetAccelerator.exe (Корпорация Майкрософт)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InetAccelerator\InetAccelerator.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InetAccelerator\InetAccelerator.exe (Корпорация Майкрософт)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Land_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Land\Anwendungsdaten\InetAccelerator\InetAccelerator.exe) - C:\Dokumente und Einstellungen\Land\Anwendungsdaten\InetAccelerator\InetAccelerator.exe (Корпорация Майкрософт)
O20 - HKU\Land_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/30 21:07:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/30 03:46:47 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/01/30 01:57:02 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Land\Recent
[2012/01/27 10:44:23 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2012/01/27 09:22:42 | 000,000,000 | ---D | C] -- C:\.Trash-999
[2012/01/27 08:25:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\PDF Files
[2012/01/27 08:25:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Logitech
[2012/01/27 08:24:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InetAccelerator
[2012/01/27 08:13:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\InetAccelerator
[2012/01/27 08:13:47 | 000,337,920 | ---- | C] (Корпорация Майкрософт) -- C:\WINDOWS\System32\InetAccelerator.exe
[2012/01/27 08:13:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InetAccelerator
[2012/01/25 11:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPcap
[2012/01/25 11:15:23 | 000,000,000 | ---D | C] -- C:\Programme\WinPcap
[2012/01/25 11:15:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Land\Startmenü\Programme\Cain
[2012/01/25 10:47:44 | 000,000,000 | ---D | C] -- C:\Programme\Cain
[2012/01/24 03:34:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Land\Desktop\Email
[2012/01/24 02:00:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Land\Lokale Einstellungen\Anwendungsdaten\libimobiledevice
[2012/01/24 02:00:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Land\Desktop\data
[2012/01/19 03:22:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Land\Desktop\BHC35PCL6Winx86_1130DE
[2012/01/19 03:20:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Land\Desktop\BHC35PCL6Winx64_1130DE
[2012/01/12 09:04:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2010/02/11 05:41:53 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2008/04/14 02:52:08 | 000,035,328 | -HS- | C] (Корпорация Майкрософт) -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\479A80.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/30 02:38:15 | 000,002,283 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\UltraMon.lnk
[2012/01/30 02:37:56 | 000,201,151 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/01/30 02:37:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/30 02:37:18 | 000,001,082 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/30 02:37:15 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2012/01/30 02:36:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/30 02:18:20 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Untitled Document
[2012/01/27 09:46:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/27 08:54:00 | 000,001,206 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-796845957-725345543-1004UA.job
[2012/01/27 08:15:57 | 000,271,360 | ---- | M] () -- C:\Dokumente und Einstellungen\Land\Desktop\archive.pst
[2012/01/27 08:13:47 | 000,337,920 | ---- | M] (Корпорация Майкрософт) -- C:\WINDOWS\System32\InetAccelerator.exe
[2012/01/27 08:01:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012/01/27 07:54:00 | 000,001,154 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1177238915-796845957-725345543-1004Core.job
[2012/01/27 07:53:47 | 000,011,831 | ---- | M] () -- C:\Dokumente und Einstellungen\Land\Desktop\bundesverdienstkreuz-am-Bande1.jpg
[2012/01/26 20:00:00 | 000,000,344 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-LAND-Land.job
[2012/01/25 11:15:24 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\-1
[2012/01/25 11:15:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPcap
[2012/01/25 11:15:17 | 000,001,450 | ---- | M] () -- C:\Dokumente und Einstellungen\Land\Desktop\Cain.lnk
[2012/01/24 05:03:53 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2012/01/24 04:10:41 | 001,291,339 | ---- | M] () -- C:\s2sc.5
[2012/01/24 04:10:41 | 000,697,989 | ---- | M] () -- C:\s2sc.6
[2012/01/24 02:38:49 | 001,291,747 | ---- | M] () -- C:\s13c.6
[2012/01/24 02:38:49 | 000,697,999 | ---- | M] () -- C:\s13c.7
[2012/01/24 02:01:56 | 001,289,924 | ---- | M] () -- C:\s34g.6
[2012/01/24 02:01:56 | 000,697,281 | ---- | M] () -- C:\s34g.7
[2012/01/21 15:01:06 | 006,853,180 | ---- | M] () -- C:\Dokumente und Einstellungen\Land\Desktop\absinthe.exe
[2012/01/17 02:02:07 | 000,000,223 | -HS- | M] () -- C:\boot.ini
[2012/01/17 02:02:06 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/01/12 14:04:17 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/01/12 09:04:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2012/01/12 09:04:09 | 000,000,787 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012/01/11 14:04:16 | 000,505,964 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/01/11 14:04:16 | 000,484,180 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/11 14:04:16 | 000,096,468 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/01/11 14:04:16 | 000,080,576 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/11 09:00:00 | 002,044,959 | ---- | M] () -- C:\Dokumente und Einstellungen\Land\Desktop\scan fehlermeldungen.pdf
[2012/01/04 06:42:00 | 000,356,836 | ---- | M] () -- C:\Dokumente und Einstellungen\Land\Desktop\N82 Fehler.pdf
[2012/01/04 06:40:27 | 000,572,124 | ---- | M] () -- C:\Dokumente und Einstellungen\Land\Desktop\FTP Tipps.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/30 02:18:20 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Untitled Document
[2012/01/27 07:53:47 | 000,011,831 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Desktop\bundesverdienstkreuz-am-Bande1.jpg
[2012/01/25 11:15:17 | 000,001,450 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Desktop\Cain.lnk
[2012/01/25 10:48:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\-1
[2012/01/24 10:28:02 | 021,952,407 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Desktop\Risiko(1.2.28).ipa
[2012/01/24 04:10:41 | 001,291,339 | ---- | C] () -- C:\s2sc.5
[2012/01/24 04:10:41 | 000,697,989 | ---- | C] () -- C:\s2sc.6
[2012/01/24 02:38:49 | 001,291,747 | ---- | C] () -- C:\s13c.6
[2012/01/24 02:38:49 | 000,697,999 | ---- | C] () -- C:\s13c.7
[2012/01/24 02:01:56 | 001,289,924 | ---- | C] () -- C:\s34g.6
[2012/01/24 02:01:56 | 000,697,281 | ---- | C] () -- C:\s34g.7
[2012/01/24 02:00:30 | 006,853,180 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Desktop\absinthe.exe
[2012/01/19 03:22:03 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOBJUJ_L.DLL
[2012/01/12 09:04:09 | 000,000,787 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TeamViewer 7.lnk
[2012/01/11 09:00:00 | 002,044,959 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Desktop\scan fehlermeldungen.pdf
[2012/01/04 06:42:00 | 000,356,836 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Desktop\N82 Fehler.pdf
[2012/01/04 06:40:22 | 000,572,124 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Desktop\FTP Tipps.pdf
[2011/12/02 02:44:47 | 000,044,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\i1display.sys
[2011/12/02 02:34:44 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Lokale Einstellungen\Anwendungsdaten\PUTTY.RND
[2011/11/30 14:40:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/11/30 13:56:59 | 000,036,592 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\magazin1
[2011/10/26 03:57:45 | 000,073,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/09/27 05:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2011/09/27 05:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2011/09/27 05:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2011/09/27 05:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2011/06/29 07:32:17 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\QD info.ini
[2011/01/31 07:25:09 | 000,002,272 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2011/01/28 08:47:24 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2011/01/28 02:54:09 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 12.0 Prefs
[2011/01/05 04:11:05 | 000,000,019 | ---- | C] () -- C:\WINDOWS\TAMModule.INI
[2010/12/08 08:44:36 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZJA_L.DLL
[2010/11/17 08:15:01 | 000,000,132 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Adobe PNG Format CS5 Prefs
[2010/10/08 02:18:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/10/06 02:24:08 | 000,000,885 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\.recently-used.xbel
[2010/09/30 08:29:56 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll
[2010/09/07 10:26:30 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2010/08/23 09:01:42 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2010/08/23 09:01:42 | 000,000,088 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\5C3187FAF9.sys
[2010/07/14 07:05:35 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/06/25 12:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/02/25 11:52:30 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\F73859.bin
[2010/02/25 11:51:30 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\e9243f.bin
[2010/02/25 11:49:56 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\sparkleflashendocder_lu.bin
[2010/02/25 11:49:37 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\sparkleflashendocder_fu.bin
[2010/02/11 05:53:36 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2010/02/11 05:42:13 | 000,000,031 | ---- | C] () -- C:\WINDOWS\EVP_DATA.INI
[2010/02/11 05:41:53 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2SODBC.DLL
[2010/02/11 05:41:53 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2IRDAO.DLL
[2010/02/11 05:41:53 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2CTDAO.DLL
[2010/02/11 05:41:53 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2BBND.DLL
[2010/02/11 05:41:52 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\CO2C40EN.DLL
[2010/02/08 06:05:31 | 000,028,160 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/08 03:34:12 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AdobeUpdater6.rbt
[2009/12/16 03:35:13 | 000,000,002 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\WSSEMAPHORES.dat
[2009/12/16 02:55:20 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.157-8876480SL.exe
[2009/11/27 02:22:11 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\FrameFun.ini
[2009/11/17 11:11:26 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2009/11/17 11:09:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2009/11/17 11:09:20 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2009/10/28 01:52:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\GetHostIP.exe
[2009/10/14 04:25:06 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.exe
[2009/10/14 04:25:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\CmUCREye.exe
[2009/10/14 04:25:06 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CmUCRRm.Dll
[2009/10/07 07:41:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/06 03:41:34 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wstdUPSWSHIP.INI
[2009/09/29 02:04:34 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Land\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/02 06:03:01 | 000,001,565 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/02 02:36:38 | 000,000,149 | ---- | C] () -- C:\WINDOWS\ktel.ini
[2009/07/29 01:45:45 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZXS_L.DLL
[2009/07/27 02:36:02 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/07/23 04:48:34 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZXJ_L.DLL
[2009/05/30 22:00:50 | 000,004,737 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/30 21:59:47 | 003,638,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/30 21:31:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/30 21:28:35 | 008,507,392 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2009/05/30 21:17:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/05/30 21:11:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/30 21:05:12 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/30 21:04:29 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\cygwinb19.dll
[2009/05/30 14:56:28 | 000,016,059 | ---- | C] () -- C:\WINDOWS\LxFrame.ini
[2009/05/30 14:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/07 00:33:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/10/07 00:33:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/10/07 00:33:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/10/07 00:33:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/10/07 00:33:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/10/07 00:33:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/10/07 00:33:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/10/07 00:33:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/10/07 00:33:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/06/11 02:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 02:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/06/11 02:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/06/11 02:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 02:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/06/11 02:02:34 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/06/11 02:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/06/11 02:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/06/11 02:02:32 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/06/05 01:58:26 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/04/14 03:06:26 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/02/22 11:33:14 | 000,069,632 | ---- | C] () -- C:\WINDOWS\ssdal_nc.exe
[2006/12/31 02:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/03/30 03:46:22 | 000,029,035 | ---- | C] () -- C:\WINDOWS\cstasp.ini
[2004/08/04 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 09:00:00 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2004/08/04 09:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 09:00:00 | 000,505,964 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/04 09:00:00 | 000,484,180 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 09:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 09:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 09:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 09:00:00 | 000,096,468 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/04 09:00:00 | 000,080,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 09:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 09:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 09:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 09:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 09:00:00 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\AIO-Auswahl.ini
[2003/04/08 06:41:20 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\nssckbi.dll
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000096.DLL
[2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000091.DLL
[2002/02/27 02:41:28 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2002/02/27 02:41:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/02/27 02:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2001/12/12 06:41:36 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\W32btstp.dll
[2001/12/12 06:41:36 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\W32btxlt.dll

========== LOP Check ==========

[2009/10/07 02:22:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Alcatel PIMphony
[2009/07/28 06:45:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ICQ
[2012/01/27 08:24:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\InetAccelerator
[2009/09/02 02:42:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\klickTel
[2009/05/30 15:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Lexware
[2009/07/27 02:44:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\TeamViewer
[2012/01/26 06:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Alcatel PIMphony
[2010/07/14 07:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Canneverbe Limited
[2010/06/11 05:16:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/11/04 12:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\ClickYes Pro
[2009/11/16 10:20:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\com.polythink.ups.wda.03EBA0C726630DF115D9764F9B83F5185396D811.1
[2010/02/08 04:43:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Eltima Software
[2010/09/30 08:32:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\eXPert PDF Editor
[2011/09/22 00:59:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\facemoods.com
[2011/12/05 09:24:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\FileZilla
[2011/04/26 02:57:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Foxit Software
[2012/01/23 11:16:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\goScreen
[2009/09/28 03:28:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\ICQ
[2012/01/27 08:13:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\InetAccelerator
[2009/10/15 03:20:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\klickTel
[2009/07/23 04:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Lexware
[2009/10/12 09:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Opera
[2009/10/01 01:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\phonostar GmbH
[2012/01/23 10:23:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\PhraseExpress
[2010/08/17 04:29:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\PixelPlanet
[2012/01/09 03:30:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\PriceGong
[2010/09/07 06:07:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\SmartDraw
[2011/09/23 07:45:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\soft-evolution
[2010/01/29 02:06:42 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\SystemProc
[2012/01/12 09:04:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\TeamViewer
[2012/01/24 03:35:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Thunderbird
[2011/01/24 06:59:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\Ulead Systems
[2011/09/06 09:32:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\VSO
[2011/10/26 09:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Land\Anwendungsdaten\XnView
[2009/05/30 14:55:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2010/07/14 07:07:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011/12/12 10:50:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\COPYTRON
[2010/09/30 08:29:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF
[2010/10/01 01:06:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 4
[2010/09/30 08:29:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF Jobs
[2011/12/02 02:50:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Fiery
[2009/07/23 04:27:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2012/01/27 08:13:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InetAccelerator
[2010/01/26 05:18:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\IsolatedStorage
[2012/01/26 05:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2011/09/07 05:45:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PhraseExpress
[2010/08/17 04:29:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PixelPlanet
[2010/09/13 10:21:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PlotSoft
[2010/06/01 09:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2011/09/23 08:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\soft-evolution
[2011/12/06 04:46:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SQL Anywhere 11
[2010/02/08 06:04:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011/01/24 06:59:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
[2011/12/16 09:28:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/01/27 08:01:00 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012/01/30 02:37:15 | 000,000,470 | ---- | M] () -- C:\WINDOWS\Tasks\SDMsgUpdate (TE).job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 177 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:78067A35
< End of report >

 

Themen zu Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log
0x00000001, abgesicherter modus, adobe, alcatel, alternate, antivir, application/pdf, application/pdf:, avira, bho, bonjour, cdburnerxp, conduit, desktop, einstellungen, email, error, expert pdf, firefox, fontcache, format, ftp, gema virus, google earth, helper.exe, homepage, kaspersky, logfile, object, plug-in, poweriso, realtek, registry, safer networking, scan, security, server, software, version=1.0, virus, virus bka bundeskriminalamt, windows, windows xp




Ähnliche Themen: Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log


  1. BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter
    Log-Analyse und Auswertung - 22.04.2014 (7)
  2. Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt
    Log-Analyse und Auswertung - 17.02.2014 (9)
  3. BMI, Polizei Virus, abgesicherter Modus fährt ohne Eingabemöglichkeit wieder runter
    Log-Analyse und Auswertung - 02.02.2014 (4)
  4. Bundes Trojaner, abgesicherter Modus geht nicht, OTLPE Scan durchgefuehrt
    Log-Analyse und Auswertung - 04.11.2013 (3)
  5. Landespolizeidirection virus abgesicherter modus funkt nicht otlpe ok
    Log-Analyse und Auswertung - 21.10.2013 (7)
  6. Win XP - BKA Trojaner - kein abgesicherter Modus - Logfile OTLPE
    Log-Analyse und Auswertung - 09.09.2013 (3)
  7. GVU Trojaner, weißer Bildschrim Taskmanager und abgesicherter Modus ohne Funktion
    Log-Analyse und Auswertung - 01.07.2013 (7)
  8. GVU TROJANER (abgesichert Modus ohne Funktion) OTLPE
    Plagegeister aller Art und deren Bekämpfung - 17.03.2013 (19)
  9. Polizei Virus ohne abgesicherter modus
    Plagegeister aller Art und deren Bekämpfung - 06.03.2013 (13)
  10. GEMA - Virus - kein abgesicherter Modus möglich
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (3)
  11. Gema Virus auf dem Netbook + Abgesicherter Modus funktioniert nicht (Windows 7)
    Plagegeister aller Art und deren Bekämpfung - 30.03.2012 (7)
  12. Bundestrojaner - Kein abgesicherter Modus- gescannt mit OTLPE -HILFE !!!!
    Log-Analyse und Auswertung - 21.03.2012 (1)
  13. GEMA Trojaner/Virus, abgesicherter Modus nicht möglich, kein CD-LW
    Plagegeister aller Art und deren Bekämpfung - 19.03.2012 (5)
  14. GEMA-Virus!Abgesicherter Modus funktioniert nicht
    Plagegeister aller Art und deren Bekämpfung - 01.03.2012 (33)
  15. GEMA Trojaner - Alles bisherige ohne Lösung, auch OTLPE
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (11)
  16. gema virus und abgesicherter modus geht nicht, vorerst kein zweit pc
    Plagegeister aller Art und deren Bekämpfung - 21.02.2012 (12)
  17. Gema Virus abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 02.02.2012 (44)

Zum Thema Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log - Hallo, ich habe mir einen GEMA Virus eingefangen. Der Abgesicherte Modus ist ohne Funktion, die Rescue CDs von Avira und Kasperskz haben nicht geholfen. Ich habe nun nach Anleitung aus - Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log...
Archiv
Du betrachtest: Gema virus & Abgesicherter Modus ohne Funktion OTLPE Log auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.