Windows blockiert, 50 Euro Update

Noerw · 13.02.2012, 18:41

War jetzt nicht aus dem abgesicherten Modus, hoffe das ist kein Problem:

Code:

ATTFilter

OTL logfile created on: 13.02.2012 18:05:45 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = D:\Data\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 73,96% Memory free
3,85 Gb Paging File | 3,48 Gb Available in Paging File | 90,47% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 115,51 Gb Total Space | 27,20 Gb Free Space | 23,55% Space Free | Partition Type: NTFS
Drive D: | 350,25 Gb Total Space | 14,45 Gb Free Space | 4,13% Space Free | Partition Type: NTFS
 
Computer Name: SCHROTTKISTE | User Name: Norwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.11 19:23:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Data\Desktop\OTL.exe
PRC - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Programme\Hamachi\hamachi-2.exe
PRC - [2011.08.04 10:30:54 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Programme\Steam\steam.exe
PRC - [2011.05.10 13:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.05.10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2009.05.10 09:56:42 | 000,788,992 | ---- | M] ( ) -- C:\Programme\PowerPro\powerpro.exe
PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.09.07 16:16:52 | 000,044,544 | ---- | M] (Kazubon) -- C:\Programme\tclock\tclock.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2000.05.20 16:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.13 15:37:44 | 001,691,648 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12021301\algo.dll
MOD - [2012.02.13 11:17:44 | 001,691,648 | ---- | M] () -- C:\Programme\AVAST Software\Avast\defs\12021300\algo.dll
MOD - [2012.02.12 14:02:09 | 000,091,432 | ---- | M] () -- C:\Programme\Steam\bin\avutil-50.dll
MOD - [2012.02.12 14:02:07 | 000,155,432 | ---- | M] () -- C:\Programme\Steam\bin\avformat-52.dll
MOD - [2012.02.12 14:02:05 | 000,914,216 | ---- | M] () -- C:\Programme\Steam\bin\avcodec-52.dll
MOD - [2009.05.09 15:44:26 | 000,010,752 | ---- | M] () -- C:\Programme\PowerPro\pproGdix.dll
MOD - [2009.02.27 16:41:26 | 000,311,296 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\pdfshell.DEU
MOD - [2005.01.06 18:33:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\redmonnt.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
MOD - [2000.05.20 16:23:48 | 000,086,016 | ---- | M] () -- C:\WINDOWS\StartupMonitor.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - [2011.12.12 21:35:08 | 000,751,464 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Programme\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.08.15 16:18:10 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Programme\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.05.10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2005.04.03 23:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.05.10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.05.10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.05.10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.05.10 13:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.05.10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.05.10 12:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.05.10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.12.28 12:58:08 | 000,163,712 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2010.08.02 20:41:56 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.06 17:13:04 | 005,912,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010.02.11 13:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010.01.31 22:10:02 | 000,223,440 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2009.11.30 16:00:00 | 000,138,112 | ---- | M] (Roland Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rdwm1104.sys -- (RDID1104)
DRV - [2009.11.18 06:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 06:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.09.16 07:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009.07.02 18:49:34 | 004,125,696 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.06.24 11:24:34 | 003,734,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009.05.25 08:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.12.17 10:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.10.06 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avmunet.sys -- (AVMUNET)
DRV - [2006.07.04 02:10:28 | 000,178,048 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2005.01.02 02:10:37 | 000,026,240 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004.08.13 03:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.04.14 10:08:00 | 000,044,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2004.04.14 10:08:00 | 000,021,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2004.04.14 10:08:00 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2004.04.14 10:08:00 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002.09.16 17:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F2 46 F9 D5 64 E7 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;192.168.178.1
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.schuelervz.de/start/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Programme\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Programme\AVAST Software\Avast\WebRep\FF [2011.06.15 17:25:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.11.09 20:46:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.09.06 11:58:32 | 000,000,000 | ---D | M]
 
[2009.12.26 19:42:38 | 000,000,000 | ---D | M] (No name found) -- D:\Data\Anwendungsdaten\Mozilla\Extensions
[2009.09.12 11:44:31 | 000,000,000 | ---D | M] (No name found) -- D:\Data\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2009.12.25 22:51:07 | 000,000,000 | ---D | M] (No name found) -- D:\Data\Anwendungsdaten\Mozilla\Firefox\Profiles\hrb0csba.default\extensions
[2009.12.25 22:38:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Data\Anwendungsdaten\Mozilla\Firefox\Profiles\hrb0csba.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.01.06 11:54:38 | 000,000,000 | ---D | M] (No name found) -- D:\Data\Anwendungsdaten\Mozilla\Firefox\Profiles\xbcozgyp.default\extensions
[2010.04.27 16:04:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- D:\Data\Anwendungsdaten\Mozilla\Firefox\Profiles\xbcozgyp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.03.27 21:45:31 | 000,000,000 | ---D | M] (Abstract Zune) -- D:\Data\Anwendungsdaten\Mozilla\Firefox\Profiles\xbcozgyp.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
[2009.12.09 15:53:43 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- D:\Data\Anwendungsdaten\Mozilla\Firefox\Profiles\xbcozgyp.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2011.11.16 16:47:26 | 000,000,000 | ---D | M] (Greasemonkey) -- D:\Data\Anwendungsdaten\Mozilla\Firefox\Profiles\xbcozgyp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.11.09 20:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.12.25 22:37:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2011.11.09 20:46:09 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2008.09.04 01:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\mozilla firefox\plugins\npbittorrent.dll
[2009.04.08 03:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Programme\mozilla firefox\plugins\NPOP7PlugIn.dll
[2011.10.11 13:33:13 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.11 13:33:13 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011.10.11 13:33:13 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.11 13:33:13 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.11 13:33:13 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.11 13:33:13 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.09.17 20:24:31 | 000,001,351 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Programme\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nView\nwiz.exe /install File not found
O4 - HKLM..\Run: [Run StartupMonitor] C:\WINDOWS\StartupMonitor.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\11g Wireless LAN Utility.lnk = C:\Programme\LevelOne\11g Wireless LAN\WLanUtility.exe (LevelOne)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Verknüpfung mit tclock.exe.lnk = C:\Programme\tclock\tclock.exe (Kazubon)
O4 - Startup: C:\Dokumente und Einstellungen\Norwin\Startmenü\Programme\Autostart\ClearProg.lnk = C:\Programme\ClearProg\ClearProg.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Norwin\Startmenü\Programme\Autostart\Dropbox.lnk = D:\Data\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Norwin\Startmenü\Programme\Autostart\PowerPro.lnk = C:\Programme\PowerPro\powerpro.exe ( )
O4 - Startup: C:\Dokumente und Einstellungen\Norwin\Startmenü\Programme\Autostart\Verknüpfung mit hamachi-2-ui.lnk = C:\Programme\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95 00 00 00  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261117669953 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{005C231A-186A-4C32-A3EF-F23E351B7CA7}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55CD1C3A-269D-4268-936A-A73B82A929F1}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Norwin\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Data\Anwendungsdaten\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.17 22:16:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{30ae0a3e-eb53-11de-b16f-fbd70dd1f6fe}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O33 - MountPoints2\{72bb3ba6-0384-11df-b1b8-c6b4686a4494}\Shell\AutoRun\command - "" = F:\TrueCrypt.exe /q background /lm /m rm /v "based"
O33 - MountPoints2\{72c746a8-eb97-11de-b173-00116b1f2dc0}\Shell\AutoRun\command - "" = F:\TrueCrypt\TrueCrypt.exe /q background /e /m rm /v "daten.tc"
O33 - MountPoints2\{72c746a8-eb97-11de-b173-00116b1f2dc0}\Shell\dismount\command - "" = F:\TrueCrypt\TrueCrypt.exe /q /d
O33 - MountPoints2\{72c746a8-eb97-11de-b173-00116b1f2dc0}\Shell\start\command - "" = F:\TrueCrypt\TrueCrypt.exe
O33 - MountPoints2\{9e2bc570-f6f6-11de-b198-bd89fd0fbb6f}\Shell - "" = AutoRun
O33 - MountPoints2\{9e2bc570-f6f6-11de-b198-bd89fd0fbb6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9e2bc570-f6f6-11de-b198-bd89fd0fbb6f}\Shell\AutoRun\command - "" = F:\preinst.exe
O33 - MountPoints2\{e15b6e41-eb51-11de-b16d-ae12a03719d1}\Shell\AutoRun\command - "" = G:\CruzerPro.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Programme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm -  File not found
SafeBootNet: nm.sys -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.0
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.12 20:18:46 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.02.12 20:18:13 | 002,322,184 | ---- | C] (ESET) -- D:\Data\Desktop\esetsmartinstaller_enu.exe
[2012.02.12 18:46:25 | 000,000,000 | ---D | C] -- D:\Data\Anwendungsdaten\Malwarebytes
[2012.02.12 18:46:21 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012.02.12 18:46:21 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012.02.12 18:46:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012.02.12 18:46:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2012.02.12 15:31:22 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- D:\Data\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.12 12:26:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\NVIDIA Corporation
[2012.02.12 12:26:18 | 000,000,000 | ---D | C] -- C:\Programme\AGEIA Technologies
[2012.02.12 12:26:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2012.02.12 12:25:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NVIDIA Corporation
[2012.02.12 12:25:16 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2012.02.11 21:28:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- D:\Data\Desktop\OTL.exe
[2012.01.30 17:17:45 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2012.01.30 17:09:51 | 000,000,000 | ---D | C] -- C:\Programme\operation7
[2012.01.21 18:24:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Norwin\Startmenü\Programme\GeoGebra 4
[2009.12.25 23:06:26 | 000,114,688 | ---- | C] (JSS) -- C:\Programme\Jsscs.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2016.01.06 13:50:11 | 000,115,977 | ---- | M] () -- D:\Data\Desktop\facebook.jpg
[2012.02.13 16:41:28 | 000,060,541 | ---- | M] () -- D:\Data\Desktop\backup_TheDarkness-OgameUni64_2012-02-13-1541(1).sql.gz
[2012.02.13 16:30:05 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\rxlott.sys
[2012.02.13 16:07:42 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2012.02.13 16:02:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.12 20:18:15 | 002,322,184 | ---- | M] (ESET) -- D:\Data\Desktop\esetsmartinstaller_enu.exe
[2012.02.12 19:49:04 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.12 18:46:21 | 000,000,762 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.12 15:31:41 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- D:\Data\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.12 10:09:45 | 000,219,120 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2012.02.11 19:23:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\Data\Desktop\OTL.exe
[2012.02.11 19:07:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.09 18:04:43 | 000,015,214 | ---- | M] () -- D:\Data\Desktop\Awesome_Smiley.png
[2012.02.09 18:04:43 | 000,004,029 | ---- | M] () -- C:\Dokumente und Einstellungen\Norwin\.recently-used.xbel
[2012.02.09 13:49:25 | 000,020,123 | ---- | M] () -- D:\Data\Desktop\minenbanner.jpg
[2012.02.05 17:54:28 | 000,197,236 | ---- | M] () -- D:\Data\Desktop\opeth_heir_apparent.gp5
[2012.02.03 14:21:58 | 000,008,741 | ---- | M] () -- D:\Data\Desktop\streicherzeugz.gp5
[2012.02.03 00:15:29 | 000,000,741 | ---- | M] () -- C:\Dokumente und Einstellungen\Norwin\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.02.01 22:24:22 | 000,013,177 | ---- | M] () -- D:\Data\Desktop\stundanplana.pdf
[2012.01.30 15:30:30 | 000,088,310 | ---- | M] () -- D:\Data\Desktop\426363_367786043247829_100000493095341_1451579_1332120926_n.jpg
[2012.01.29 18:19:17 | 000,091,839 | ---- | M] () -- D:\Data\Desktop\423285_366958226663944_100000493095341_1448899_1243685936_n.jpg
[2012.01.24 17:19:48 | 000,242,759 | ---- | M] () -- D:\Data\Desktop\mondsch1.jpg
[2012.01.23 19:43:18 | 000,341,541 | ---- | M] () -- D:\Data\Desktop\vpipi aufsatz.jpg
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2016.01.06 13:50:11 | 000,115,977 | ---- | C] () -- D:\Data\Desktop\facebook.jpg
[2012.02.13 16:41:28 | 000,060,541 | ---- | C] () -- D:\Data\Desktop\backup_TheDarkness-OgameUni64_2012-02-13-1541(1).sql.gz
[2012.02.13 16:30:05 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\rxlott.sys
[2012.02.12 19:49:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.02.12 18:46:21 | 000,000,762 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.09 18:04:43 | 000,004,029 | ---- | C] () -- C:\Dokumente und Einstellungen\Norwin\.recently-used.xbel
[2012.02.09 15:16:58 | 000,015,214 | ---- | C] () -- D:\Data\Desktop\Awesome_Smiley.png
[2012.02.09 13:49:24 | 000,020,123 | ---- | C] () -- D:\Data\Desktop\minenbanner.jpg
[2012.02.05 17:54:27 | 000,197,236 | ---- | C] () -- D:\Data\Desktop\opeth_heir_apparent.gp5
[2012.02.03 14:21:57 | 000,008,741 | ---- | C] () -- D:\Data\Desktop\streicherzeugz.gp5
[2012.02.01 22:24:19 | 000,013,177 | ---- | C] () -- D:\Data\Desktop\stundanplana.pdf
[2012.01.30 15:30:29 | 000,088,310 | ---- | C] () -- D:\Data\Desktop\426363_367786043247829_100000493095341_1451579_1332120926_n.jpg
[2012.01.29 18:19:16 | 000,091,839 | ---- | C] () -- D:\Data\Desktop\423285_366958226663944_100000493095341_1448899_1243685936_n.jpg
[2012.01.24 17:19:48 | 000,242,759 | ---- | C] () -- D:\Data\Desktop\mondsch1.jpg
[2012.01.23 19:43:59 | 000,341,541 | ---- | C] () -- D:\Data\Desktop\vpipi aufsatz.jpg
[2011.12.12 18:55:40 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2011.12.10 18:59:57 | 000,000,270 | ---- | C] () -- C:\WINDOWS\game.ini
[2011.11.05 00:43:43 | 000,000,122 | ---- | C] () -- C:\WINDOWS\WA.INI
[2011.10.11 20:23:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011.09.25 11:33:59 | 000,001,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Norwin\Lokale Einstellungen\Anwendungsdaten\Adobe Für Web speichern 12.0 Prefs
[2011.08.11 10:47:34 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\RdCi1104.dll
[2011.08.11 10:47:34 | 000,004,088 | ---- | C] () -- C:\WINDOWS\System32\RD3T1104.DAT
[2011.06.14 20:21:49 | 000,040,960 | R--- | C] () -- C:\WINDOWS\IGLobbyReg.exe
[2011.05.11 17:53:44 | 000,215,128 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.05.11 17:53:33 | 000,075,064 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011.02.14 15:21:28 | 000,000,309 | ---- | C] () -- C:\WINDOWS\{17FE44E2-D21A-4F0C-BE49-798A8FBC374E}_WiseFW.ini
[2011.01.04 14:29:38 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011.01.01 20:47:23 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\GkSui18.EXE
[2010.12.08 17:40:13 | 000,065,536 | ---- | C] () -- C:\WINDOWS\IFinst27.exe
[2010.11.08 20:44:55 | 000,000,604 | -H-- | C] () -- C:\Programme\STLL Notifier
[2010.08.02 21:07:48 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.06.25 18:54:24 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2010.06.25 14:48:05 | 000,000,025 | ---- | C] () -- C:\Programme\popcinfot.dat
[2010.06.08 14:36:12 | 000,000,083 | ---- | C] () -- C:\WINDOWS\wwp.INI
[2010.05.16 20:36:33 | 000,022,328 | ---- | C] () -- D:\Data\Anwendungsdaten\PnkBstrK.sys
[2010.05.16 20:36:14 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe
[2010.04.14 13:53:08 | 000,047,141 | ---- | C] () -- C:\WINDOWS\System32\uninst.exe
[2010.03.16 15:41:23 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010.03.16 15:15:12 | 000,000,532 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2010.02.02 09:23:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2010.01.17 19:41:43 | 000,000,406 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010.01.09 18:06:58 | 000,000,048 | ---- | C] () -- C:\WINDOWS\scmate.ini
[2010.01.04 18:19:08 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010.01.04 18:19:08 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe
[2010.01.04 18:10:18 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.01.01 18:14:44 | 000,166,868 | ---- | C] () -- C:\WINDOWS\hpoins21.dat
[2010.01.01 18:14:44 | 000,008,138 | ---- | C] () -- C:\WINDOWS\hpomdl21.dat
[2010.01.01 18:05:28 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010.01.01 18:05:28 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2040.DAT
[2009.12.27 20:00:39 | 000,008,133 | ---- | C] () -- C:\WINDOWS\CDPLAYER.INI
[2009.12.26 19:34:03 | 000,062,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Norwin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.25 23:22:26 | 000,000,041 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2009.12.25 23:07:00 | 000,000,063 | ---- | C] () -- C:\WINDOWS\DeskTopBird_K.ini
[2009.12.25 22:50:38 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2009.12.25 22:43:14 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.12.25 22:34:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.12.18 22:54:07 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.12.17 22:58:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009.12.17 22:57:15 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2009.12.17 22:57:15 | 000,012,400 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2009.12.17 22:57:14 | 000,011,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2009.12.17 22:57:14 | 000,010,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2009.12.17 22:56:16 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.12.17 22:52:00 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009.12.17 22:52:00 | 000,197,654 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009.12.17 22:52:00 | 000,000,003 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009.12.17 22:49:48 | 000,043,046 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2009.12.17 22:49:17 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.12.17 22:49:13 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2009.12.17 22:49:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\DAOD.exe
[2009.12.17 22:49:11 | 000,033,275 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.12.17 22:49:10 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.12.17 22:17:32 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.12.17 22:13:37 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.12.17 22:03:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.12.17 22:02:20 | 003,520,064 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.10.05 11:10:18 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.10.05 11:10:18 | 000,007,756 | ---- | C] () -- C:\WINDOWS\cadx2.ini
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.02.18 18:55:22 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009.02.03 21:52:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2004.08.04 01:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.08.23 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.08.23 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.08.23 13:00:00 | 000,449,932 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001.08.23 13:00:00 | 000,433,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.08.23 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.08.23 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001.08.23 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.08.23 13:00:00 | 000,080,790 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001.08.23 13:00:00 | 000,068,116 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.08.23 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.08.23 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001.08.23 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.08.23 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.08.23 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000.05.20 16:23:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\StartupMonitor.exe
[2000.01.05 12:51:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[1997.06.14 09:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
 
========== LOP Check ==========
 
[2011.12.11 11:45:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2010.03.15 13:09:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2010.08.02 21:49:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Age of Empires 3
[2011.03.01 20:41:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software
[2010.12.02 14:49:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ChessBase
[2010.08.02 20:41:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2010.08.27 13:12:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DFX
[2011.02.13 21:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EarMaster
[2011.06.07 14:57:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser
[2010.01.04 18:19:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreePDF
[2009.12.31 20:55:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MediaMonkey
[2010.06.25 13:27:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games
[2011.05.03 21:51:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Propellerhead Software
[2010.09.18 11:17:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe
[2009.12.25 22:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2010.03.14 21:19:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Steinberg
[2011.06.26 15:09:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2010.01.31 22:10:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrueCrypt
[2012.01.03 23:21:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle
[2011.06.07 14:44:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VST3 Presets
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.30 21:09:58 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\.minecraft
[2010.03.15 13:09:46 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Ableton
[2011.08.15 01:02:59 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Adobe
[2010.09.17 12:55:28 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Adobe Mini Bridge CS5
[2012.02.13 16:30:43 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\AK-Mail
[2012.01.04 13:54:32 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\AnvSoft
[2009.12.26 21:35:09 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\ArcSoft
[2011.11.25 22:23:56 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\ATI
[2012.01.04 17:13:40 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\BitTorrent
[2010.12.20 14:54:33 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Cakewalk
[2010.11.09 15:12:15 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\ChessBase
[2011.01.03 22:51:27 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Clonk Rage
[2009.12.18 22:48:31 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Cruzer Pro
[2010.08.02 20:51:35 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\DAEMON Tools Lite
[2010.01.17 21:07:48 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\DeepBurner
[2010.06.15 19:23:28 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\DNA
[2011.08.31 20:27:24 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Downloaded Installations
[2012.02.13 16:08:34 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Dropbox
[2011.12.31 23:00:53 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\dvdcss
[2011.02.13 22:05:22 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\EarMaster
[2010.08.28 14:48:48 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\foobar2000
[2011.12.31 19:20:14 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\GetRightToGo
[2009.12.25 22:47:40 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\GHISLER
[2012.02.09 18:04:43 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\gtk-2.0
[2011.01.05 02:54:00 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Hamachi
[2011.05.11 17:24:26 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Help
[2009.12.27 11:04:27 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\IrfanView
[2011.01.21 21:26:26 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\JavaEditor
[2009.12.27 13:37:58 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\KeePass
[2011.03.14 14:38:52 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Kopie von AK-Mail
[2011.01.05 15:21:02 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Kopie von Hamachi
[2009.12.19 17:37:36 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Macromedia
[2012.02.12 18:46:25 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Malwarebytes
[2012.01.11 18:31:28 | 000,000,000 | --SD | M] -- D:\Data\Anwendungsdaten\Microsoft
[2010.11.30 21:44:51 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Miranda
[2009.12.25 22:34:04 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Mozilla
[2009.12.30 13:55:28 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Mp3tag
[2010.11.08 20:53:15 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Neuratron
[2010.07.04 19:36:20 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\OpenOffice.org
[2012.01.11 19:04:00 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\PowerPro
[2011.05.03 21:52:39 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Propellerhead Software
[2011.01.08 13:03:16 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Rapid Evolution 2
[2011.09.18 20:27:48 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Rovio
[2012.02.03 17:16:29 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\ScanSoft
[2010.11.08 20:45:00 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Sibelius Software
[2012.02.13 18:02:50 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Skype
[2011.11.30 20:09:25 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\skypePM
[2011.10.04 16:02:41 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Soldat
[2011.06.07 15:09:10 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Steinberg
[2009.12.25 22:36:55 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Sun
[2010.03.02 18:00:48 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\TrueCrypt
[2012.01.29 23:03:58 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\Tunngle
[2012.02.13 00:04:07 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\vlc
[2011.08.16 17:24:11 | 000,000,000 | ---D | M] -- D:\Data\Anwendungsdaten\VST3 Presets
 
< %APPDATA%\*.exe /s >
[2011.03.01 14:26:14 | 000,270,848 | ---- | M] (Teckda) -- D:\Data\Anwendungsdaten\.minecraft\Minecraft Beta.exe
[2010.10.21 02:00:02 | 000,695,296 | ---- | M] (AnjoCaido) -- D:\Data\Anwendungsdaten\.minecraft\Minecraft Updater.exe
[2010.09.25 10:15:25 | 000,232,159 | ---- | M] () -- D:\Data\Anwendungsdaten\.minecraft\Minecraft.exe
[2011.10.30 21:09:58 | 000,290,828 | ---- | M] () -- D:\Data\Anwendungsdaten\.minecraft\Uninstall.exe
[2008.10.10 10:57:58 | 001,206,424 | ---- | M] (Andreas Kinzler) -- D:\Data\Anwendungsdaten\AK-Mail\akmail.exe
[2011.01.11 19:05:20 | 000,048,181 | ---- | M] () -- D:\Data\Anwendungsdaten\AK-Mail\uninstall.exe
[2005.02.27 00:27:00 | 000,052,224 | ---- | M] () -- D:\Data\Anwendungsdaten\AK-Mail\network\aksa.exe
[2006.11.30 21:59:22 | 000,089,088 | ---- | M] () -- D:\Data\Anwendungsdaten\AK-Mail\stunnel\stunnel.exe
[2007.08.30 12:41:50 | 001,675,264 | ---- | M] (SanDisk) -- D:\Data\Anwendungsdaten\Cruzer Pro\CruzerPro.exe
[2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- D:\Data\Anwendungsdaten\Dropbox\bin\Dropbox.exe
[2012.01.18 19:54:36 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- D:\Data\Anwendungsdaten\Dropbox\bin\Uninstall.exe
[2008.10.10 10:57:58 | 001,206,424 | ---- | M] (Andreas Kinzler) -- D:\Data\Anwendungsdaten\Kopie von AK-Mail\akmail.exe
[2009.03.07 18:56:13 | 000,048,181 | ---- | M] () -- D:\Data\Anwendungsdaten\Kopie von AK-Mail\uninstall.exe
[2005.02.27 00:27:00 | 000,052,224 | ---- | M] () -- D:\Data\Anwendungsdaten\Kopie von AK-Mail\Network\aksa.exe
[2006.11.30 21:59:22 | 000,089,088 | ---- | M] () -- D:\Data\Anwendungsdaten\Kopie von AK-Mail\stunnel\stunnel.exe
[2011.06.12 14:14:24 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- D:\Data\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.06.15 16:33:44 | 000,001,078 | R--- | M] () -- D:\Data\Anwendungsdaten\Microsoft\Installer\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}\_60c11ac7.exe
[2011.06.14 20:22:43 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- D:\Data\Anwendungsdaten\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\ARPPRODUCTICON.exe
[2011.06.14 20:22:43 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- D:\Data\Anwendungsdaten\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe1_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
[2011.06.14 20:22:43 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- D:\Data\Anwendungsdaten\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GameShadow.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
[2011.06.14 20:22:43 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- D:\Data\Anwendungsdaten\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\GSDR.exe_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
[2011.06.14 20:22:43 | 000,008,854 | R--- | M] () -- D:\Data\Anwendungsdaten\Microsoft\Installer\{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}\Uninstall_GameShadow_BAB1DDFC9AE64358B0AD15DC2FDBA636.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 07:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001.08.23 13:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.08.02 20:41:56 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2009.12.17 23:01:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.17 23:01:44 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.17 23:01:43 | 000,450,560 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:05EE1EEF

< End of report >

Windows blockiert, 50 Euro Update

Log-Analyse und Auswertung: Windows blockiert, 50 Euro Update

Windows blockiert, 50 Euro Update

Ähnliche Themen: Windows blockiert, 50 Euro Update