| |
| |||||||
Log-Analyse und Auswertung: gema.exe hat zugeschlagen...Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.03.2012, 23:50
| #1 |
| |  gema.exe hat zugeschlagen... Hallo liebe Board-Mitglieder, leider hat mich heute mittag der gema.exe-Trojaner erwischt. Ich habe bereits die OTLPE-Iso erstellt und wollte auch einen hier geposten fix anwenden. Booten und fix anwenden geht. Allerdings startet mein Laptop danach weder automatisch noch manuell neu. Weiß also nicht, ob der fix nicht funktioniert, weil die System-Einstellungen nicht gespeichert werden können, oder weil der fix nicht meinen Befall heilen kann. ich hänge die erstellte OTL.txt an und hoffe, dass mir jemand helfen kann. Habe Windows XP SP2. Schöne Grüße, Meister Ani  OTL Logfile: Code:
ATTFilter OTL logfile created on: 3/17/2012 11:07:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,014.00 Mb Total Physical Memory | 796.00 Mb Available Physical Memory | 78.00% Memory free
902.00 Mb Paging File | 846.00 Mb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 1000 1825 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53.20 Gb Total Space | 3.44 Gb Free Space | 6.47% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 0.88 Gb Free Space | 1.65% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto] -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 15:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/06/28 18:35:36 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/05/16 14:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [On_Demand] -- C:\Symanjay Security\Ad-aware 6\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/04/27 19:10:56 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/04/16 13:14:34 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/25 08:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand] -- C:\Programme\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Dokumente und Einstellungen\3682\Eigene Dateien\Uni\W-Lan\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/08/09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/17 11:20:10 | 000,061,440 | ---- | M] (Hewlett-Packard Company) [Auto] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/05/17 19:04:20 | 000,254,050 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006/05/17 19:04:20 | 000,114,784 | ---- | M] () [Auto] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006/05/17 19:03:40 | 000,061,440 | ---- | M] (Cyberlink) [Auto] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2006/03/29 20:53:34 | 000,028,672 | ---- | M] (Acer Inc.) [Auto] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006/01/17 10:37:24 | 000,266,295 | ---- | M] (Broadcom Corporation.) [Disabled] -- C:\Widcomm Bluetooth\bin\btwdins.exe -- (btwdins)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/08/24 02:29:52 | 000,118,272 | ---- | M] (TuneUp Software GmbH) [On_Demand] -- C:\Symanjay Security\Tuneup Utilities 2006 v5.0.2327\WinStylerThemeSvc.exe -- (TUWinStylerThemeSvc)
SRV - [2004/08/04 05:00:00 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 15:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/06/28 18:35:44 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 18:35:44 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/05/14 13:08:16 | 000,015,232 | ---- | M] () [Kernel | On_Demand] -- C:\Symanjay Security\Ad-aware 6\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/23 08:46:10 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/09/25 17:59:46 | 001,511,936 | R--- | M] (C-Media Electronics Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CM106.sys -- (USBMULCD)
DRV - [2009/05/11 10:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/02/13 12:35:02 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/06/19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/01 10:24:08 | 000,685,816 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/07/06 16:57:14 | 000,028,276 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2007/02/08 18:28:02 | 000,011,008 | ---- | M] (Hercules (R)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdjctrl.sys -- (HDJCtrl)
DRV - [2007/02/08 18:23:12 | 000,039,296 | ---- | M] (Hercules Technologies) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/07/19 09:42:00 | 004,304,384 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/06/20 03:20:24 | 001,097,728 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2006/06/20 03:16:16 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/06/13 10:18:00 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006/06/13 10:03:00 | 000,488,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2006/06/02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006/06/02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006/06/02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006/06/01 08:55:00 | 000,244,864 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/04 03:17:24 | 001,429,632 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2006/01/17 10:21:52 | 000,328,061 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/01/17 10:19:46 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2006/01/17 10:18:22 | 000,850,474 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/01/17 10:15:36 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/01/17 10:11:56 | 000,148,900 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005/12/13 23:08:44 | 001,124,097 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/11/21 07:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/07/28 11:49:00 | 000,334,080 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd2.sys -- (snpstd2)
DRV - [2003/09/04 12:32:48 | 000,009,886 | ---- | M] (SONIX Technology Co., LTD) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\UAFilter.sys -- (uafilter)
DRV - [2003/08/13 14:33:54 | 000,404,736 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ausens.sys -- (ausens)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://global.acer.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\3682_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\3682_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://global.acer.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:5.0.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 44
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2011.07.04
FF - prefs.js..network.proxy.type: 4
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2768: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2826: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1578: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\VLC Media Player\npvlc.dll (VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Dokumente und Einstellungen\3682\Lokale Einstellungen\Anwendungsdaten\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software\Citavi Picker\Firefox [2011/01/23 22:48:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2011/11/15 17:44:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fe_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012/01/24 16:06:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2007/05/19 18:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2007/05/19 18:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2008/09/03 16:23:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010/11/15 21:16:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/24 16:06:30 | 000,000,000 | ---D | M]
[2008/09/03 16:13:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Extensions
[2010/09/03 19:12:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2007/05/19 18:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Firefox\Profiles\ntjx6s4d.default\extensions
[2007/05/19 19:15:48 | 000,000,000 | ---D | M] ("Doodle Plastik") -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Firefox\Profiles\ntjx6s4d.default\extensions\{26bf010a-c934-4f38-868d-e8419d9e82ff}
[2009/09/14 13:10:00 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Firefox\Profiles\ntjx6s4d.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/11/17 21:52:48 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Firefox\Profiles\ntjx6s4d.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010/09/22 23:36:32 | 000,000,000 | ---D | M] (United States English Spellchecker) -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Firefox\Profiles\ntjx6s4d.default\extensions\en-US@dictionaries.addons.mozilla.org
[2009/06/03 12:32:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\mozilla\Firefox\Profiles\ntjx6s4d.default\extensions\moveplayer@movenetworks.com
[2012/03/09 21:20:08 | 000,002,529 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\amazon-uk.xml
[2008/06/22 17:35:04 | 000,000,908 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\imdb.xml
[2012/03/09 21:20:08 | 000,006,213 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\discogs.xml
[2012/03/09 21:20:08 | 000,002,291 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\amazon-jp.xml
[2008/09/02 16:43:26 | 000,001,330 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\wikipedia-en.xml
[2012/03/09 21:20:08 | 000,001,946 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\myspace-music.xml
[2011/10/21 22:29:58 | 000,002,193 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\soundcloud.xml
[2008/01/02 21:34:38 | 000,001,959 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\lastfm.xml
[2008/02/21 22:06:44 | 000,002,109 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Mozilla\Firefox\Profiles\ntjx6s4d.default\searchplugins\youtube-video-search.xml
[2007/05/19 18:12:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/02/16 09:45:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2011/01/23 22:48:34 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX
[2010/12/08 11:02:18 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/02/17 22:00:54 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2005/09/15 18:26:00 | 000,044,153 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\inspector.dll
[2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\npmozax.dll
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/29 15:02:50 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/29 14:50:56 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/01/29 15:02:50 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/01/29 15:02:50 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/01/29 15:02:50 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/29 15:02:50 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011/09/24 17:53:20 | 000,437,921 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Symanjay Security\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\3682_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\3682_ON_C\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [BrStsMon00] C:\Programme\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Cm106Sound] File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Programme\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [gema] C:\WINDOWS\system32\gema.exe ()
O4 - HKLM..\Run: [gema.] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [MP10_EnsureFileVer] C:\WINDOWS\inf\unregmp2.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe ()
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\3682_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\3682\Anwendungsdaten\gema\gema.exe ()
O4 - HKU\3682_ON_C..\Run: [TuneUp MemOptimizer] C:\Symanjay Security\Tuneup Utilities 2006 v5.0.2327\MemOptimizer.exe (TuneUp Software GmbH)
O4 - HKU\Administrator_ON_C..\Run: [gema] C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe ()
O4 - HKU\Administrator_ON_C..\Run: [MSMSGS] File not found
O4 - HKLM..\RunOnce: ["C:\Dokumente und Einstellungen\3682\Eigene Dateien\Downloads\C:\Dokumente und Einstellungen\3682\Eigene Dateien\Downloads\PhotoPorstOnlineClient.exe"] File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\3682_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Dokumente und Einstellungen\3682\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\3682\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Widcomm Bluetooth\btsendto_ie_ctx.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Widcomm Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Widcomm Bluetooth\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Symanjay Security\Spybot\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\gema.exe) - C:\WINDOWS\system32\gema.exe ()
O20 - HKU\3682_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\3682\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\3682\Anwendungsdaten\gema\gema.exe ()
O20 - HKU\3682_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Administrator_ON_C Winlogon: Shell - (C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe) - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema\gema.exe ()
O20 - HKU\Administrator_ON_C Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/08/02 14:53:04 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/04/16 12:57:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ FAT32 ]
O32 - AutoRun File - [2009/03/12 16:05:22 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{836608b0-69ee-11e0-844e-00197d1876cd}\Shell\AutoRun\command - "" = Menu.exe
O33 - MountPoints2\{d2960c7e-5cc0-11de-bf44-00197d1876cd}\Shell\AutoRun\command - "" = G:\Menu.exe
O33 - MountPoints2\{ea35163c-01a4-11e1-85bb-00197d1876cd}\Shell\AutoRun\command - "" = G:\Launcher.exe
O33 - MountPoints2\{efeea1f8-a1c9-11dd-bd47-00197d1876cd}\Shell\AutoRun\command - "" = G:\tknapl.exe
O33 - MountPoints2\{efeea1f8-a1c9-11dd-bd47-00197d1876cd}\Shell\explore\Command - "" = G:\tknapl.exe
O33 - MountPoints2\{efeea1f8-a1c9-11dd-bd47-00197d1876cd}\Shell\open\Command - "" = G:\tknapl.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:58:20 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {51004AD7-B108-6D71-E74C-37568A86A8D1} - NetShow
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5C5EA6C2-658F-4DF5-8870-289131F5222B} - Outlook Express
ActiveX: {5EB303EC-616E-B95D-A56A-48E52F7B3510} - Viewpoint Media Player
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C73D3F78-2CAF-1F1B-8E25-5B49122A7903} - Vektorgrafik-Rendering (VML)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F3CFB20E-71BB-C93B-B4FA-EC8843652233} - Outlook Express
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /HideWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\system32\iprip.dll (Microsoft Corporation)
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
MsConfig - Services: "btwdins"
MsConfig - Services: "BthServ"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^3682^Startmenü^Programme^Autostart^Dropbox.lnk - C:\DOKUME~1\3682\ANWEND~1\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe - (Acer Inc.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - C:\Widcomm Bluetooth\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk - - File not found
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^MBCameraMonitor.lnk - C:\Everio MediaBrowser\MBCameraMonitor.exe - (PIXELA CORPORATION)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Microsoft Office.lnk - C:\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^VPN Client.lnk - C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Akamai NetSession Interface - hkey= - key= - File not found
MsConfig - StartUpReg: BluetoothAuthenticationAgent - hkey= - key= - File not found
MsConfig - StartUpReg: CheckPoint Cleanup - hkey= - key= - File not found
MsConfig - StartUpReg: DAEMON Tools - hkey= - key= - C:\DAEMON Tools\daemon.exe (DT Soft Ltd.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: gema - hkey= - key= - File not found
MsConfig - StartUpReg: gema. - hkey= - key= - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema\gema.exe ()
MsConfig - StartUpReg: HP Software Update - hkey= - key= - File not found
MsConfig - StartUpReg: ISUSPM Startup - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
MsConfig - StartUpReg: ISUSScheduler - hkey= - key= - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
MsConfig - StartUpReg: LaunchApp - hkey= - key= - C:\WINDOWS\Alaunch.exe (Acer Inc.)
MsConfig - StartUpReg: MDS_Menu - hkey= - key= - C:\Programme\Olympus\ib\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig - StartUpReg: MMTray - hkey= - key= - C:\Music Match Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
MsConfig - StartUpReg: MSMSGS - hkey= - key= - File not found
MsConfig - StartUpReg: MySpaceIM - hkey= - key= - File not found
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NokiaMServer - hkey= - key= - File not found
MsConfig - StartUpReg: Olympus ib - hkey= - key= - C:\Programme\Olympus\ib\olycamdetect.exe (OLYMPUS IMAGING CORP.)
MsConfig - StartUpReg: OV2_Monitor - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= - File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: RTHDCPL - hkey= - key= - C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SkyTel - hkey= - key= - C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Symanjay Security\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Winamp\winampa.exe ()
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
========== Files/Folders - Created Within 30 Days ==========
[2012/03/17 14:28:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2012/03/17 13:41:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\gema
[2012/03/17 13:41:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012/03/07 17:42:20 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2012/03/05 22:55:32 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2012/02/19 13:01:02 | 000,000,000 | ---D | C] -- C:\Die Sims
[2009/11/19 21:08:02 | 003,749,224 | ---- | C] (Acresso Software Inc.) -- C:\Programme\Gemeinsame Dateien\adlmint_libFNP.dll
[2009/11/19 21:08:02 | 002,941,288 | ---- | C] (Autodesk, Inc.) -- C:\Programme\Gemeinsame Dateien\adlmint.dll
[2007/05/22 14:09:50 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd2.dll
[2007/05/22 14:09:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd2.dll
[2007/04/12 08:35:47 | 000,016,384 | ---- | C] ( ) -- C:\WINDOWS\System32\ClearEvent.exe
[2006/05/25 18:18:48 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\Interop.Shell32.dll
[2006/04/18 19:54:50 | 000,049,152 | ---- | C] ( ) -- C:\WINDOWS\System32\SysMonitor.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/03/17 15:30:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/17 15:23:38 | 1063,436,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/17 14:08:48 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012/03/17 13:41:04 | 000,249,929 | ---- | M] () -- C:\WINDOWS\System32\gema.exe
[2012/03/15 17:58:28 | 000,061,583 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Eigene Dateien\Krankenkassenkarte.pdf
[2012/03/15 17:55:18 | 000,002,415 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Word.lnk
[2012/03/14 23:49:46 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/09 17:15:02 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012/03/06 18:43:08 | 000,053,898 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2012/02/28 23:00:20 | 000,000,270 | ---- | M] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2012/02/28 22:55:52 | 000,176,128 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/28 22:32:04 | 000,001,024 | ---- | M] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\WavCodec.wff
[2012/02/23 08:28:54 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/17 19:17:04 | 000,000,781 | ---- | M] () -- C:\WINDOWS\System\Cm106.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/03/17 14:32:57 | 1063,436,288 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/17 13:41:15 | 000,249,929 | ---- | C] () -- C:\WINDOWS\System32\gema.exe
[2012/03/15 17:58:21 | 000,061,583 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\Eigene Dateien\Krankenkassenkarte.pdf
[2012/02/28 23:00:16 | 000,000,270 | ---- | C] () -- C:\WINDOWS\tasks\videopadShakeIcon.job
[2012/02/16 17:06:36 | 000,000,125 | ---- | C] () -- C:\WINDOWS\Cm106.ini.cfl
[2012/02/16 17:05:58 | 000,001,249 | R--- | C] () -- C:\WINDOWS\Cm106.ini.cfg
[2012/02/16 17:05:43 | 000,000,868 | R--- | C] () -- C:\WINDOWS\cm106.ini
[2011/11/21 23:42:25 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/05/14 13:09:36 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/14 13:09:36 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/14 22:42:37 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/14 22:41:27 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF10B.DAT
[2011/04/13 22:19:08 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/12/15 00:50:11 | 000,462,192 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010/10/23 22:56:32 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/03/17 22:11:28 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2009/11/07 12:37:31 | 000,000,202 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\webct_upload_applet.properties
[2009/10/05 22:58:15 | 000,000,179 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2008/12/29 19:12:53 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/11/30 17:59:00 | 000,000,014 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\usb001
[2008/11/28 22:00:46 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\PUTTY.RND
[2008/11/02 21:15:22 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5y.DLL
[2008/08/27 20:56:28 | 000,029,744 | ---- | C] () -- C:\WINDOWS\System32\InstHelper.dll
[2008/06/19 18:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 18:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/06/01 17:32:30 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/06/01 17:32:30 | 000,002,554 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/11/30 14:11:56 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2007/11/18 16:43:06 | 000,000,123 | ---- | C] () -- C:\WINDOWS\Winchat.ini
[2007/08/10 00:30:16 | 000,000,820 | ---- | C] () -- C:\WINDOWS\KanjiQuickDE.ini
[2007/08/10 00:19:46 | 000,000,477 | ---- | C] () -- C:\WINDOWS\KanjiQuickEN.ini
[2007/08/07 00:07:45 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007/07/26 22:58:20 | 000,001,024 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\WavCodec.wff
[2007/07/13 03:49:19 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/07/13 03:49:18 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2007/07/13 03:49:18 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/07/13 03:49:17 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2007/07/13 03:49:17 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2007/07/13 03:49:17 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2007/07/06 17:18:52 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2007/07/04 18:04:07 | 004,215,160 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/07/01 21:30:52 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2007/07/01 20:30:13 | 000,053,898 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/07/01 20:20:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\JCMKR32.INI
[2007/06/07 20:58:53 | 000,033,021 | ---- | C] () -- C:\WINDOWS\System32\CoreVorbis-uninstall.exe
[2007/05/31 19:57:43 | 000,000,019 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\anzds
[2007/05/31 19:57:40 | 000,000,089 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\p6demopfad
[2007/05/30 17:15:31 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/29 21:39:13 | 000,001,453 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/05/22 14:09:57 | 000,286,720 | ---- | C] () -- C:\WINDOWS\vsnpstd2.exe
[2007/05/22 14:09:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd2.dll
[2007/05/22 14:09:57 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd2.ini
[2007/05/22 14:09:53 | 000,334,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd2.sys
[2007/05/22 14:09:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\rsnpstd2.dll
[2007/05/22 14:09:48 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd2.exe
[2007/05/20 12:32:34 | 000,176,128 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/19 21:29:21 | 003,358,237 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\wincue.mlc
[2007/05/19 20:29:45 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2007/05/19 18:45:18 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2007/05/19 17:57:08 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/05/15 09:49:36 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\3682\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/05/08 03:52:16 | 000,245,760 | R--- | C] () -- C:\WINDOWS\System32\setupsup.dll
[2007/04/12 08:37:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15.sys
[2007/04/12 08:37:32 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\drivers\int15_64.sys
[2007/04/12 08:28:30 | 000,159,821 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.EXE
[2007/04/12 08:28:30 | 000,000,084 | ---- | C] () -- C:\WINDOWS\EMEAPAGE.INI
[2007/03/02 12:44:44 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\zmbv.dll
[2006/08/04 18:02:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/08/04 18:01:46 | 000,000,012 | ---- | C] () -- C:\WINDOWS\bthservsdp.dat
[2006/08/04 18:01:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/04 16:42:12 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/04 16:01:46 | 000,005,536 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2006/08/02 15:00:14 | 000,377,648 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/08/02 14:59:14 | 000,460,908 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/08/02 14:59:14 | 000,442,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/08/02 14:59:14 | 000,085,594 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/08/02 14:59:14 | 000,072,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/08/02 14:53:26 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2006/08/02 14:52:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2006/08/02 14:52:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2006/08/02 14:52:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2006/08/02 14:52:36 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2006/08/02 14:29:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/08/02 14:28:20 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/07/19 09:42:00 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/07/19 09:41:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/06/20 02:59:24 | 000,013,227 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/06/13 10:18:00 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2006/05/25 18:18:48 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\ScrollBarLib.dll
[2006/05/22 13:47:24 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/12 14:08:36 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\InstallCheck.dll
[2006/03/10 14:15:44 | 000,036,404 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/08 17:19:28 | 001,421,824 | ---- | C] () -- C:\WINDOWS\System32\UIVCL.dll
[2006/03/08 17:11:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2006/03/02 19:35:48 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2006/01/17 10:31:30 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/11/10 11:27:42 | 000,003,218 | ---- | C] () -- C:\WINDOWS\System32\drivers\WINIO.sys
[2005/03/28 15:45:26 | 000,000,089 | ---- | C] () -- C:\WINDOWS\alaunch.ini
[2004/12/14 13:04:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/14 13:02:49 | 001,175,552 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\ogjs281.dll
[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2004/08/04 05:00:00 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 05:00:00 | 000,000,204 | ---- | C] () -- C:\WINDOWS\System32\xqk1ani.dll
[2004/08/04 05:00:00 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2004/08/04 05:00:00 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2004/08/04 05:00:00 | 000,000,016 | -H-- | C] () -- C:\WINDOWS\System32\toxhdzh.dll
[2002/09/18 00:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2002/05/24 16:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/03/21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001/12/26 16:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/09/03 23:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/27 08:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/27 08:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/07 05:16:34 | 000,045,056 | ---- | C] () -- C:\WINDOWS\OTS_UI.EXE
[2001/07/30 16:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1996/03/22 00:32:26 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\DLWBC31.DLL
========== LOP Check ==========
[2007/05/20 12:35:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\TuneUp Software
[2007/05/25 17:29:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\ACD Systems
[2007/06/09 17:56:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\GlobalSCAPE
[2007/07/12 00:46:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\ICQ
[2007/07/21 14:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\RecordPad
[2007/07/21 14:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\NCH Swift Sound
[2008/01/03 13:01:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Design Science
[2008/02/04 00:11:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\WordToPDF
[2008/09/03 16:24:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Thunderbird
[2008/09/04 19:43:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\PC Suite
[2008/09/04 19:43:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Nokia
[2008/09/15 00:51:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Ableton
[2009/07/01 16:21:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Opera
[2009/11/29 00:14:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Trillian
[2010/12/29 14:19:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\DVDVideoSoftIEHelpers
[2011/01/23 22:49:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Swiss Academic Software
[2011/02/03 09:10:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\start
[2011/04/16 12:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Autodesk
[2011/05/02 22:03:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Dropbox
[2011/06/25 16:42:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\Xilisoft
[2011/06/26 18:14:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\DVDVideoSoft
[2011/08/23 20:44:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\875891BB
[2011/08/23 20:44:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\908FCD4B
[2011/11/15 17:45:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\CheckPoint
[2011/11/22 08:58:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\AliceHilfe
[2012/03/17 13:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\3682\Anwendungsdaten\gema
[2012/03/17 14:28:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\gema
[2007/05/25 17:28:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems
[2007/06/20 17:09:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2007/07/21 14:37:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2007/09/14 16:26:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
[2008/07/12 11:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MailFrontier
[2008/09/04 19:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2008/09/04 19:43:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2008/09/15 00:51:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ableton
[2009/07/13 14:02:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Vokabel Trainer 2008
[2009/12/09 16:49:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PIXELA
[2010/05/11 11:36:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SafeNet Sentinel
[2010/07/07 00:20:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StatSoft
[2010/11/10 12:43:46 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2011/01/23 22:36:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Swiss Academic Software
[2011/01/26 00:05:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Gibraltar
[2011/04/16 12:26:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2011/10/29 09:35:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2011/10/29 10:00:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2011/11/15 17:43:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012/01/04 19:29:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012/03/17 13:41:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\gema
[2012/03/09 17:15:02 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2011/03/26 23:40:16 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2012/02/28 23:00:20 | 000,000,270 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*. >
[2006/07/31 15:37:02 | 000,000,000 | ---D | M] -- C:\i386
[2004/08/04 05:00:00 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2004/08/04 05:00:00 | 000,000,000 | ---D | M] -- C:\dotnetfx
[2008/02/19 13:47:10 | 000,000,000 | ---D | M] -- C:\ISO Commander
[2008/03/27 15:46:02 | 000,000,000 | ---D | M] -- C:\Chopper XP
[2006/07/31 15:37:06 | 000,000,000 | ---D | M] -- C:\Sysinfo
[2009/01/24 15:27:14 | 000,000,000 | ---D | M] -- C:\Mp3 Converter
[2006/07/31 15:37:02 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2006/08/02 14:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2006/08/02 14:28:58 | 000,000,000 | R--D | M] -- C:\Programme
[2006/08/02 14:46:24 | 000,000,000 | ---D | M] -- C:\Program Files
[2006/08/02 15:01:08 | 000,000,000 | ---D | M] -- C:\Acer
[2009/07/01 16:21:06 | 000,000,000 | ---D | M] -- C:\Opera
[2008/02/04 00:51:28 | 000,000,000 | ---D | M] -- C:\PDFCreator
[2009/05/20 16:05:04 | 000,000,000 | ---D | M] -- C:\Avira
[2009/07/13 14:02:12 | 000,000,000 | ---D | M] -- C:\Vokabel Trainer 2008
[2009/09/03 15:02:12 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009/10/05 22:58:24 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012/03/05 22:55:32 | 000,000,000 | -HSD | M] -- C:\FOUND.001
[2007/04/12 08:28:26 | 000,000,000 | -HSD | M] -- C:\system volume information
[2010/06/29 20:03:46 | 000,000,000 | ---D | M] -- C:\Drucker
[2009/11/30 15:44:14 | 000,000,000 | ---D | M] -- C:\VirtualDJ
[2010/07/07 00:07:18 | 000,000,000 | ---D | M] -- C:\STATISTICA
[2007/04/12 08:52:12 | 000,000,000 | -HSD | M] -- C:\Recycled
[2009/12/09 16:45:54 | 000,000,000 | ---D | M] -- C:\Everio MediaBrowser
[2010/07/24 20:40:26 | 000,000,000 | ---D | M] -- C:\FL Studio 9
[2009/12/09 17:11:34 | 000,000,000 | ---D | M] -- C:\Emicsoft Mod Converter
[2010/10/19 15:23:58 | 000,000,000 | ---D | M] -- C:\spoolerlogs
[2010/10/23 23:01:18 | 000,000,000 | ---D | M] -- C:\ZoneAlarm
[2010/05/05 18:08:06 | 000,000,000 | ---D | M] -- C:\SPSSInc
[2010/05/11 15:31:20 | 000,000,000 | ---D | M] -- C:\Airline Tycoon First Class
[2010/10/27 19:57:56 | 000,000,000 | ---D | M] -- C:\Zotero
[2010/11/07 13:52:36 | 000,000,000 | ---D | M] -- C:\SigmaPlot
[2011/03/09 08:13:10 | 000,000,000 | ---D | M] -- C:\CloneManager
[2012/01/08 10:12:22 | 000,000,000 | -HSD | M] -- C:\FOUND.000
[2011/01/23 22:48:04 | 000,000,000 | ---D | M] -- C:\Citavi
[2007/05/19 19:32:36 | 000,000,000 | ---D | M] -- C:\Trillian
[2010/12/28 23:43:04 | 000,000,000 | ---D | M] -- C:\Pizza Syndicate
[2011/01/03 13:53:34 | 000,000,000 | ---D | M] -- C:\Nokia PC Suite
[2011/02/04 14:20:56 | 000,000,000 | ---D | M] -- C:\Tree View
[2011/03/24 23:34:18 | 000,000,000 | ---D | M] -- C:\PDF Blender
[2011/03/24 23:42:56 | 000,000,000 | ---D | M] -- C:\GhostScript
[2011/04/14 22:41:28 | 000,000,000 | ---D | M] -- C:\Brother
[2011/04/16 12:21:34 | 000,000,000 | ---D | M] -- C:\Maya
[2011/04/16 12:57:58 | 000,000,000 | ---D | M] -- C:\Autodesk
[2012/02/19 13:01:04 | 000,000,000 | ---D | M] -- C:\Die Sims
[2011/05/03 22:19:46 | 000,000,000 | ---D | M] -- C:\DOSBox
[2011/05/03 23:11:00 | 000,000,000 | ---D | M] -- C:\Tnimage
[2011/12/04 21:10:22 | 000,000,000 | ---D | M] -- C:\Age of Empires
[2011/12/14 10:04:44 | 000,000,000 | ---D | M] -- C:\Program Data
[2012/03/07 17:42:20 | 000,000,000 | -HSD | M] -- C:\FOUND.002
[2007/05/19 20:45:34 | 000,000,000 | ---D | M] -- C:\Media Player Classic
[2007/05/19 20:52:24 | 000,000,000 | ---D | M] -- C:\Winamp
[2007/05/20 11:56:58 | 000,000,000 | ---D | M] -- C:\Codecs
[2007/05/20 12:01:02 | 000,000,000 | ---D | M] -- C:\WinRAR
[2007/05/27 17:18:02 | 000,000,000 | ---D | M] -- C:\Symanjay Security
[2007/05/30 17:14:28 | 000,000,000 | ---D | M] -- C:\Microsoft Office
[2007/06/07 20:57:36 | 000,000,000 | ---D | M] -- C:\Virtual Dub
[2007/06/07 21:00:50 | 000,000,000 | ---D | M] -- C:\Emulatoren
[2007/06/08 12:22:32 | 000,000,000 | ---D | M] -- C:\CuteFTP
[2007/06/20 17:05:00 | 000,000,000 | ---D | M] -- C:\Unreal Tournament
[2007/06/20 17:38:16 | 000,000,000 | ---D | M] -- C:\Age of Mythology
[2007/06/20 17:38:28 | 000,000,000 | ---D | M] -- C:\Warcraft III
[2007/06/24 15:53:12 | 000,000,000 | ---D | M] -- C:\AT & T Natural Voice Speech
[2007/07/01 16:54:32 | 000,000,000 | ---D | M] -- C:\Nero
[2007/07/01 17:06:26 | 000,000,000 | ---D | M] -- C:\Xilisoft
[2007/07/01 21:32:38 | 000,000,000 | ---D | M] -- C:\Widcomm Bluetooth
[2007/07/06 16:50:02 | 000,000,000 | ---D | M] -- C:\Music Match Jukebox
[2007/07/06 16:52:44 | 000,000,000 | ---D | M] -- C:\MUSICMATCH Update
[2007/07/09 15:38:08 | 000,000,000 | ---D | M] -- C:\Ahnenblatt
[2007/07/13 03:30:26 | 000,000,000 | ---D | M] -- C:\VLC Media Player
[2007/07/13 03:48:52 | 000,000,000 | ---D | M] -- C:\SUPER Media Converter
[2007/07/15 22:36:12 | 000,000,000 | ---D | M] -- C:\Last.fm
[2007/07/31 02:42:24 | 000,000,000 | ---D | M] -- C:\Fifa 98
[2007/08/10 00:16:14 | 000,000,000 | ---D | M] -- C:\KanjiQuick
[2007/08/14 14:06:12 | 000,000,000 | ---D | M] -- C:\Ragnarök
[2007/08/14 14:24:48 | 000,000,000 | ---D | M] -- C:\3DO
[2007/09/07 14:41:14 | 000,000,000 | ---D | M] -- C:\Samurize
[2007/10/31 17:32:20 | 000,000,000 | ---D | M] -- C:\Macromedia
[2007/11/01 10:27:46 | 000,000,000 | ---D | M] -- C:\DAEMON Tools
[2008/01/03 12:55:28 | 000,000,000 | ---D | M] -- C:\MathType
< %PROGRAMFILES%\*.exe >
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
< %systemroot%\*. /mp /s >
< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\eventlog.dll
[2004/08/04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004/08/04 05:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe
[2004/08/04 05:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2008/04/14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\explorer.exe
< MD5 for: NETLOGON.DLL >
[2008/04/14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\netlogon.dll
[2004/08/04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2008/04/14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\scecli.dll
[2004/08/04 06:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: USER32.DLL >
[2004/08/04 06:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\dllcache\user32.dll
[2004/08/04 05:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\system32\user32.dll
[2008/04/14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\user32.dll
< MD5 for: USERINIT.EXE >
[2008/04/14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\userinit.exe
[2004/08/04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004/08/04 06:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\a746b2abbbec3e139e29152ba22decd1\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2004/08/04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004/08/04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\config\*.sav >
[2006/08/02 14:23:16 | 000,446,464 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2006/08/02 14:23:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/08/02 14:23:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 05:00:00 | 008,424,960 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[2004/08/04 05:00:00 | 000,148,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2004/08/04 05:00:00 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2004/08/04 05:00:00 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2006/01/09 20:01:14 | 001,492,480 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
Invalid Environment Variable: %USERPROFILE%\*.*
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
< End of report >
Hatte vergessen die Symptome zu beschreiben: natürlich Vollbild-Whitescreen. Kein Zugriff zum Task-Manager und andere Programm (z.B. msconfig) lassen sich nur im Hintergrund öffnen. Hatte auch schon versucht in der kurzen Zeit in der der Screen weg ist bevor neugestartet wird die gema.exe's bei msconfig zu deaktivieren, aber das hat scheinbar nicht funktioniert. inzwischen startet er alle dort befindlichen Programm beim Start. o.O Im Abgesicherten Modus erscheint der gleiche Screen. Außerdem habe ich inzwischen Wlan deaktiviert, sodass im Whitescreen der Text zusehen ist, dass keine Internetverbindung zur Verfügung steht. Oh mann, wäre echt super, wenn jemand schnell helfen könnte!  Liebe grüße |
| Themen zu gema.exe hat zugeschlagen... |
| 0x00000001, automatisch, befall, bereits, erstell, erstellt, erstellte, fix, fontcache, funktionier, funktioniert, gema.exe, gen, gespeichert, heilen, heute, hoffe, hänge, laptop, launch, liebe, manuell, mozilla thunderbird, msvcrt, olympus, otl.txt, plug-in, safer networking, starte, startet, super, tronaner, windows, windows xp |
Baum-Darstellung