Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Verschlüsselungs-Trojaner_hmt

Verschlüsselungs-Trojaner_hmt


Log-Analyse und Auswertung: Verschlüsselungs-Trojaner_hmt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 01.06.2012, 22:41   #1
hmt
 
Verschlüsselungs-Trojaner_hmt - Standard

Verschlüsselungs-Trojaner_hmt


Hi, mich hat der Windows-Verschlüsselungs-Trojaner leider auch erwischt. Als Anhang an eine Mail kam dann das besagte Fenster und es ging nichts mehr (wie bekannt). Ich habe die Schritte wie aufgeführt gemacht, kann aber nur folgende Dateien liefern: otl.txt

Der Start von GMER liefert die Fehlermeldung "X:\i386\system32\config\system: the system cannot find the file specified" - mit ok schließt das Programm ohne, dass logfile angeboten wird.

Bei dem Versuch, Daten von C zu retten musste ich feststellen, dass die digitalen Bilder vorhanden und zu öffnen sind, die Datenbanken von Starmoney und Windows-live-mail sind verschlüsselt bzw. mindestens umbenannt.

Datum und Uhrzeit stimmen nicht mehr, Tastatur geht nicht!

Was ist nun zu tun?

Gruß HMT

Hier die OTL-txt

OTL logfile created on: 6/2/2012 2:46:51 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,023.00 Mb Total Physical Memory | 795.00 Mb Available Physical Memory | 78.00% Memory free
907.00 Mb Paging File | 839.00 Mb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 465.75 Gb Total Space | 278.34 Gb Free Space | 59.76% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 3.77 Gb Free Space | 19.32% Space Free | Partition Type: NTFS
Drive E: | 19.53 Gb Total Space | 18.71 Gb Free Space | 95.77% Space Free | Partition Type: NTFS
Drive F: | 19.53 Gb Total Space | 3.11 Gb Free Space | 15.94% Space Free | Partition Type: NTFS
Drive G: | 15.92 Gb Total Space | 10.06 Gb Free Space | 63.19% Space Free | Partition Type: NTFS
Drive H: | 494.71 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 122.10 Mb Total Space | 1.11 Mb Free Space | 0.91% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (getPlusHelper) getPlus(R)
SRV - File not found [Auto] -- -- (DCService.exe)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2012/04/05 06:34:26 | 001,529,152 | ---- | M] (TuneUp Software) [Auto] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/02/23 07:45:31 | 000,690,352 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- C:\Programme\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)
SRV - [2012/02/15 08:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Disabled] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/04 08:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/07/19 00:33:52 | 000,071,024 | ---- | M] () [Disabled] -- C:\Programme\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService)
SRV - [2011/05/05 11:30:46 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Disabled] -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)
SRV - [2011/01/23 16:18:34 | 000,181,312 | ---- | M] () [Disabled] -- C:\Programme\Photodex\ProShowGold\scsiaccess.exe -- (ScsiAccess)
SRV - [2010/03/18 05:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/08/20 07:34:04 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [Disabled] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2009/01/08 10:10:00 | 000,187,456 | ---- | M] (DATA BECKER GmbH & Co KG) [Auto] -- C:\Programme\Gemeinsame Dateien\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2008/09/04 21:01:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- C:\Programme\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2007/09/04 04:14:34 | 000,087,344 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)
SRV - [2004/10/21 20:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/06/19 17:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/03/29 10:32:12 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/11/01 05:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 05:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 05:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 05:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/08/27 07:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010/08/07 11:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010/07/30 10:29:20 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/01/31 09:21:26] [Kernel | Auto] -- C:\Programme\CyberLink\PowerProducer\BDSDK\000.fcl -- ({BD1B5EAC-B420-4d68-9AE4-DB601535D138})
DRV - [2010/07/27 09:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010/07/27 03:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010/05/27 17:32:26 | 000,402,944 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WlanUZXP.sys -- (ZY760_XP)
DRV - [2010/01/20 07:28:24 | 000,295,432 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008/09/04 21:01:00 | 000,265,088 | R--- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2008/09/04 21:01:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\avmeject.sys -- (avmeject)
DRV - [2008/08/26 04:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/13 14:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2006/11/10 09:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/12 04:44:46 | 000,018,944 | ---- | M] (ZDC., Inc. (ZDC)) [Kernel | Auto] -- C:\WINDOWS\ZDCndis5.sys -- (ZDCNDIS5)
DRV - [2006/04/12 04:44:46 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50)
DRV - [2002/07/23 22:30:00 | 000,032,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\VIAAGP1.SYS -- (viaagp1)
DRV - [2002/03/11 13:57:00 | 000,043,776 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Enhanced Audio Controller (WDM)
DRV - [2002/02/28 23:22:50 | 000,029,568 | R--- | M] (OrangeWare Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Agnes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Agnes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Agnes_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 F0 6E 13 E3 3B CB 01 [binary data]
IE - HKU\Agnes_ON_C\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Agnes_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Hans-Martin_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Hans-Martin_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Hans-Martin_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Hans-Martin_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Hans-Martin_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Hans-Martin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Hans-Martin_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box

IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Philips Songbird"
FF - prefs.js..extensions.enabledItems: 7digital@songbirdnest.com:1.9.2.1953
FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.10.1953
FF - prefs.js..extensions.enabledItems: cd-rip@songbirdnest.com:1.0.6.1953
FF - prefs.js..extensions.enabledItems: concerts@songbirdnest.com:1.1.3.1953
FF - prefs.js..extensions.enabledItems: ewaacdec@songbirdnest.com:1.0.3.1953
FF - prefs.js..extensions.enabledItems: ewmp3enc@songbirdnest.com:1.0.6.1953
FF - prefs.js..extensions.enabledItems: fileassociation@philips.com:5.2.0.1030
FF - prefs.js..extensions.enabledItems: gogear@songbirdnest.com:1.1.2.1953
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.9.2
FF - prefs.js..extensions.enabledItems: gracenote@songbirdnest.com:1.0.5.1953
FF - prefs.js..extensions.enabledItems: langpack-de@songbirdnest.com:1.9.2.1295265618
FF - prefs.js..extensions.enabledItems: mashTape@songbirdnest.com:1.1.6.1953
FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.6.1953
FF - prefs.js..extensions.enabledItems: mtp@songbirdnest.com:1.0.21.1953
FF - prefs.js..extensions.enabledItems: philips-addon-manager@philips.com:5.2.0.2430
FF - prefs.js..extensions.enabledItems: philips-branding@philips.com:5.2.0.2450
FF - prefs.js..extensions.enabledItems: philips-likemusic@philips.com:5.2.0.0040
FF - prefs.js..extensions.enabledItems: philips-msc-mtp-switch@philips.com:5.2.0.2430
FF - prefs.js..extensions.enabledItems: philips-promotions@philips.com:5.2.0.1040
FF - prefs.js..extensions.enabledItems: philips-skin@philips.com:5.2.0.2440
FF - prefs.js..extensions.enabledItems: philips-ui@philips.com:5.2.0.2440
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.9.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Programme\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.18.6: C:\Programme\Musicnotes\npmusicn.dll (Musicnotes, Inc.)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Programme\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=6.1.5.22: C:\Programme\Musicnotes\NPSibelius.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Programme\Nokia\Nokia PC Suite 7\bkmrksync\ [2011/08/20 07:30:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012/01/28 10:51:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/09/08 19:13:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/04/10 15:29:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Programme\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/28 10:52:09 | 000,000,000 | ---D | M]

[2012/05/23 17:01:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Mozilla\Extensions
[2011/10/05 14:51:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Mozilla\Extensions\ideskbrowser@haufe.de
[2011/12/18 07:48:28 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com
[2012/02/07 08:24:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Mozilla\Firefox\Profiles\gsx7bvzp.default\extensions
[2011/12/18 07:52:30 | 000,000,502 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Philips-Songbird\Profiles\0uhibtsf.default\searchplugins\7digital.xml
[2012/02/07 08:34:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/02/25 03:46:51 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/11/08 14:36:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/10 03:25:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/20 09:30:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/23 12:49:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/10/25 02:21:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/12/18 07:46:46 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\7DIGITAL@SONGBIRDNEST.COM
[2011/12/18 07:46:04 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2011/12/18 07:46:43 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CD-RIP@SONGBIRDNEST.COM
[2011/12/18 07:46:46 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CONCERTS@SONGBIRDNEST.COM
[2011/12/18 07:46:45 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWAACDEC@SONGBIRDNEST.COM
[2011/12/18 07:46:45 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMP3ENC@SONGBIRDNEST.COM
[2011/12/18 07:46:32 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\FILEASSOCIATION@PHILIPS.COM
[2011/12/18 07:46:32 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GOGEAR@SONGBIRDNEST.COM
[2011/12/18 07:46:04 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2011/12/18 07:46:43 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GRACENOTE@SONGBIRDNEST.COM
[2011/12/18 07:46:46 | 000,000,000 | ---D | M] ("German (de) Language Pack") -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\LANGPACK-DE@SONGBIRDNEST.COM
[2011/12/18 07:46:45 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MASHTAPE@SONGBIRDNEST.COM
[2011/12/18 07:46:42 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MSC@SONGBIRDNEST.COM
[2011/12/18 07:46:42 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MTP@SONGBIRDNEST.COM
[2011/12/18 07:46:45 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-ADDON-MANAGER@PHILIPS.COM
[2011/12/18 07:46:31 | 000,000,000 | ---D | M] (Philips Branding) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-BRANDING@PHILIPS.COM
[2011/12/18 07:46:41 | 000,000,000 | ---D | M] (LikeMusic) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-LIKEMUSIC@PHILIPS.COM
[2011/12/18 07:46:32 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-MSC-MTP-SWITCH@PHILIPS.COM
[2011/12/18 07:46:40 | 000,000,000 | ---D | M] (Philips Promotions) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-PROMOTIONS@PHILIPS.COM
[2011/12/18 07:46:31 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-SKIN@PHILIPS.COM
[2011/12/18 07:46:31 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-UI@PHILIPS.COM
[2011/12/18 07:46:04 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAMME\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2011/10/02 23:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2008/02/22 11:24:06 | 000,095,832 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010/04/01 12:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/05/18 17:30:47 | 000,002,226 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2010/04/01 12:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2010/04/01 12:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/10/28 04:41:06 | 000,005,529 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\SearchquWebSearch.xml
[2011/12/18 11:16:11 | 000,002,193 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\toolkitsearch.xml
[2010/04/01 12:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/04/01 12:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {7FF99715-3016-4381-84CE-E4E4C9673020} - Reg Error: Value error. File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SplitButtonBHO Class) - {C0C86BBE-9509-4296-8459-FDBFDAF4B673} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\Agnes_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Hans-Martin_ON_C\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\Hans-Martin_ON_C\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKU\Hans-Martin_ON_C\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [D066UUtility] C:\WINDOWS\twain_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Programme\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\Agnes_ON_C..\Run: [LightScribe Control Panel] C:\Programme\Gemeinsame Dateien\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O4 - HKU\Agnes_ON_C..\Run: [swg] File not found
O4 - HKU\Hans-Martin_ON_C..\Run: [] File not found
O4 - HKU\Hans-Martin_ON_C..\Run: [58035188] C:\WINDOWS\system32\C71385535803518808F4.exe ()
O4 - HKU\systemprofile_ON_C..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Hans-Martin\Startmenü\Programme\Autostart\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Agnes_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Martin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Hans-Martin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\Hans-Martin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\Hans-Martin_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Programme\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm ()
O9 - Extra Button: FRITZ!Box AddOn - {328ECD19-C167-40eb-A0C7-16FE7634105F} - C:\Programme\FRITZ!Box\AddOn (IE)\FBoxIESplitButton.dll (AVM Berlin)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\FRITZ!DSL\sarah.dll (AVM Berlin)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} hxxp://picasaweb.google.de/s/v/61.08/uploader2.cab (UploadListView Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1270029539828 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1270031704765 (MUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O27 - HKLM IFEO\chrome.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\expressburn.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\expressrip.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\formular.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\goldenvideos.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\lxupdatemanager.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\msconfig.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\philips-songbird.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\philips-songbird-uninstall.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\proshow.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\regedit.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\registrybooster.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\scrsetup.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\setup.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\smkonv.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\startstarmoney.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\switch.exe: Debugger - "C:\Programme\TuneUp Utilities 2012\TUAutoReactivator32.exe" (TuneUp Software)
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O27 - HKLM IFEO\userinit.exe: Debugger - C:\WINDOWS\system32\defgd.exe ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/31 05:47:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/03/27 09:13:48 | 000,069,632 | R--- | M] () - H:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2002/02/15 11:04:38 | 000,000,766 | R--- | M] () - H:\AUTORUN.ICO -- [ CDFS ]
O32 - AutoRun File - [2002/07/08 10:44:36 | 000,000,460 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{2721d642-d271-11e0-8682-00e018ad3de3}\Shell - "" = AutoRun
O33 - MountPoints2\{2721d642-d271-11e0-8682-00e018ad3de3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2721d642-d271-11e0-8682-00e018ad3de3}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{2721d645-d271-11e0-8682-00e018ad3de3}\Shell - "" = AutoRun
O33 - MountPoints2\{2721d645-d271-11e0-8682-00e018ad3de3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2721d645-d271-11e0-8682-00e018ad3de3}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\{7c254b78-d277-11e0-8683-00e018ad3de3}\Shell - "" = AutoRun
O33 - MountPoints2\{7c254b78-d277-11e0-8683-00e018ad3de3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7c254b78-d277-11e0-8683-00e018ad3de3}\Shell\AutoRun\command - "" = J:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608555} - Internet Explorer Classes for Java
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Programme\Gemeinsame Dateien\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

========== Files/Folders - Created Within 30 Days ==========

[2012/05/23 18:19:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Agnes\Anwendungsdaten\TuneUp Software
[2012/05/23 16:06:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Mmzfi
[2012/05/23 16:06:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/05/22 18:41:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Arbeitsplatzbeleuchtung
[2012/05/20 08:47:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Indien Max und Resi
[2012/05/18 16:40:29 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012/05/18 16:40:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012
[2012/05/18 16:39:17 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2012
[2012/05/17 17:00:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2012/05/17 15:22:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\TuneUp Software
[2012/05/17 15:21:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012/05/17 15:21:30 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/17 15:21:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2012/05/17 15:20:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\OpenCandy
[2012/05/17 15:20:18 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\WINDOWS\System32\QtCore4.dll
[2012/05/17 15:18:33 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\DVDVideoSoft
[2012/05/16 15:50:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Dixieland
[2012/05/09 16:33:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Turm MLK
[2012/05/09 16:27:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Marion 60ter
[2012/05/09 15:14:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Ocfa
[2012/05/09 15:14:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Hahuaw
[2012/05/09 15:14:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Epeg
[2012/05/09 13:10:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Pa Kreissäge
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/01 19:05:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/01 19:05:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/05/23 18:36:53 | 000,008,483 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2012/05/23 18:02:11 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/23 16:06:18 | 000,048,128 | -H-- | M] () -- C:\WINDOWS\System32\C71385535803518808F4.exe
[2012/05/22 19:13:48 | 000,002,541 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel.lnk
[2012/05/21 18:48:24 | 000,038,203 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\__ssl.geos1.de_cgi-bin_orderprint.pdf
[2012/05/21 18:23:35 | 000,002,513 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2012/05/20 07:03:11 | 004,764,890 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\dixieland 2012.pdf
[2012/05/19 11:18:54 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\RegistryBooster.job
[2012/05/19 07:08:36 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\expressburnShakeIcon.job
[2012/05/19 07:08:32 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\expressburnSevenDaysInit.job
[2012/05/19 07:08:30 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\expressburnDowngrade.job
[2012/05/19 07:08:30 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\expressripShakeIcon.job
[2012/05/19 07:08:29 | 000,000,298 | ---- | M] () -- C:\WINDOWS\tasks\expressripSevenDays.job
[2012/05/19 07:08:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2012/05/19 07:08:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\switchDowngrade.job
[2012/05/19 07:07:25 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2012/05/19 07:07:19 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/19 07:07:18 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/18 17:29:53 | 000,493,414 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/05/18 17:29:53 | 000,473,550 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/05/18 17:29:53 | 000,091,568 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/05/18 17:29:53 | 000,076,452 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/05/18 17:07:34 | 000,000,000 | R--D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart
[2012/05/18 16:40:24 | 000,001,725 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2012.lnk
[2012/05/18 16:40:24 | 000,001,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012/05/18 16:40:23 | 000,001,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/05/18 16:40:22 | 000,001,713 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012.lnk
[2012/05/18 16:40:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012
[2012/05/17 15:20:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DVDVideoSoft
[2012/05/17 15:19:02 | 000,001,716 | ---- | M] () -- C:\WINDOWS\pstudio.ini
[2012/05/17 15:19:02 | 000,000,028 | ---- | M] () -- C:\WINDOWS\album.ini
[2012/05/16 02:49:57 | 000,523,406 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Loriot Jetzt gehts aufwärts.jpg
[2012/05/15 17:55:39 | 001,283,799 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Bilder HM.pdf
[2012/05/15 17:55:05 | 003,009,024 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Bilder HM.dot
[2012/05/15 17:41:03 | 000,010,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/14 16:13:29 | 002,259,934 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\2012_schöpfung_A4_himmel4.pdf
[2012/05/11 15:50:50 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh323
[2012/05/11 15:50:40 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh322
[2012/05/11 15:50:32 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh321
[2012/05/11 15:50:22 | 000,481,078 | ---- | M] () -- C:\WINDOWS\System32\winsh320
[2012/05/11 15:04:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[2012/05/10 13:52:25 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/05/10 13:23:08 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/05/09 12:29:30 | 000,435,577 | ---- | M] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\BGW Trialog Übersicht der Aussteller.jpg
[2012/05/08 01:38:10 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/05/08 01:38:09 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/05/07 15:10:35 | 000,000,766 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CEWE FOTOSCHAU.lnk
[2012/05/07 15:10:35 | 000,000,751 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\dm-Fotowelt.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/23 17:08:26 | 000,000,358 | -H-- | C] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2012/05/23 16:06:54 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh325
[2012/05/23 16:06:54 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh324
[2012/05/23 16:06:54 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh323
[2012/05/23 16:06:54 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh322
[2012/05/23 16:06:54 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh321
[2012/05/23 16:06:54 | 000,481,078 | ---- | C] () -- C:\WINDOWS\System32\winsh320
[2012/05/23 16:06:18 | 000,048,128 | -H-- | C] () -- C:\WINDOWS\System32\C71385535803518808F4.exe
[2012/05/21 18:48:23 | 000,038,203 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\__ssl.geos1.de_cgi-bin_orderprint.pdf
[2012/05/20 07:03:10 | 004,764,890 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\dixieland 2012.pdf
[2012/05/18 16:40:24 | 000,001,725 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\TuneUp Utilities 2012.lnk
[2012/05/18 16:40:23 | 000,001,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012/05/18 16:40:23 | 000,001,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2012.lnk
[2012/05/18 16:40:22 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2012.lnk
[2012/05/16 02:49:56 | 000,523,406 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Loriot Jetzt gehts aufwärts.jpg
[2012/05/15 17:55:28 | 001,283,799 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Bilder HM.pdf
[2012/05/15 17:55:04 | 003,009,024 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\Bilder HM.dot
[2012/05/14 16:13:28 | 002,259,934 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\2012_schöpfung_A4_himmel4.pdf
[2012/05/09 12:29:29 | 000,435,577 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Desktop\BGW Trialog Übersicht der Aussteller.jpg
[2012/04/06 13:50:09 | 000,245,504 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2012/02/15 02:31:39 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/04 17:53:32 | 000,000,027 | ---- | C] () -- C:\WINDOWS\lang.ini
[2011/12/18 07:47:04 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2011/12/11 18:27:08 | 000,000,189 | ---- | C] () -- C:\WINDOWS\bctester_de.INI
[2011/11/06 07:44:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2011/09/27 06:17:26 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2011/09/27 06:16:20 | 000,304,128 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2011/09/27 06:14:14 | 000,133,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2011/09/27 06:13:58 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2011/03/26 07:43:03 | 000,000,148 | ---- | C] () -- C:\WINDOWS\holzm_cd.ini
[2011/03/26 07:38:07 | 000,005,862 | ---- | C] () -- C:\WINDOWS\vbgfunk.ini
[2011/01/29 15:31:53 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/11/29 16:48:13 | 000,036,324 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\mdbu.bin
[2010/11/15 02:02:18 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/12 16:19:15 | 000,097,360 | R--- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin
[2010/09/25 09:59:22 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Agnes\Anwendungsdaten\$_hpcst$.hpc
[2010/09/20 17:20:51 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/20 16:44:15 | 000,709,673 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2010/09/20 16:44:15 | 000,026,026 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2010/09/08 12:07:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2010/09/08 12:07:36 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2010/09/08 12:07:36 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2010/09/08 12:07:33 | 000,001,162 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI
[2010/08/20 14:56:54 | 001,456,640 | ---- | C] () -- C:\Programme\Gemeinsame Dateien\Falk Navi-Manager.msi
[2010/08/20 14:55:01 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\$_hpcst$.hpc
[2010/07/27 16:43:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/13 08:07:37 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2010/05/08 03:43:00 | 000,000,103 | ---- | C] () -- C:\WINDOWS\System32\hptrace.ini
[2010/05/02 14:48:04 | 000,011,272 | ---- | C] () -- C:\WINDOWS\hpdj6122.ini
[2010/05/02 14:10:30 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Hans-Martin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/23 16:46:52 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/04/07 18:13:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/04/05 17:08:46 | 000,000,037 | ---- | C] () -- C:\WINDOWS\D660UES.ini
[2010/04/01 17:49:33 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/04/01 17:10:19 | 000,000,073 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010/04/01 16:57:21 | 000,000,572 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/04/01 16:56:51 | 000,000,022 | ---- | C] () -- C:\WINDOWS\OP70.INI
[2010/04/01 16:55:44 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2010/04/01 16:54:36 | 000,000,052 | ---- | C] () -- C:\WINDOWS\phbase.ini
[2010/04/01 16:53:32 | 000,001,716 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2010/04/01 16:53:32 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2010/04/01 16:53:32 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2010/04/01 16:15:48 | 000,000,502 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2010/04/01 14:40:34 | 000,008,483 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2010/04/01 06:28:15 | 000,000,262 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2010/03/31 06:38:06 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/31 06:37:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/03/31 06:06:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/03/31 05:52:35 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/03/31 05:52:35 | 000,002,605 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/03/31 05:49:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/31 05:45:27 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/09/30 06:05:48 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v60.dll
[2008/10/30 12:00:22 | 000,048,640 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v60.dll
[2008/10/30 11:59:24 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v60.dll
[2006/10/27 02:26:56 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/04/28 16:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2002/08/29 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/08/29 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2002/08/29 08:00:00 | 000,493,414 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2002/08/29 08:00:00 | 000,473,550 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2002/08/29 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2002/08/29 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2002/08/29 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2002/08/29 08:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\defgd.exe
[2002/08/29 08:00:00 | 000,091,568 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2002/08/29 08:00:00 | 000,076,452 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2002/08/29 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2002/08/29 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2002/08/29 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2002/08/29 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2002/08/29 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2000/08/06 18:00:00 | 005,425,152 | ---- | C] () -- C:\Programme\Gotteslob.mdb
[2000/08/06 18:00:00 | 000,350,208 | ---- | C] () -- C:\Programme\Dienstprogramm.mdb
[2000/08/06 18:00:00 | 000,315,392 | ---- | C] () -- C:\Programme\Start.mde
[2000/08/06 18:00:00 | 000,086,016 | ---- | C] () -- C:\Programme\System.mdw
[2000/08/06 18:00:00 | 000,077,824 | ---- | C] () -- C:\Programme\Gotteslob.mdw
[2000/08/06 18:00:00 | 000,077,106 | ---- | C] () -- C:\Programme\Dokumente.exe
[2000/08/06 18:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\wrkgadm.exe
[2000/08/06 18:00:00 | 000,031,744 | ---- | C] () -- C:\Programme\Gotteslob.fts
[2000/08/06 18:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[2000/08/06 18:00:00 | 000,000,967 | ---- | C] () -- C:\Programme\Elbikon.pif
[2000/08/06 18:00:00 | 000,000,246 | ---- | C] () -- C:\WINDOWS\Gotteslob.ini
[2000/08/06 18:00:00 | 000,000,072 | ---- | C] () -- C:\Programme\elbikon.bat

========== LOP Check ==========

[2010/04/08 16:23:11 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2011/11/17 18:48:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Agnes\Anwendungsdaten\PC Suite
[2010/09/25 10:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Agnes\Anwendungsdaten\pdfforge
[2010/09/25 10:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Agnes\Anwendungsdaten\Search Settings
[2012/05/23 18:19:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Agnes\Anwendungsdaten\TuneUp Software
[2011/12/22 02:46:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\1&1 Mail & Media GmbH
[2011/11/27 19:08:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Amazon
[2012/05/16 14:18:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Canon
[2012/05/17 15:20:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\DVDVideoSoft
[2012/05/23 17:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Epeg
[2011/07/03 13:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\EurekaLog
[2010/11/11 03:39:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\FinalMediaPlayer
[2011/08/08 07:49:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\FreeFileViewer
[2012/05/23 17:01:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\FreeFLVConverter
[2010/05/19 02:22:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\FreeVideoConverter
[2012/05/23 17:01:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\FRITZ!
[2011/10/02 09:41:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\GARMIN
[2012/05/23 17:01:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\GetRightToGo
[2012/05/10 11:55:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Hahuaw
[2011/10/05 17:46:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Haufe
[2011/10/05 14:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Haufe Mediengruppe
[2012/02/03 13:49:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Lexware
[2012/05/23 16:06:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Mmzfi
[2010/07/29 15:51:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\NCH Swift Sound
[2012/01/28 10:54:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Nokia
[2011/10/27 15:37:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Nokia Ovi Suite
[2012/05/20 06:51:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Nokia Suite
[2012/05/10 01:53:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Ocfa
[2012/05/17 15:20:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\OpenCandy
[2011/08/20 07:54:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\PC Suite
[2011/12/18 07:47:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Philips-Songbird
[2011/12/14 15:32:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Photodex
[2011/01/02 07:37:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\PriceGong
[2010/12/30 17:16:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\ProtectDISC
[2011/11/13 19:05:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\SongBeamer
[2012/05/17 15:22:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\TuneUp Software
[2011/01/16 17:14:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Uniblue
[2011/12/14 14:24:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Hans-Martin\Anwendungsdaten\Windows Search
[2012/05/17 17:00:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2011/12/01 05:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\boost_interprocess
[2012/05/17 15:21:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010/12/30 17:10:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DATA BECKER Downloads
[2012/05/23 16:50:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2011/10/02 09:41:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Garmin
[2011/10/05 14:37:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Haufe
[2011/08/20 07:28:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations
[2010/04/22 15:05:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KETTLER
[2012/02/03 13:50:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\lexware
[2010/04/23 15:34:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LightScribe
[2011/04/17 10:23:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MagicMaps
[2010/05/06 13:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2010/07/29 15:52:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2012/01/28 10:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nokia
[2012/03/24 13:30:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NokiaInstallerCache
[2010/04/22 16:24:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Drivers HeadQuarters
[2011/08/20 07:54:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite
[2011/12/14 15:32:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Photodex
[2011/11/13 08:56:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SongBeamer
[2010/04/01 15:47:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 7.0
[2011/08/15 15:00:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\StarMoney 8.0
[2011/08/08 07:45:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2011/01/31 04:53:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Temp
[2012/05/08 01:51:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012/05/17 15:23:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012/05/23 17:01:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zoom Player
[2012/05/23 17:01:49 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012/05/23 17:01:50 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
[2011/12/18 07:46:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{F0489EF2-D393-4114-85BA-A94D71D89543}
[2012/05/19 07:08:30 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnDowngrade.job
[2012/05/19 07:08:32 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnSevenDaysInit.job
[2012/05/19 07:08:36 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\expressburnShakeIcon.job
[2012/05/19 07:08:29 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\expressripSevenDays.job
[2012/05/19 07:08:30 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\expressripShakeIcon.job
[2012/05/19 07:07:25 | 000,000,300 | ---- | M] () -- C:\WINDOWS\Tasks\goldenvideosShakeIcon.job
[2012/05/23 18:02:11 | 000,000,358 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2012/05/19 11:18:54 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\RegistryBooster.job
[2012/05/19 07:08:14 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchDowngrade.job
[2012/05/19 07:08:15 | 000,000,282 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2012/05/23 16:47:17 | 000,000,000 | ---D | M] -- C:\04117136a762edb688bcaeacb2
[2010/03/31 07:56:43 | 000,000,000 | ---D | M] -- C:\06eaa470f5bb37f561a9f293ea5796
[2012/05/23 16:47:19 | 000,000,000 | ---D | M] -- C:\9e864917ce364349e9732450a74749
[2010/04/23 16:45:17 | 000,000,000 | ---D | M] -- C:\ATI
[2012/05/23 16:47:26 | 000,000,000 | ---D | M] -- C:\bc42e44731b026031bb2e45017
[2012/05/23 16:47:31 | 000,000,000 | ---D | M] -- C:\c2f9f60f03cb1867579ba2
[2012/05/23 16:47:32 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010/04/02 17:46:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2011/10/13 18:29:45 | 000,000,000 | ---D | M] -- C:\e75f5dac914a19fc321143d1f11c24ae
[2011/10/05 14:18:26 | 000,000,000 | ---D | M] -- C:\Laufwerk A Dienst
[2011/08/08 05:03:34 | 000,000,000 | ---D | M] -- C:\Laufwerk G Daten
[2011/08/14 08:27:30 | 000,000,000 | ---D | M] -- C:\Laufwerk I Sonstiges
[2010/07/29 16:00:53 | 000,000,000 | ---D | M] -- C:\Mp3 Output
[2012/05/18 17:29:55 | 000,000,000 | R--D | M] -- C:\Programme
[2012/05/24 16:26:12 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2012/02/07 09:53:18 | 000,000,000 | ---D | M] -- C:\s.vid
[2012/05/23 16:48:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011/12/18 07:53:27 | 000,000,000 | ---D | M] -- C:\Temp
[2012/05/23 16:06:03 | 000,000,000 | ---D | M] -- C:\WINDOWS

< %PROGRAMFILES%\*.exe >
[2000/08/06 18:00:00 | 000,077,106 | ---- | M] () -- C:\Programme\Dokumente.exe

Invalid Environment Variable: %LOCALAPPDATA%\*.exe

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2010/03/31 06:15:32 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/31 07:12:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/03/31 06:15:32 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/03/31 07:12:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002/08/29 08:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2010/03/31 06:15:32 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/31 07:12:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/03/31 06:15:32 | 022,286,026 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/03/31 07:12:47 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: USER32.DLL >
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2IFSL.SYS >
[2002/08/29 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2002/08/29 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/03/31 07:36:35 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/03/31 07:36:35 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/03/31 07:36:35 | 000,397,312 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2012/03/02 00:00:10 | 011,082,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll
[2012/03/01 07:00:08 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2011/01/21 10:44:10 | 008,503,296 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

Invalid Environment Variable: %USERPROFILE%\*.*

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe

Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll

Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe

< End of report >

 

Themen zu Verschlüsselungs-Trojaner_hmt
.dll, becker, bho, desktop, disabletaskmgr, dsl, einstellungen, error, explorer, fehlermeldung, file, firefox, format, google earth, homepage, install.exe, langs, logfile, microsoft security, object, plug-in, programm, registry, rundll, scan, security, software, starmoney, stick, system, tarma, tastatur, version=1.0, windows xp, winlogon.exe


« Win64:Sirefef-A (Trj) und Win32:Sirefef-AO (Rtk) eingefangen | Windows update trojaner und Datei verschlüsselt »


Ähnliche Themen: Verschlüsselungs-Trojaner_hmt


  1. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.07.2012 (7)
  2. verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 14.07.2012 (1)
  3. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (7)
  4. Verschlüsselungs-Trojaner!
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  5. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 25.06.2012 (3)
  6. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 24.06.2012 (1)
  7. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 12.06.2012 (7)
  8. Verschlüsselungs Trojaner
    Log-Analyse und Auswertung - 10.06.2012 (1)
  9. Verschlüsselungs-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.06.2012 (1)
  10. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 07.06.2012 (2)
  11. Verschlüsselungs-Trojaner
    Mülltonne - 07.06.2012 (1)
  12. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 29.05.2012 (15)
  13. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 25.05.2012 (7)
  14. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (17)
  15. Verschlüsselungs Trojaner - OLT.txt
    Log-Analyse und Auswertung - 03.05.2012 (7)
  16. Verschlüsselungs-Trojaner
    Log-Analyse und Auswertung - 30.04.2012 (1)
  17. Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (3)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Verschlüsselungs-Trojaner_hmt - Hi, mich hat der Windows-Verschlüsselungs-Trojaner leider auch erwischt. Als Anhang an eine Mail kam dann das besagte Fenster und es ging nichts mehr (wie bekannt). Ich habe die Schritte wie - Verschlüsselungs-Trojaner_hmt...
Archiv
Du betrachtest: Verschlüsselungs-Trojaner_hmt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131