AKM/BMI €50 Paysafe-trojaner Problem

OTL logfile created on: 9/3/2012 8:42:19 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,023.00 Mb Total Physical Memory | 792.00 Mb Available Physical Memory | 77.00% Memory free
907.00 Mb Paging File | 840.00 Mb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 30.00 Gb Total Space | 0.57 Gb Free Space | 1.89% Space Free | Partition Type: NTFS
Drive D: | 101.44 Gb Total Space | 4.47 Gb Free Space | 4.40% Space Free | Partition Type: NTFS
Drive E: | 101.45 Gb Total Space | 83.92 Gb Free Space | 82.73% Space Free | Partition Type: NTFS
Drive F: | 7.45 Gb Total Space | 7.20 Gb Free Space | 96.54% Space Free | Partition Type: FAT32
Drive L: | 14.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive N: | 7.42 Gb Total Space | 7.41 Gb Free Space | 99.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (getPlusHelper) getPlus(R)
SRV - [2012/08/31 04:25:17 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 11:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/03/12 16:27:17 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/01/24 14:22:54 | 000,068,096 | ---- | M] () [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2011/10/24 16:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/05/15 17:59:35 | 001,639,216 | ---- | M] () [On_Demand] -- C:\Programme\DIAL GmbH\DIAL Communication Framework\DialComService.exe -- (DialComService)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/11/13 19:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/10 08:00:00 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (VcommMgr)
DRV - File not found [Kernel | On_Demand] --  -- (VComm)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (iqggptzs)
DRV - File not found [Kernel | System] --  -- (InCDRm)
DRV - File not found [Kernel | System] --  -- (InCDPass)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | Boot] --  -- (BTHidMgr)
DRV - File not found [Kernel | Boot] --  -- (BTHidEnum)
DRV - File not found [Kernel | On_Demand] --  -- (Btcsrusb)
DRV - File not found [Kernel | On_Demand] --  -- (BT)
DRV - File not found [Kernel | On_Demand] --  -- (BlueletSCOAudio)
DRV - File not found [Kernel | On_Demand] --  -- (BlueletAudio)
DRV - [2011/08/02 12:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/01/02 14:51:05 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009/11/25 11:49:25 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009/10/20 13:47:46 | 000,113,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/14 16:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/12 10:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/14 09:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2009/09/10 09:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/09/01 10:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2008/07/15 10:09:16 | 000,060,544 | R--- | M] (Silicon Laboratories) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2008/07/15 10:09:16 | 000,017,920 | R--- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2008/07/03 15:41:30 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2008/07/03 13:59:54 | 000,193,696 | ---- | M] (Jungo) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2008/04/07 18:09:44 | 000,005,248 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\giveio.sys -- (giveio)
DRV - [2008/03/13 13:02:46 | 000,026,640 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\klfltdev.sys -- (KLFLTDEV)
DRV - [2006/11/21 23:25:08 | 002,829,824 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/09/18 09:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM)
DRV - [2006/09/18 09:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex)
DRV - [2006/09/18 09:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS)
DRV - [2006/09/18 09:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM)
DRV - [2006/09/18 09:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006/09/18 09:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006/09/18 09:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM)
DRV - [2006/08/11 09:47:13 | 000,059,776 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2006/08/04 04:29:24 | 000,043,904 | R--- | M] (JMicron Technology Corp.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006/07/26 21:49:10 | 000,083,712 | R--- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/07/05 08:46:06 | 000,063,352 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfdrv01a.sys -- (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a)
DRV - [2006/06/14 10:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006/05/18 04:49:02 | 000,061,067 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2006/05/18 04:48:50 | 000,047,249 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2006/03/17 14:18:58 | 000,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/02/07 07:52:58 | 000,006,912 | R--- | M] (JMicron ) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\JGOGO.sys -- (JGOGO)
DRV - [2004/08/12 22:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/03/03 10:36:20 | 000,018,560 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PhTvTune.sys -- (TTTv400) Cinergy 400 TV Tuner (MK2)
DRV - [2003/08/08 08:47:06 | 000,352,736 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\GIS_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\GIS_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Programme\Sony Online Entertainment\npsoe.dll ()
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Programme\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/08/31 04:25:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/10/31 12:47:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012/07/09 13:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011/10/31 12:47:31 | 000,000,000 | ---D | M]
 
[2011/01/18 08:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\mozilla\Extensions
[2011/01/18 08:11:03 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/07/03 11:50:37 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\mozilla\Firefox\Profiles\ivasvrha.default\extensions
[2010/07/06 06:51:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\mozilla\Firefox\Profiles\ivasvrha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/05/18 15:24:59 | 000,000,000 | ---D | M] (springshine) -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\mozilla\Firefox\Profiles\ivasvrha.default\extensions\springshine@yogurttree.com
[2009/04/20 09:21:17 | 000,005,389 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Mozilla\Firefox\Profiles\ivasvrha.default\searchplugins\duden-suche.xml
[2011/11/10 15:23:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- 
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\GIS\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\IVASVRHA.DEFAULT\EXTENSIONS\{D249FD00-4DF9-11D9-9FDC-0080481ADA61}.XPI
[2012/08/31 04:25:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010/07/09 09:18:04 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/05 04:45:14 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/31 04:24:42 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/07/05 04:45:14 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/05 04:45:14 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/05 04:45:14 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/05 04:45:14 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2001/08/23 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DIALux 3.1 ULDBrowserHelper Class) - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - d:\Programme\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate]  File not found
O4 - HKLM..\Run: [JMB36X Configure] C:\WINDOWS\System32\JMRaidTool.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\GIS_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Autostart\ja.lnk = C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\Administrator.MARCO\Startmenü\Programme\Autostart\ja.lnk = C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\GIS\Startmenü\Programme\Autostart\ja.lnk = C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\GIS_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O12 - Plugin for: .app - C:\WINDOWS\npMausPlugin.dll (Maus Software)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\dialux {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - d:\Programme\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
O18 - Protocol\Handler\http - No CLSID value found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https - No CLSID value found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe) - C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O29 - HKLM SecurityProviders - (mulxdpcr.dll) -  File not found
O31 - SafeBoot: AlternateShell - C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/03/12 16:02:58 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2007/01/02 22:06:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/03/12 16:33:16 | 000,000,000 | ---D | M] - D:\AutoCAD 2010 -- [ NTFS ]
O32 - AutoRun File - [2012/01/07 14:10:41 | 000,000,000 | ---D | M] - D:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2012/01/07 14:21:51 | 000,000,000 | ---D | M] - E:\Automatisch zu iTunes hinzufügen -- [ NTFS ]
O32 - AutoRun File - [2009/08/22 22:42:34 | 000,143,360 | R--- | M] (Huawei Technologies Co., Ltd.) - L:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/09/18 05:12:34 | 000,000,045 | R--- | M] () - L:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{039e35b3-9b59-11db-8b07-0018f374ffc0}\Shell - "" = AutoRun
O33 - MountPoints2\{039e35b3-9b59-11db-8b07-0018f374ffc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{039e35b3-9b59-11db-8b07-0018f374ffc0}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{039e39d5-9b59-11db-8b07-0018f374ffc0}\Shell - "" = AutoRun
O33 - MountPoints2\{039e39d5-9b59-11db-8b07-0018f374ffc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{039e39d5-9b59-11db-8b07-0018f374ffc0}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{1ee726c2-9acd-11db-a7bd-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ee726c2-9acd-11db-a7bd-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1ee726c2-9acd-11db-a7bd-806d6172696f}\Shell\AutoRun\command - "" = D:\ASUSACPI.exe
O33 - MountPoints2\{5d395178-4246-11de-ad2d-0009dd64fd35}\Shell - "" = AutoRun
O33 - MountPoints2\{5d395178-4246-11de-ad2d-0009dd64fd35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5d395178-4246-11de-ad2d-0009dd64fd35}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{7e41e952-cb85-11de-ade6-0009dd64fd35}\Shell - "" = AutoRun
O33 - MountPoints2\{7e41e952-cb85-11de-ade6-0009dd64fd35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7e41e952-cb85-11de-ade6-0009dd64fd35}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{828695e8-c04b-11db-aef5-0018f374ffc0}\Shell - "" = AutoRun
O33 - MountPoints2\{828695e8-c04b-11db-aef5-0018f374ffc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{828695e8-c04b-11db-aef5-0018f374ffc0}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{828695ef-c04b-11db-aef5-0018f374ffc0}\Shell - "" = AutoRun
O33 - MountPoints2\{828695ef-c04b-11db-aef5-0018f374ffc0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{828695ef-c04b-11db-aef5-0018f374ffc0}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{9a319a69-38a2-11e1-b13d-0009dd64fd35}\Shell - "" = AutoRun
O33 - MountPoints2\{9a319a69-38a2-11e1-b13d-0009dd64fd35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9a319a69-38a2-11e1-b13d-0009dd64fd35}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{ce6a07a0-335b-11df-ae8e-0009dd64fd35}\Shell - "" = AutoRun
O33 - MountPoints2\{ce6a07a0-335b-11df-ae8e-0009dd64fd35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce6a07a0-335b-11df-ae8e-0009dd64fd35}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ce6a07a2-335b-11df-ae8e-0009dd64fd35}\Shell - "" = AutoRun
O33 - MountPoints2\{ce6a07a2-335b-11df-ae8e-0009dd64fd35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ce6a07a2-335b-11df-ae8e-0009dd64fd35}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{e2e7efec-7b83-11df-af0b-0009dd64fd35}\Shell - "" = AutoRun
O33 - MountPoints2\{e2e7efec-7b83-11df-af0b-0009dd64fd35}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e2e7efec-7b83-11df-af0b-0009dd64fd35}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0817A0E0-15F2-B70B-48C6-7D03D3C8A462} - Internet Explorer
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 9.0
ActiveX: {1897C549-AE52-4571-8996-44854F5612B2} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 9.0
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36C241B0-332C-7139-327C-C23ACE32FA2E} - Vektorgrafik-Rendering (VML)
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Sicherheitsupdate für Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5C1FC15C-4057-095F-1856-F04A471736EA} - Microsoft Windows Media Player 6.4
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung
ActiveX: {A0959BF7-339C-AF43-45C6-CA871ECB9F49} - Outlook Express
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D1BDCA88-19EB-97AA-8460-B485DE627783} - Microsoft Windows Media Player 6.4
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "WMPNetworkSvc"
MsConfig - Services: "ABBYY.Licensing.FineReader.Professional.9.0"
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^HP Image Zone Schnellstart.lnk - C:\Programme\HP\Digital Imaging\bin\hpqthb08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^GIS^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk -  - File not found
MsConfig - StartUpReg: Adobe Photo Downloader - hkey= - key= -  File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: ICQ Lite - hkey= - key= -  File not found
MsConfig - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig - StartUpReg: Sony Ericsson PC Suite - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/08/20 04:10:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\GIS\Desktop\studium
[2012/08/09 18:41:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\GIS\Desktop\realm.php-Dateien
[2005/05/11 18:36:48 | 000,012,288 | ---- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\Fonts\RandFont.dll
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/03 07:31:29 | 000,000,386 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2012/09/03 07:20:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/03 07:18:19 | 000,013,686 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/02 14:42:38 | 000,000,714 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Startmenü\Programme\Autostart\ja.lnk
[2012/09/02 14:42:14 | 000,391,607 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe
[2012/09/02 14:38:41 | 000,394,839 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Wappen_Herzogtum_Steiermark.png
[2012/08/31 09:18:59 | 000,018,349 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Unbenannt.JPG
[2012/08/31 09:09:13 | 001,243,594 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Unbenannt.bmp
[2012/08/31 05:06:40 | 000,011,746 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\canvas.png
[2012/08/23 14:59:55 | 000,035,201 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\387008_267661303339280_1154882657_n.jpg
[2012/08/16 06:33:49 | 000,343,424 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/08/15 20:19:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/08/14 03:48:25 | 000,036,079 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Foto.jpg
[2012/08/09 18:41:41 | 000,296,739 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\realm.php.htm
[2012/08/06 09:36:55 | 000,362,965 | ---- | M] () -- C:\Dokumente und Einstellungen\GIS\Desktop\arrifana10.jpg
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/02 14:42:38 | 000,000,714 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Startmenü\Programme\Autostart\ja.lnk
[2012/09/02 14:42:16 | 000,391,607 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\1.exe
[2012/09/02 14:38:34 | 000,394,839 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Wappen_Herzogtum_Steiermark.png
[2012/08/31 09:09:20 | 000,018,349 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Unbenannt.JPG
[2012/08/31 09:09:12 | 001,243,594 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Unbenannt.bmp
[2012/08/31 05:06:38 | 000,011,746 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\canvas.png
[2012/08/23 14:59:42 | 000,035,201 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\387008_267661303339280_1154882657_n.jpg
[2012/08/14 03:48:24 | 000,036,079 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\Foto.jpg
[2012/08/09 18:41:36 | 000,296,739 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\realm.php.htm
[2012/08/06 09:36:52 | 000,362,965 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Desktop\arrifana10.jpg
[2012/02/16 14:06:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/02/15 13:55:06 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/11 19:45:34 | 000,049,152 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Lokale Einstellungen\Anwendungsdaten\CHOICE.exe
[2012/02/11 13:04:02 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2012/02/10 13:49:22 | 000,000,178 | ---- | C] () -- C:\WINDOWS\dievölkergold.ini
[2012/02/09 06:00:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ealtest.exe
[2011/11/03 14:04:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\Dialux.ini
[2010/11/03 15:58:42 | 000,000,578 | ---- | C] () -- C:\WINDOWS\M3JPEG.INI
[2010/11/03 15:58:24 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\GXGM20.dll
[2010/10/03 10:10:58 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/10/03 10:10:58 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2010/09/25 14:08:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010/04/06 11:24:33 | 000,000,480 | ---- | C] () -- C:\WINDOWS\MikroKopter-Tool.INI
[2010/03/20 12:19:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/01/02 14:42:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2010/01/02 14:42:50 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2009/11/14 12:16:57 | 000,073,216 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01.exe
[2009/09/09 14:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/03 12:17:25 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/06/12 09:25:48 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2009/06/11 16:02:50 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\$_hpcst$.hpc
[2009/04/11 13:53:17 | 000,290,904 | ---- | C] () -- C:\WINDOWS\System32\vc6-re200l.dll
[2009/04/06 06:46:16 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/03 13:38:41 | 000,000,277 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\avr_tool.cfg
[2009/04/03 10:50:07 | 000,001,310 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\myAVR_Workpad.cfg
[2009/04/03 10:50:07 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\myAVR_Workpad.cfg
[2009/04/03 10:44:37 | 000,000,065 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\CDStart.cfg
[2009/04/03 10:36:21 | 000,000,039 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\ProgTool.cfg
[2009/04/03 10:34:30 | 000,000,068 | ---- | C] () -- C:\WINDOWS\SISYMAIN.INI
[2009/04/03 10:34:28 | 000,005,248 | ---- | C] () -- C:\WINDOWS\giveio.sys
[2009/04/03 10:30:19 | 000,000,081 | ---- | C] () -- C:\WINDOWS\System32\fsk.ini
[2009/04/03 10:26:46 | 000,000,061 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\CD_Start.cfg
[2009/03/30 09:14:52 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/03/30 09:06:02 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/03/30 09:05:42 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/03/30 09:04:39 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/03/22 06:30:05 | 000,299,008 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\DESINSTALADOR_AVCINEEDSP.exe
[2009/03/22 06:30:05 | 000,000,496 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\DESINSTALAR.NKR
[2009/03/21 14:17:42 | 007,512,096 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/03/21 14:17:42 | 001,212,448 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/03/21 14:04:53 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/03/21 14:04:53 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/02/28 11:46:37 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2008/12/28 13:54:34 | 000,008,080 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\.civclientrc
[2008/11/28 08:50:49 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ftdiunin.exe
[2008/11/28 08:50:49 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2008/11/14 11:00:11 | 000,000,082 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\default.pls
[2008/10/07 04:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 04:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 04:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/09/09 14:00:01 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\msvcb265.sys
[2008/08/31 14:17:45 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2008/08/31 12:30:56 | 000,000,336 | ---- | C] () -- C:\WINDOWS\QTW.ini
[2008/08/10 11:36:59 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2008/01/01 10:16:54 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\__ng3d.lock
[2008/01/01 10:15:32 | 000,000,594 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\RegnumOnline.ini
[2007/09/12 17:54:48 | 000,141,180 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007/02/12 13:35:45 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007/02/12 13:26:12 | 000,000,221 | ---- | C] () -- C:\WINDOWS\NCLogConfig.ini
[2007/02/12 13:02:50 | 000,113,102 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2007/02/12 13:02:50 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2007/01/23 20:01:19 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\716C86206B.sys
[2007/01/23 20:01:12 | 000,011,690 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/01/03 21:08:17 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/03 20:54:30 | 000,100,864 | ---- | C] () -- C:\Dokumente und Einstellungen\GIS\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/03 09:34:27 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/01/03 09:34:27 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/01/02 23:16:46 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2007/01/02 23:12:24 | 000,004,431 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/01/02 23:11:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/02 22:32:27 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/01/02 22:29:58 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2007/01/02 22:13:35 | 000,020,186 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2007/01/02 22:13:21 | 000,019,890 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007/01/02 22:13:18 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/01/02 22:13:13 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/01/02 22:09:04 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007/01/02 22:03:39 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2007/01/02 21:55:56 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/01/02 21:52:59 | 000,343,424 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/11/21 23:07:59 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2006/10/19 11:16:05 | 000,138,101 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/10/21 12:36:03 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
[2005/10/10 08:00:00 | 000,005,702 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2004/10/26 18:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/03 20:12:38 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/03 19:57:24 | 001,868,868 | ---- | C] () -- C:\WINDOWS\System32\RSA32_16.DLL
[2004/08/02 09:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,459,250 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/23 08:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,084,754 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/23 08:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 10:30:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999/01/26 18:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
 
========== LOP Check ==========
 
[2012/03/18 12:08:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\.freeciv
[2008/12/28 13:54:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\.ggz
[2011/12/07 18:15:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\.minecraft
[2012/03/12 16:22:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Autodesk
[2009/01/29 12:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Black Sea Studios
[2009/01/15 13:44:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Blender Foundation
[2009/01/04 11:26:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\CadSoft
[2010/03/24 15:39:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\ccmd
[2009/03/25 15:55:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\CoCreate
[2007/05/01 15:51:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Command & Conquer 3 Tiberium Wars
[2008/06/09 14:44:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Ebner
[2009/03/30 09:01:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Echo Software
[2009/11/13 08:35:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\everlight
[2009/03/26 12:52:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\FOG Downloader
[2011/06/28 11:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\GHISLER
[2007/03/15 18:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Leadertech
[2008/04/06 11:05:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\LEGO Company
[2008/11/03 16:56:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\OpenOffice.org
[2012/01/09 17:00:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\redsn0w
[2007/06/10 09:43:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\SecondLife
[2007/01/12 11:04:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Shareaza
[2009/11/27 03:58:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Sony Online Entertainment
[2007/05/06 11:26:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Teleca
[2011/01/18 08:10:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Thunderbird
[2011/10/22 16:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Tropico 3
[2012/05/05 10:20:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Ubisoft
[2009/04/03 03:58:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\Unigraphics Solutions
[2011/07/12 17:27:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\WindSolutions
[2010/11/20 17:54:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\GIS\Anwendungsdaten\YoudaGames
[2009/01/29 12:13:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2DBoy
[2009/03/22 16:19:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2012/03/12 16:22:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2012/01/09 14:32:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Bluetooth
[2011/11/03 14:05:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIAL GmbH
[2011/11/03 14:46:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DIALux
[2009/03/08 09:42:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FarmFrenzy-PizzaParty
[2012/05/05 17:40:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solidshield
[2010/01/02 16:05:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tages
[2009/07/01 14:10:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2011/07/12 17:27:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WindSolutions
[2011/05/28 12:35:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2007/01/02 22:29:16 | 000,000,000 | ---D | M] -- C:\ATI
[2012/03/12 16:02:58 | 000,000,000 | ---D | M] -- C:\Autodesk
[2012/08/15 20:13:19 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2012/09/03 07:21:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2009/12/07 13:43:27 | 000,000,000 | ---D | M] -- C:\Program Files
[2012/05/05 10:27:00 | 000,000,000 | ---D | M] -- C:\Programme
[2007/01/02 22:49:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010/03/18 16:08:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/05/21 15:14:01 | 000,000,000 | ---D | M] -- C:\Temp
[2011/06/28 11:40:05 | 000,000,000 | ---D | M] -- C:\totalcmd
[2012/09/03 07:11:43 | 000,000,000 | ---D | M] -- C:\WINDOWS
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: %LOCALAPPDATA%\*.exe
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/03 20:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/22 04:34:07 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/22 04:34:07 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/03 20:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/22 04:34:07 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/22 04:34:07 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 22:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004/08/03 19:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004/08/03 19:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007/06/13 09:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008/04/13 22:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 09:21:45 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=64D320C0E301EEDC5A4ADBBDC5024F7F -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: NETLOGON.DLL  >
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 22:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/03 19:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 22:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004/08/03 19:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 14:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007/03/08 11:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 14:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2004/08/03 19:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll
[2007/03/08 11:48:39 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 22:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 22:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004/08/03 19:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/03 19:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 22:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2001/08/23 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2001/08/23 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2007/01/02 22:52:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2007/01/02 22:52:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2007/01/02 22:52:18 | 000,471,040 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011/03/03 02:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/13 22:22:18 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll
[2008/04/13 22:22:20 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll
[2012/06/28 17:32:24 | 001,510,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shdocvw.dll
[2012/06/08 10:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
Invalid Environment Variable: %USERPROFILE%\*.*
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe
 
Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll
 
Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 150 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7E8EE1D0
@Alternate Data Stream - 143 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:F31EAC3B
< End of report >