| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner und Blauer Bildschirm beim Abgesicherten ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.01.2013, 14:07
| #1 |
| |  GVU Trojaner und Blauer Bildschirm beim Abgesicherten Modus Servus, hab nen Trojaner auf dem Rechner. Komme auch nicht mehr ins System rein und wie schon im Titel beschrieben hab ich im Abgesicherten Modus einen blauen Bildschirm. Hab schon nen scan mit OTL gemacht. Bitte um Hilfe und Anweisung wie ich weiter verfahren soll. Danke PS: Die eine Text Datei war zu groß deshalb hab ich es hier rein kopiert. Code:
ATTFilter OTL logfile created on: 1/20/2013 1:42:15 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 24.41 Gb Total Space | 5.12 Gb Free Space | 20.96% Space Free | Partition Type: NTFS
Drive D: | 76.32 Gb Total Space | 45.19 Gb Free Space | 59.21% Space Free | Partition Type: NTFS
Drive E: | 87.37 Gb Total Space | 50.76 Gb Free Space | 58.10% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
========== Win32 Services (SafeList) ==========
SRV - [2013/01/09 14:32:31 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/17 08:25:52 | 000,196,624 | ---- | M] (Nitro PDF Software) [Auto] -- C:\Programme\Nitro\Reader 3\NitroPDFReaderDriverService3.exe -- (NitroReaderDriverReadSpool3)
SRV - [2012/11/10 12:05:31 | 004,539,712 | ---- | M] () [Auto] -- C:\programme\gemeinsame dateien\akamai/netsession_win_ce5ba24.dll -- (Akamai)
SRV - [2012/09/24 17:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/07/20 15:14:23 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/23 07:25:24 | 000,087,040 | ---- | M] () [Auto] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/09/01 11:42:26 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/07/22 06:07:47 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/19 23:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/04/29 05:52:28 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/17 06:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/06/27 12:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/10/26 07:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/26 06:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005/04/03 18:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (hwusbdev)
DRV - File not found [Kernel | On_Demand] -- -- (hwdatacard)
DRV - File not found [Kernel | On_Demand] -- -- (filtertdidriver)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2011/07/22 06:07:49 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/22 06:07:49 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/10/04 10:20:37 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/08/03 07:44:23 | 000,022,168 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\xfilt.sys -- (xfilt)
DRV - [2010/08/03 07:44:23 | 000,013,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\videX32.sys -- (videX32)
DRV - [2010/06/22 11:01:52 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/02/11 02:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/11/17 06:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/06/10 08:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/05/11 04:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 02:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/25 09:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009/03/25 09:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009/03/25 09:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009/03/25 09:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009/03/25 09:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009/03/25 09:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009/03/25 09:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2008/11/16 12:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/11/14 13:05:16 | 000,394,952 | ---- | M] (Zone Labs, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/09/24 08:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006/05/22 06:35:40 | 000,175,872 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2005/08/11 07:49:28 | 000,393,088 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/07/22 16:41:46 | 000,026,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2005/07/22 16:41:42 | 000,068,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2005/07/22 16:40:58 | 000,013,440 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2005/07/07 07:00:36 | 000,033,792 | R--- | M] (Saitek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2005/07/07 07:00:32 | 000,173,568 | R--- | M] (Saitek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SaiH040B.sys -- (SaiH040B)
DRV - [2005/07/07 07:00:32 | 000,026,496 | R--- | M] (Saitek) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SaiU040B.sys -- (SaiU040B)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [1996/04/03 14:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\Tim_Fahlbusch_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Tim_Fahlbusch_ON_C\..\URLSearchHook: {9bb815eb-3f9f-4e11-9150-cb70e29b40fc} - File not found
IE - HKU\Tim_Fahlbusch_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Tim_Fahlbusch_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Programme\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\WINDOWS\system32\14001.008 [2012/08/03 09:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Programme\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/07/20 15:14:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Dokumente und Einstellungen\**************\components [2013/01/06 06:55:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: C:\Dokumente und Einstellungen\**************\plugins
[2012/05/05 05:39:45 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/07/20 15:14:24 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2012/06/19 14:06:21 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/19 14:06:21 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012/06/19 14:06:21 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/19 14:06:21 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/19 14:06:21 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/19 14:06:21 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006/03/24 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - File not found
O3 - HKU\Tim_Fahlbusch_ON_C\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKU\Tim_Fahlbusch_ON_C\..\Toolbar\WebBrowser: (Radio Bar 2 Toolbar) - {9BB815EB-3F9F-4E11-9150-CB70E29B40FC} - File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Programme\Gemeinsame Dateien\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [svñhîst] File not found
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (Swee***Technologies Ltd.)
O4 - HKU\Tim_Fahlbusch_ON_C..\Run: [Akamai NetSession Interface] C:\Dokumente und Einstellungen\**************\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\Tim_Fahlbusch_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Tim_Fahlbusch_ON_C..\Run: [LDM] C:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech)
O4 - HKU\Tim_Fahlbusch_ON_C..\Run: [Video Performer63600.exe] File not found
O4 - HKU\Tim_Fahlbusch_ON_C..\Run: [Video Performer63659.exe] File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech Desktop Messenger.lnk = C:\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk = C:\WINDOWS\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Tim_Fahlbusch_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\bw+0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw+0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw00s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw-0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw10s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw20s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw30s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw40s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw50s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw60s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw70s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw80s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bw90s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwa0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwb0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwc0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwd0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwe0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwf0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwg0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwh0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwi0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwj0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwk0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwl0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwm0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwn0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwo0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwp0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwq0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwr0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bws0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwt0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwu0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwv0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bww0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwx0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwy0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0 {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\bwz0s {7444128e-b9b6-4dd5-8be7-50de750d818b} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\offline-8876480 {7444128E-B9B6-4DD5-8BE7-50DE750D818B} - C:\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll (BackWeb Technologies Inc. )
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/xhtml+xml {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\application/xhtml+xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml; charset=iso-8859-1 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O18 - Protocol\Filter\text/xml; charset=utf-8 {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Programme\Design Science\MathPlayer\MathMLMimer.dll (Design Science, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/08/03 07:29:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/20 06:41:55 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\**************\Recent
[2013/01/17 09:50:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/17 09:24:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\TuneUp Software
[2013/01/17 09:24:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2013/01/17 09:24:09 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/01/17 09:24:09 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2013/01/17 09:23:34 | 000,133,616 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2013/01/17 09:23:34 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2013/01/17 09:23:34 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2013/01/17 09:23:34 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2013/01/17 09:23:34 | 000,068,592 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2013/01/17 09:23:34 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2013/01/17 09:23:34 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2013/01/17 09:23:34 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2013/01/17 09:23:33 | 002,095,600 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2013/01/17 09:23:33 | 000,698,864 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2013/01/17 09:23:33 | 000,571,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2013/01/17 09:23:33 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2013/01/17 09:23:33 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2013/01/17 09:23:33 | 000,100,848 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2013/01/17 09:23:33 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2013/01/17 09:23:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\OpenCandy
[2013/01/13 14:36:29 | 000,000,000 | ---D | C] -- C:\Programme\File Scout
[2013/01/06 07:21:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Nitro PDF
[2012/08/17 13:22:03 | 000,596,952 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\gkmedias.dll
[2012/08/17 13:22:03 | 000,033,240 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\mozglue.dll
[2012/03/05 06:30:12 | 000,060,376 | ---- | C] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\mozMapi32_InUse.dll
[2012/03/05 06:30:12 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\AccessibleMarshal.dll
[2012/03/05 06:30:12 | 000,017,880 | ---- | C] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\MapiProxy_InUse.dll
[2012/03/05 06:30:11 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\D3DCompiler_43.dll
[2012/03/05 06:30:11 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\d3dx9_43.dll
[2012/03/05 06:30:11 | 000,465,880 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\libGLESv2.dll
[2012/03/05 06:30:11 | 000,269,272 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\freebl3.dll
[2012/03/05 06:30:11 | 000,125,912 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\crashreporter.exe
[2012/03/05 06:30:11 | 000,109,528 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\libEGL.dll
[2012/03/05 06:30:11 | 000,060,376 | ---- | C] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\mozMapi32.dll
[2012/03/05 06:30:11 | 000,018,904 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\WSEnable.exe
[2012/03/05 06:30:11 | 000,017,880 | ---- | C] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\MapiProxy.dll
[2012/03/05 06:30:11 | 000,016,344 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\mozalloc.dll
[2012/03/05 06:30:10 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nss3.dll
[2012/03/05 06:30:10 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\msvcr80.dll
[2012/03/05 06:30:10 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\msvcp80.dll
[2012/03/05 06:30:10 | 000,531,416 | ---- | C] (sqlite.org) -- C:\Dokumente und Einstellungen\**************\mozsqlite3.dll
[2012/03/05 06:30:10 | 000,479,232 | ---- | C] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\msvcm80.dll
[2012/03/05 06:30:10 | 000,371,672 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nssckbi.dll
[2012/03/05 06:30:10 | 000,175,064 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nspr4.dll
[2012/03/05 06:30:10 | 000,109,528 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nssdbm3.dll
[2012/03/05 06:30:10 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nssutil3.dll
[2012/03/05 06:30:07 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\plc4.dll
[2012/03/05 06:30:07 | 000,018,904 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\plds4.dll
[2012/03/05 06:30:07 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Dokumente und Einstellungen\**************\plugin-container.exe
[2012/03/05 06:30:06 | 000,400,344 | ---- | C] (Mozilla Messaging) -- C:\Dokumente und Einstellungen\**************\thunderbird.exe
[2012/03/05 06:30:06 | 000,277,464 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\updater.exe
[2012/03/05 06:30:06 | 000,170,968 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\softokn3.dll
[2012/03/05 06:30:06 | 000,158,680 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\ssl3.dll
[2012/03/05 06:30:06 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\smime3.dll
[2012/03/05 06:30:06 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\xpcom.dll
[2012/03/05 06:30:02 | 016,792,536 | ---- | C] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\xul.dll
[2012/01/21 08:01:42 | 000,180,720 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\error_report.exe
[2012/01/21 08:01:42 | 000,174,064 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\package_inst.exe
[2010/12/16 18:09:02 | 000,121,757 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\Uninstall.exe
[2010/11/05 08:27:18 | 008,674,800 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\ts3client_win32.exe
[2010/11/05 08:27:06 | 000,400,368 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\update.exe
[2010/11/05 08:27:06 | 000,399,856 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Programme\_old_update.exe
[2010/05/18 07:46:32 | 000,397,312 | ---- | C] (Firelight Technologies) -- C:\Programme\fmodex.dll
========== Files - Modified Within 30 Days ==========
[2013/01/20 07:20:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/01/20 06:41:38 | 000,002,423 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\VPN Client.lnk
[2013/01/19 07:47:44 | 000,094,720 | RHS- | M] () -- C:\Dokumente und Einstellungen\**************\wgsdgsdgdsgsd.exe
[2013/01/19 07:32:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/01/19 07:01:20 | 000,001,714 | ---- | M] () -- C:\updates.xml
[2013/01/19 07:01:20 | 000,001,156 | ---- | M] () -- C:\active-update.xml
[2013/01/18 11:00:39 | 000,115,712 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/18 11:00:39 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013/01/17 09:00:50 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/01/15 21:48:38 | 000,002,503 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\Desktop\Microsoft Office Word 2007.lnk
[2013/01/13 19:15:40 | 000,002,545 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\Desktop\Microsoft Office PowerPoint 2007.lnk
[2013/01/13 14:43:03 | 000,000,569 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\Desktop\ClearProg.lnk
[2013/01/09 14:32:31 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/01/09 14:32:30 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/01/09 14:09:17 | 000,002,347 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Adobe Reader X.lnk
[2013/01/08 21:21:13 | 000,517,500 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/01/08 21:21:13 | 000,494,444 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/01/08 21:21:13 | 000,101,202 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/01/08 21:21:13 | 000,084,606 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/01/08 21:07:44 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/01/06 07:22:55 | 000,002,505 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\Desktop\Microsoft Office Excel 2007.lnk
[2013/01/06 06:55:08 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\D3DCompiler_43.dll
[2013/01/06 06:55:08 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\AccessibleMarshal.dll
[2013/01/06 06:55:08 | 000,017,880 | ---- | M] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\MapiProxy_InUse.dll
[2013/01/06 06:55:08 | 000,017,880 | ---- | M] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\MapiProxy.dll
[2013/01/06 06:55:07 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\d3dx9_43.dll
[2013/01/06 06:55:07 | 000,125,912 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\crashreporter.exe
[2013/01/06 06:55:07 | 000,018,904 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\WSEnable.exe
[2013/01/06 06:55:07 | 000,007,669 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\blocklist.xml
[2013/01/06 06:55:07 | 000,004,284 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\crashreporter.ini
[2013/01/06 06:55:07 | 000,002,061 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\application.ini
[2013/01/06 06:55:06 | 000,269,272 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\freebl3.dll
[2013/01/06 06:55:06 | 000,000,478 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\freebl3.chk
[2013/01/06 06:55:05 | 000,596,952 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\gkmedias.dll
[2013/01/06 06:55:05 | 000,465,880 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\libGLESv2.dll
[2013/01/06 06:55:05 | 000,109,528 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\libEGL.dll
[2013/01/06 06:55:05 | 000,060,376 | ---- | M] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\mozMapi32_InUse.dll
[2013/01/06 06:55:05 | 000,060,376 | ---- | M] (Mozilla.org) -- C:\Dokumente und Einstellungen\**************\mozMapi32.dll
[2013/01/06 06:55:05 | 000,016,344 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\mozalloc.dll
[2013/01/06 06:55:04 | 001,952,728 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\mozjs.dll
[2013/01/06 06:55:04 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\msvcr80.dll
[2013/01/06 06:55:04 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\msvcp80.dll
[2013/01/06 06:55:04 | 000,531,416 | ---- | M] (sqlite.org) -- C:\Dokumente und Einstellungen\**************\mozsqlite3.dll
[2013/01/06 06:55:04 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\**************\msvcm80.dll
[2013/01/06 06:55:04 | 000,175,064 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nspr4.dll
[2013/01/06 06:55:04 | 000,162,776 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\nsldap32v60.dll
[2013/01/06 06:55:04 | 000,033,240 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\mozglue.dll
[2013/01/06 06:55:04 | 000,021,976 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\nsldappr32v60.dll
[2013/01/06 06:55:04 | 000,017,368 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\nsldif32v60.dll
[2013/01/06 06:55:03 | 008,333,203 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\omni.ja
[2013/01/06 06:55:03 | 000,646,104 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nss3.dll
[2013/01/06 06:55:03 | 000,371,672 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nssckbi.dll
[2013/01/06 06:55:03 | 000,109,528 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nssdbm3.dll
[2013/01/06 06:55:03 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\nssutil3.dll
[2013/01/06 06:55:03 | 000,000,478 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\nssdbm3.chk
[2013/01/06 06:55:01 | 000,170,968 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\softokn3.dll
[2013/01/06 06:55:01 | 000,158,680 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\ssl3.dll
[2013/01/06 06:55:01 | 000,105,432 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\smime3.dll
[2013/01/06 06:55:01 | 000,021,976 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\plc4.dll
[2013/01/06 06:55:01 | 000,018,968 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\removed-files
[2013/01/06 06:55:01 | 000,018,904 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\plds4.dll
[2013/01/06 06:55:01 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Dokumente und Einstellungen\**************\plugin-container.exe
[2013/01/06 06:55:01 | 000,001,999 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\precomplete
[2013/01/06 06:55:01 | 000,000,478 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\softokn3.chk
[2013/01/06 06:55:01 | 000,000,140 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\platform.ini
[2013/01/06 06:55:00 | 016,792,536 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\xul.dll
[2013/01/06 06:55:00 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Dokumente und Einstellungen\**************\thunderbird.exe
[2013/01/06 06:55:00 | 000,277,464 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\updater.exe
[2013/01/06 06:55:00 | 000,019,416 | ---- | M] (Mozilla Foundation) -- C:\Dokumente und Einstellungen\**************\xpcom.dll
[2013/01/06 06:55:00 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\**************\updater.ini
[2013/01/06 00:33:34 | 006,009,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/01/02 16:18:38 | 000,000,708 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Grand Theft Auto San Andreas Singleplayer.lnk
[2012/12/22 05:21:53 | 000,207,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2013/01/19 07:47:44 | 000,094,720 | RHS- | C] () -- C:\Dokumente und Einstellungen\**************\wgsdgsdgdsgsd.exe
[2013/01/19 07:01:20 | 000,001,714 | ---- | C] () -- C:\updates.xml
[2013/01/19 07:01:20 | 000,001,156 | ---- | C] () -- C:\active-update.xml
[2012/07/26 04:06:08 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\urhtps.dat
[2012/07/16 04:18:43 | 000,000,393 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\Lokale Einstellungen\Anwendungsdaten\HamsterVideoConverterSettings.cfg
[2012/03/05 06:30:11 | 000,007,669 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\blocklist.xml
[2012/03/05 06:30:11 | 000,004,284 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\crashreporter.ini
[2012/03/05 06:30:11 | 000,002,061 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\application.ini
[2012/03/05 06:30:11 | 000,000,478 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\freebl3.chk
[2012/03/05 06:30:10 | 001,952,728 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\mozjs.dll
[2012/03/05 06:30:10 | 000,162,776 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\nsldap32v60.dll
[2012/03/05 06:30:10 | 000,021,976 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\nsldappr32v60.dll
[2012/03/05 06:30:10 | 000,017,368 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\nsldif32v60.dll
[2012/03/05 06:30:10 | 000,000,478 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\nssdbm3.chk
[2012/03/05 06:30:07 | 008,333,203 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\omni.ja
[2012/03/05 06:30:07 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\platform.ini
[2012/03/05 06:30:06 | 000,018,968 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\removed-files
[2012/03/05 06:30:06 | 000,001,999 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\precomplete
[2012/03/05 06:30:06 | 000,000,709 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\updater.ini
[2012/03/05 06:30:06 | 000,000,478 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\softokn3.chk
[2012/02/26 06:36:28 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2012/02/17 05:53:26 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/21 08:01:42 | 000,113,840 | ---- | C] () -- C:\Programme\createfileassoc.exe
[2012/01/17 11:24:45 | 000,000,000 | ---- | C] () -- C:\Programme\update.ini
[2011/09/01 12:00:53 | 000,913,194 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1343024091-746137067-725345543-1003-0.dat
[2011/09/01 12:00:53 | 000,262,442 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2011/09/01 12:00:28 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/09/01 11:42:58 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2011/07/10 21:02:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx17_ic.ini
[2011/03/05 14:08:39 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010/11/23 13:29:44 | 000,021,504 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2010/11/21 12:22:23 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/11/19 04:19:20 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/11/05 08:27:02 | 000,034,858 | ---- | C] () -- C:\Programme\apps.ini
[2010/11/05 08:27:02 | 000,001,371 | ---- | C] () -- C:\Programme\mirrors.ini
[2010/09/04 06:21:56 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/08/22 15:09:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/20 09:51:56 | 000,000,146 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/08/17 07:34:45 | 000,000,313 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\.authorrc1
[2010/08/08 09:32:00 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/08/08 09:30:54 | 000,027,114 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2010/08/08 09:23:21 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2010/08/05 12:29:45 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/08/05 12:29:45 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/08/03 16:40:37 | 000,115,712 | ---- | C] () -- C:\Dokumente und Einstellungen\**************\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/03 15:32:04 | 000,118,784 | R--- | C] () -- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
[2010/08/03 09:53:05 | 000,024,253 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/08/03 09:52:57 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/08/03 08:40:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/08/03 08:15:32 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/08/03 08:13:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/08/03 08:10:33 | 000,207,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/03 07:51:53 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/08/03 07:31:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/08/03 07:22:51 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/17 03:29:02 | 007,859,200 | ---- | C] () -- C:\Programme\QtGui4.dll
[2010/03/25 04:57:36 | 002,210,816 | ---- | C] () -- C:\Programme\QtCore4.dll
[2010/03/22 04:59:00 | 000,814,080 | ---- | C] () -- C:\Programme\QtNetwork4.dll
[2010/02/10 23:12:00 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2010/02/10 23:12:00 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/11/17 06:08:34 | 000,197,424 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2009/11/17 06:07:44 | 000,193,328 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/11/06 03:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/04/23 17:29:16 | 000,189,051 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2007/06/19 01:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007/04/20 00:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/04/20 00:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/03/24 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/03/24 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/03/24 07:00:00 | 000,517,500 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2006/03/24 07:00:00 | 000,494,444 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/03/24 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/03/24 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2006/03/24 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/03/24 07:00:00 | 000,101,202 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2006/03/24 07:00:00 | 000,084,606 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/03/24 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/03/24 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2006/03/24 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/03/24 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/03/24 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/03/24 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/03/24 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/03/04 03:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
========== LOP Check ==========
[2011/09/02 10:22:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Autodesk
[2011/12/06 07:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Babylon
[2011/12/06 07:49:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\BabylonToolbar
[2012/07/16 04:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\BrowserCompanion
[2010/10/04 10:27:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\DAEMON Tools Lite
[2012/12/18 09:30:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Downloaded Installations
[2010/09/04 06:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\FreeAudioPack
[2012/07/16 04:11:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\FreeCDRipper
[2012/09/12 09:46:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\FreeVideoConverter
[2011/11/28 14:41:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Gutscheinmieze
[2012/07/16 04:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\HamsterSoft
[2012/06/16 11:30:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\HTC
[2012/06/16 11:24:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012/12/18 09:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Nitro
[2013/01/18 11:13:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Nitro PDF
[2013/01/17 09:23:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\OpenCandy
[2012/08/17 13:25:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Oracle
[2012/03/04 05:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Oran
[2011/01/25 17:08:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Philipp Winterberg
[2010/08/08 09:33:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\ScanSoft
[2012/02/24 15:49:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Systweak
[2011/11/07 10:17:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\T-Mobile
[2011/11/07 10:18:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\T-Mobile Internet Manager
[2012/01/22 07:49:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Thunderbird
[2010/08/05 11:14:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\TS3Client
[2013/01/17 09:24:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\TuneUp Software
[2012/03/04 06:53:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\**************\Anwendungsdaten\Uhune
[2011/12/04 07:44:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Autodesk
[2012/01/04 12:11:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avanquest
[2011/12/06 07:45:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon
[2010/08/15 13:07:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software
[2011/01/10 14:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Codemasters
[2013/01/17 09:24:09 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2010/10/04 10:20:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/12/02 09:50:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\mquadr.at
[2012/12/18 09:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro
[2013/01/18 11:13:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ORCA AVA
[2010/08/08 09:30:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2012/09/11 05:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM
[2013/01/17 09:24:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011/01/20 13:26:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2013/01/17 09:24:09 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/12/06 07:33:30 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~0
========== Purity Check ==========
< End of report >
|
| Themen zu GVU Trojaner und Blauer Bildschirm beim Abgesicherten Modus |
| adobe, antivir, avira, bho, bildschirm, desktop, einstellungen, error, excel, firefox, flash player, format, grand theft auto, helper, logfile, mozilla, performer, plug-in, realtek, registry, scan, software, system, teamspeak, trojaner, windows, windows xp |
Baum-Darstellung