|
Plagegeister aller Art und deren Bekämpfung: Grauer Bildschirm nach WindowsstartWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
06.02.2013, 15:25 | #1 |
| Grauer Bildschirm nach Windowsstart Hallo, Mein Problem ist, dass nach dem Systemstart sich nach wenigen Sekunden ein graues Fenster öffnet, das den kompletten Bildschirm ausfüllt und sich immer in den Vordergrund stellt. Ich habe bisher 3 Mal den Strom gekappt und natürlich wieder das selbe Ergenis bekommen. Wie soll ich vorgehen? PS: Habe einen Zweit-PC ohne Brenner. Danke im Voraus. |
06.02.2013, 15:28 | #2 |
/// Malware-holic | Grauer Bildschirm nach Windowsstart hi
__________________dann evtl. bei nem Bekannten brennen: Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ |
09.02.2013, 20:20 | #3 |
| Grauer Bildschirm nach Windowsstart So, habe alles wie in der Anleitung gemacht.
__________________hier die Log Dateien:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/9/2013 8:04:35 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 19.27 Gb Free Space | 6.47% Space Free | Partition Type: NTFS Drive D: | 14.44 Gb Total Space | 8.57 Gb Free Space | 59.36% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (WMPNetworkSvc) SRV - File not found [On_Demand] -- -- (ServiceLayer) SRV - File not found [Auto] -- -- (PowerManager) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - File not found [Disabled] -- -- (a2free) SRV - [2012/11/08 12:44:46 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/08 19:28:00 | 000,342,984 | ---- | M] () [Auto] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2011/12/26 07:46:42 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011/03/16 03:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/09/24 14:53:22 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/07/26 00:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/03/03 06:45:11 | 000,296,400 | ---- | M] () [Auto] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [File_System | Boot] -- -- (Lbd) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (FXDrv32) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (BTWUSB) DRV - File not found [Kernel | On_Demand] -- -- (btwhid) DRV - File not found [Kernel | On_Demand] -- -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand] -- -- (BTDriver) DRV - File not found [Kernel | On_Demand] -- -- (btaudio) DRV - File not found [Kernel | On_Demand] -- -- (bDMusicb) DRV - [2012/02/14 07:07:52 | 001,139,040 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2012/02/08 19:28:01 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/12/26 07:46:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2010/10/12 17:05:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010/04/27 18:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010/04/27 18:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010/04/27 18:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010/04/27 16:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010/04/19 13:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010/02/03 08:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/22 06:18:52 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009/10/22 06:18:50 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/09/21 03:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008/10/03 18:29:30 | 003,331,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008/07/24 05:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/04/29 04:31:00 | 000,143,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/03/16 17:19:58 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM) DRV - [2007/12/28 09:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2007/10/01 21:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/07/03 10:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 10:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 10:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/03/27 11:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005/11/10 13:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) DRV - [2004/10/25 07:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Knoden_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKU\Knoden_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Programme\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/10/15 13:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/11/08 12:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012/11/14 04:20:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009/03/07 13:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Extensions [2013/01/16 05:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions [2010/05/06 09:37:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/01/06 10:46:17 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2012/10/15 13:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/07/03 11:45:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2012/10/10 20:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012/10/10 21:10:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/10 21:10:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/10/10 21:10:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/10/10 21:10:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/10 21:10:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/10 21:10:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKU\Knoden_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [svñhîst] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O4 - Startup: C:\Dokumente und Einstellungen\Knoden\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Knoden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/07 22:25:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "TuneUp.ProgramStatisticsSvc" MsConfig - Services: "TuneUp.Defrag" MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "TunngleService" MsConfig - Services: "gupdate1c9da1fc6c11eda" MsConfig - Services: "btwdins" MsConfig - Services: "a2free" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Belkin Wireless USB Utility.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TP-LINK Wireless Configuration Utility.lnk - C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Knoden^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: F5D7050v3 - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig - StartUpReg: NPSStartup - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 05:11:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Eigene Dateien\gegl-0.0 [2013/01/13 15:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\vlc [2013/01/13 15:52:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2009/09/11 11:41:50 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll [2009/09/11 11:41:50 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll [2009/09/11 11:41:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll [2007/03/12 04:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2005/11/23 05:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/06 07:42:52 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/02/06 07:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/02/06 07:42:39 | 000,056,728 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2013/02/06 07:37:25 | 000,094,720 | RHS- | M] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/06 07:17:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/02/06 04:48:37 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013/02/06 04:48:37 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/02/06 04:48:37 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013/02/06 04:48:37 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/02/06 04:44:32 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/02/05 10:18:13 | 000,019,411 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 18:54:04 | 000,010,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:17 | 000,202,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/23 16:28:25 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/17 07:09:17 | 000,013,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2013/01/17 05:12:22 | 000,000,871 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:12 | 002,360,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:25 | 002,631,204 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/13 15:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/06 07:37:25 | 000,094,720 | RHS- | C] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/05 04:48:30 | 000,019,411 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 11:20:44 | 000,010,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:16 | 000,202,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/17 05:12:22 | 000,000,871 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:11 | 002,360,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:24 | 002,631,204 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/15 08:13:40 | 000,013,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2012/10/15 06:40:40 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2012/10/15 06:40:40 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2012/10/15 06:40:39 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2012/10/15 06:40:39 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll [2012/10/15 06:40:20 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012/02/14 14:52:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/11 17:14:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/01/07 13:57:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2011/10/30 15:43:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{076D03A8-0A21-47BE-AA86-C281F0006B60} [2011/10/30 15:42:57 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{0FB64222-080E-4962-BCA6-4682121633E6} [2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010/10/12 17:16:09 | 000,000,619 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010/09/09 13:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010/06/04 17:19:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2010/05/12 17:42:44 | 001,441,268 | ---- | C] () -- C:\Programme\save.dat [2010/05/12 17:41:39 | 000,020,274 | ---- | C] () -- C:\Programme\sbanleit3.jpg [2010/05/12 17:41:39 | 000,017,637 | ---- | C] () -- C:\Programme\sbanleit2.jpg [2010/05/12 17:41:39 | 000,016,099 | ---- | C] () -- C:\Programme\sbanleit5.jpg [2010/05/12 17:41:39 | 000,015,673 | ---- | C] () -- C:\Programme\sbanleit1.jpg [2010/05/12 17:41:39 | 000,011,434 | ---- | C] () -- C:\Programme\sbanleit4.jpg [2010/05/12 17:41:39 | 000,005,988 | ---- | C] () -- C:\Programme\sbanleit6.jpg [2010/04/09 12:27:27 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/04/09 12:12:10 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2010/04/09 12:12:10 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2010/04/09 12:12:10 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2010/03/01 12:30:00 | 000,017,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/01/19 06:33:36 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010/01/15 09:15:16 | 000,063,485 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/01/14 15:51:39 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ScrAntic.ini [2009/11/29 09:17:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI [2009/11/17 09:02:55 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009/11/17 09:02:55 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009/11/17 09:02:48 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\$_hpcst$.hpc [2009/10/22 06:18:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009/10/22 06:18:50 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009/10/06 15:20:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009/09/11 11:41:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll [2009/09/11 11:41:52 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini [2009/09/11 11:41:51 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys [2009/09/11 11:41:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe [2009/09/01 11:00:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/06/05 17:19:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/05/05 09:26:29 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2009/05/04 06:08:30 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009/03/29 15:25:03 | 000,000,299 | ---- | C] () -- C:\WINDOWS\game.ini [2009/03/09 15:02:08 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\AVSDVDPlayer.m3u [2009/03/09 15:01:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/03/09 15:01:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/03/07 13:15:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/03/07 13:15:13 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 12:17:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/03/07 12:16:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009/03/07 12:04:22 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009/03/07 12:04:15 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/03/07 12:04:14 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/03/07 12:04:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2009/03/07 12:04:11 | 000,176,918 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009/03/07 11:57:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/03/07 11:52:24 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/03/07 11:43:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/03/07 11:41:59 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/03/02 13:26:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2009/02/04 13:26:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/10/07 02:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 02:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/10/03 15:48:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2008/09/29 15:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2008/05/04 11:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007/10/25 11:26:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006/09/19 02:07:28 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 07:00:00 | 000,448,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006/02/28 07:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 07:00:00 | 000,080,338 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006/02/28 07:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/07/12 08:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2004/03/23 10:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2004/02/27 09:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2003/03/14 06:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe [1998/10/10 19:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2012/02/08 19:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent [2013/01/15 16:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\.minecraft [2009/03/29 15:26:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Activision [2012/02/15 07:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ALDITALKVerbindungsassistent [2009/05/08 04:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ashampoo [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DAEMON Tools Lite [2011/08/29 07:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoft [2011/06/28 17:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers [2010/03/27 08:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Earth 2140 [2012/11/22 04:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Fox Dgital Copy [2011/03/06 11:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\gtk-2.0 [2011/04/11 10:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ICQ [2009/03/14 09:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leadertech [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leawo [2009/03/11 16:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\OpenOffice.org [2009/03/08 06:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Opera [2009/11/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\PC Suite [2009/11/17 09:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Samsung [2009/05/12 15:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TeamViewer [2012/11/14 04:20:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Thunderbird [2012/12/09 15:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\tiger-k [2012/10/15 08:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TP-LINK [2009/03/10 12:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TuneUp Software [2010/09/09 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ubisoft [2012/02/09 11:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Verbindungsassistent [2010/01/16 09:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Zylom [2009/12/07 15:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010/04/09 12:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2013/01/06 14:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Leawo [2009/11/17 09:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009/12/16 03:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\POP3Profiles [2009/03/02 13:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games [2012/10/15 06:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2011/06/26 05:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009/03/10 12:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010/09/09 13:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2010/01/16 09:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2009/03/17 08:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011/02/22 11:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/03/10 12:15:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009/09/20 15:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/14 07:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2013/01/07 09:39:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/30 15:10:49 | 000,000,000 | ---D | M] -- C:\23ef2ab834e8ccfd874889c7 [2009/04/03 07:35:46 | 000,000,000 | ---D | M] -- C:\bilder mpark [2009/03/07 11:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2009/12/07 13:45:12 | 000,000,000 | ---D | M] -- C:\Games [2012/01/07 13:55:37 | 000,000,000 | ---D | M] -- C:\Program Files [2010/11/17 17:08:01 | 000,000,000 | ---D | M] -- C:\PROGRAMM [2013/01/07 05:00:32 | 000,000,000 | R--D | M] -- C:\Programme [2009/03/07 13:12:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011/06/28 17:27:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/03/23 15:31:34 | 000,000,000 | ---D | M] -- C:\Ubisoft [2013/01/15 03:45:41 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\agp440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\eventlog.dll [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 00:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe < MD5 for: NETLOGON.DLL > [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\netlogon.dll [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\scecli.dll [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006/02/28 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006/02/28 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\userinit.exe [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006/02/28 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006/02/28 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/03/07 12:41:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/03/07 12:41:17 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/03/07 12:41:17 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2012/11/01 07:17:52 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2012/11/01 07:17:52 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 00:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 00:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > _____________________________________________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/9/2013 8:04:35 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 19.27 Gb Free Space | 6.47% Space Free | Partition Type: NTFS Drive D: | 14.44 Gb Total Space | 8.57 Gb Free Space | 59.36% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (WMPNetworkSvc) SRV - File not found [On_Demand] -- -- (ServiceLayer) SRV - File not found [Auto] -- -- (PowerManager) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - File not found [Disabled] -- -- (a2free) SRV - [2012/11/08 12:44:46 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/08 19:28:00 | 000,342,984 | ---- | M] () [Auto] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2011/12/26 07:46:42 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011/03/16 03:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/09/24 14:53:22 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/07/26 00:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/03/03 06:45:11 | 000,296,400 | ---- | M] () [Auto] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [File_System | Boot] -- -- (Lbd) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (FXDrv32) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (BTWUSB) DRV - File not found [Kernel | On_Demand] -- -- (btwhid) DRV - File not found [Kernel | On_Demand] -- -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand] -- -- (BTDriver) DRV - File not found [Kernel | On_Demand] -- -- (btaudio) DRV - File not found [Kernel | On_Demand] -- -- (bDMusicb) DRV - [2012/02/14 07:07:52 | 001,139,040 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2012/02/08 19:28:01 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/12/26 07:46:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2010/10/12 17:05:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010/04/27 18:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010/04/27 18:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010/04/27 18:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010/04/27 16:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010/04/19 13:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010/02/03 08:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/22 06:18:52 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009/10/22 06:18:50 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/09/21 03:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008/10/03 18:29:30 | 003,331,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008/07/24 05:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/04/29 04:31:00 | 000,143,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/03/16 17:19:58 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM) DRV - [2007/12/28 09:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2007/10/01 21:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/07/03 10:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 10:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 10:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/03/27 11:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005/11/10 13:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) DRV - [2004/10/25 07:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Knoden_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKU\Knoden_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Programme\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/10/15 13:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/11/08 12:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012/11/14 04:20:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009/03/07 13:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Extensions [2013/01/16 05:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions [2010/05/06 09:37:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/01/06 10:46:17 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2012/10/15 13:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/07/03 11:45:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2012/10/10 20:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012/10/10 21:10:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/10 21:10:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/10/10 21:10:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/10/10 21:10:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/10 21:10:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/10 21:10:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKU\Knoden_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [svñhîst] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O4 - Startup: C:\Dokumente und Einstellungen\Knoden\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Knoden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/07 22:25:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "TuneUp.ProgramStatisticsSvc" MsConfig - Services: "TuneUp.Defrag" MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "TunngleService" MsConfig - Services: "gupdate1c9da1fc6c11eda" MsConfig - Services: "btwdins" MsConfig - Services: "a2free" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Belkin Wireless USB Utility.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TP-LINK Wireless Configuration Utility.lnk - C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Knoden^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: F5D7050v3 - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig - StartUpReg: NPSStartup - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 05:11:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Eigene Dateien\gegl-0.0 [2013/01/13 15:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\vlc [2013/01/13 15:52:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2009/09/11 11:41:50 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll [2009/09/11 11:41:50 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll [2009/09/11 11:41:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll [2007/03/12 04:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2005/11/23 05:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/06 07:42:52 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/02/06 07:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/02/06 07:42:39 | 000,056,728 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2013/02/06 07:37:25 | 000,094,720 | RHS- | M] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/06 07:17:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/02/06 04:48:37 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013/02/06 04:48:37 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/02/06 04:48:37 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013/02/06 04:48:37 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/02/06 04:44:32 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/02/05 10:18:13 | 000,019,411 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 18:54:04 | 000,010,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:17 | 000,202,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/23 16:28:25 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/17 07:09:17 | 000,013,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2013/01/17 05:12:22 | 000,000,871 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:12 | 002,360,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:25 | 002,631,204 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/13 15:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/06 07:37:25 | 000,094,720 | RHS- | C] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/05 04:48:30 | 000,019,411 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 11:20:44 | 000,010,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:16 | 000,202,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/17 05:12:22 | 000,000,871 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:11 | 002,360,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:24 | 002,631,204 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/15 08:13:40 | 000,013,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2012/10/15 06:40:40 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2012/10/15 06:40:40 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2012/10/15 06:40:39 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2012/10/15 06:40:39 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll [2012/10/15 06:40:20 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012/02/14 14:52:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/11 17:14:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/01/07 13:57:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2011/10/30 15:43:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{076D03A8-0A21-47BE-AA86-C281F0006B60} [2011/10/30 15:42:57 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{0FB64222-080E-4962-BCA6-4682121633E6} [2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010/10/12 17:16:09 | 000,000,619 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010/09/09 13:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010/06/04 17:19:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2010/05/12 17:42:44 | 001,441,268 | ---- | C] () -- C:\Programme\save.dat [2010/05/12 17:41:39 | 000,020,274 | ---- | C] () -- C:\Programme\sbanleit3.jpg [2010/05/12 17:41:39 | 000,017,637 | ---- | C] () -- C:\Programme\sbanleit2.jpg [2010/05/12 17:41:39 | 000,016,099 | ---- | C] () -- C:\Programme\sbanleit5.jpg [2010/05/12 17:41:39 | 000,015,673 | ---- | C] () -- C:\Programme\sbanleit1.jpg [2010/05/12 17:41:39 | 000,011,434 | ---- | C] () -- C:\Programme\sbanleit4.jpg [2010/05/12 17:41:39 | 000,005,988 | ---- | C] () -- C:\Programme\sbanleit6.jpg [2010/04/09 12:27:27 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/04/09 12:12:10 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2010/04/09 12:12:10 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2010/04/09 12:12:10 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2010/03/01 12:30:00 | 000,017,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/01/19 06:33:36 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010/01/15 09:15:16 | 000,063,485 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/01/14 15:51:39 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ScrAntic.ini [2009/11/29 09:17:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI [2009/11/17 09:02:55 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009/11/17 09:02:55 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009/11/17 09:02:48 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\$_hpcst$.hpc [2009/10/22 06:18:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009/10/22 06:18:50 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009/10/06 15:20:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009/09/11 11:41:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll [2009/09/11 11:41:52 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini [2009/09/11 11:41:51 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys [2009/09/11 11:41:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe [2009/09/01 11:00:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/06/05 17:19:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/05/05 09:26:29 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2009/05/04 06:08:30 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009/03/29 15:25:03 | 000,000,299 | ---- | C] () -- C:\WINDOWS\game.ini [2009/03/09 15:02:08 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\AVSDVDPlayer.m3u [2009/03/09 15:01:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/03/09 15:01:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/03/07 13:15:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/03/07 13:15:13 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 12:17:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/03/07 12:16:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009/03/07 12:04:22 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009/03/07 12:04:15 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/03/07 12:04:14 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/03/07 12:04:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2009/03/07 12:04:11 | 000,176,918 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009/03/07 11:57:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/03/07 11:52:24 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/03/07 11:43:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/03/07 11:41:59 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/03/02 13:26:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2009/02/04 13:26:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/10/07 02:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 02:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/10/03 15:48:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2008/09/29 15:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2008/05/04 11:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007/10/25 11:26:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006/09/19 02:07:28 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 07:00:00 | 000,448,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006/02/28 07:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 07:00:00 | 000,080,338 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006/02/28 07:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/07/12 08:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2004/03/23 10:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2004/02/27 09:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2003/03/14 06:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe [1998/10/10 19:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2012/02/08 19:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent [2013/01/15 16:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\.minecraft [2009/03/29 15:26:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Activision [2012/02/15 07:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ALDITALKVerbindungsassistent [2009/05/08 04:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ashampoo [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DAEMON Tools Lite [2011/08/29 07:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoft [2011/06/28 17:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers [2010/03/27 08:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Earth 2140 [2012/11/22 04:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Fox Dgital Copy [2011/03/06 11:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\gtk-2.0 [2011/04/11 10:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ICQ [2009/03/14 09:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leadertech [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leawo [2009/03/11 16:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\OpenOffice.org [2009/03/08 06:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Opera [2009/11/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\PC Suite [2009/11/17 09:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Samsung [2009/05/12 15:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TeamViewer [2012/11/14 04:20:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Thunderbird [2012/12/09 15:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\tiger-k [2012/10/15 08:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TP-LINK [2009/03/10 12:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TuneUp Software [2010/09/09 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ubisoft [2012/02/09 11:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Verbindungsassistent [2010/01/16 09:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Zylom [2009/12/07 15:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010/04/09 12:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2013/01/06 14:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Leawo [2009/11/17 09:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009/12/16 03:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\POP3Profiles [2009/03/02 13:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games [2012/10/15 06:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2011/06/26 05:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009/03/10 12:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010/09/09 13:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2010/01/16 09:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2009/03/17 08:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011/02/22 11:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/03/10 12:15:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009/09/20 15:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/14 07:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2013/01/07 09:39:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/30 15:10:49 | 000,000,000 | ---D | M] -- C:\23ef2ab834e8ccfd874889c7 [2009/04/03 07:35:46 | 000,000,000 | ---D | M] -- C:\bilder mpark [2009/03/07 11:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2009/12/07 13:45:12 | 000,000,000 | ---D | M] -- C:\Games [2012/01/07 13:55:37 | 000,000,000 | ---D | M] -- C:\Program Files [2010/11/17 17:08:01 | 000,000,000 | ---D | M] -- C:\PROGRAMM [2013/01/07 05:00:32 | 000,000,000 | R--D | M] -- C:\Programme [2009/03/07 13:12:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011/06/28 17:27:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/03/23 15:31:34 | 000,000,000 | ---D | M] -- C:\Ubisoft [2013/01/15 03:45:41 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\agp440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\eventlog.dll [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 00:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe < MD5 for: NETLOGON.DLL > [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\netlogon.dll [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\scecli.dll [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006/02/28 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006/02/28 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\userinit.exe [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006/02/28 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006/02/28 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/03/07 12:41:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/03/07 12:41:17 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/03/07 12:41:17 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2012/11/01 07:17:52 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2012/11/01 07:17:52 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 00:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 00:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > |
09.02.2013, 20:40 | #4 |
| Grauer Bildschirm nach Windowsstart So, habe alles wie in der Anleitung gemacht. hier die Log Dateien:OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/9/2013 8:04:35 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 19.27 Gb Free Space | 6.47% Space Free | Partition Type: NTFS Drive D: | 14.44 Gb Total Space | 8.57 Gb Free Space | 59.36% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (WMPNetworkSvc) SRV - File not found [On_Demand] -- -- (ServiceLayer) SRV - File not found [Auto] -- -- (PowerManager) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - File not found [Disabled] -- -- (a2free) SRV - [2012/11/08 12:44:46 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/08 19:28:00 | 000,342,984 | ---- | M] () [Auto] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2011/12/26 07:46:42 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011/03/16 03:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/09/24 14:53:22 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/07/26 00:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/03/03 06:45:11 | 000,296,400 | ---- | M] () [Auto] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [File_System | Boot] -- -- (Lbd) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (FXDrv32) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (BTWUSB) DRV - File not found [Kernel | On_Demand] -- -- (btwhid) DRV - File not found [Kernel | On_Demand] -- -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand] -- -- (BTDriver) DRV - File not found [Kernel | On_Demand] -- -- (btaudio) DRV - File not found [Kernel | On_Demand] -- -- (bDMusicb) DRV - [2012/02/14 07:07:52 | 001,139,040 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2012/02/08 19:28:01 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/12/26 07:46:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2010/10/12 17:05:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010/04/27 18:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010/04/27 18:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010/04/27 18:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010/04/27 16:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010/04/19 13:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010/02/03 08:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/22 06:18:52 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009/10/22 06:18:50 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/09/21 03:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008/10/03 18:29:30 | 003,331,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008/07/24 05:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/04/29 04:31:00 | 000,143,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/03/16 17:19:58 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM) DRV - [2007/12/28 09:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2007/10/01 21:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/07/03 10:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 10:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 10:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/03/27 11:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005/11/10 13:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) DRV - [2004/10/25 07:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Knoden_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKU\Knoden_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Programme\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/10/15 13:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/11/08 12:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012/11/14 04:20:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009/03/07 13:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Extensions [2013/01/16 05:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions [2010/05/06 09:37:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/01/06 10:46:17 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2012/10/15 13:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/07/03 11:45:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2012/10/10 20:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012/10/10 21:10:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/10 21:10:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/10/10 21:10:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/10/10 21:10:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/10 21:10:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/10 21:10:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKU\Knoden_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [svñhîst] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O4 - Startup: C:\Dokumente und Einstellungen\Knoden\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Knoden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/07 22:25:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "TuneUp.ProgramStatisticsSvc" MsConfig - Services: "TuneUp.Defrag" MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "TunngleService" MsConfig - Services: "gupdate1c9da1fc6c11eda" MsConfig - Services: "btwdins" MsConfig - Services: "a2free" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Belkin Wireless USB Utility.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TP-LINK Wireless Configuration Utility.lnk - C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Knoden^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: F5D7050v3 - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig - StartUpReg: NPSStartup - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 05:11:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Eigene Dateien\gegl-0.0 [2013/01/13 15:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\vlc [2013/01/13 15:52:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2009/09/11 11:41:50 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll [2009/09/11 11:41:50 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll [2009/09/11 11:41:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll [2007/03/12 04:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2005/11/23 05:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/06 07:42:52 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/02/06 07:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/02/06 07:42:39 | 000,056,728 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2013/02/06 07:37:25 | 000,094,720 | RHS- | M] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/06 07:17:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/02/06 04:48:37 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013/02/06 04:48:37 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/02/06 04:48:37 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013/02/06 04:48:37 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/02/06 04:44:32 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/02/05 10:18:13 | 000,019,411 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 18:54:04 | 000,010,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:17 | 000,202,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/23 16:28:25 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/17 07:09:17 | 000,013,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2013/01/17 05:12:22 | 000,000,871 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:12 | 002,360,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:25 | 002,631,204 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/13 15:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/06 07:37:25 | 000,094,720 | RHS- | C] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/05 04:48:30 | 000,019,411 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 11:20:44 | 000,010,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:16 | 000,202,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/17 05:12:22 | 000,000,871 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:11 | 002,360,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:24 | 002,631,204 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/15 08:13:40 | 000,013,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2012/10/15 06:40:40 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2012/10/15 06:40:40 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2012/10/15 06:40:39 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2012/10/15 06:40:39 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll [2012/10/15 06:40:20 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012/02/14 14:52:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/11 17:14:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/01/07 13:57:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2011/10/30 15:43:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{076D03A8-0A21-47BE-AA86-C281F0006B60} [2011/10/30 15:42:57 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{0FB64222-080E-4962-BCA6-4682121633E6} [2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010/10/12 17:16:09 | 000,000,619 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010/09/09 13:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010/06/04 17:19:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2010/05/12 17:42:44 | 001,441,268 | ---- | C] () -- C:\Programme\save.dat [2010/05/12 17:41:39 | 000,020,274 | ---- | C] () -- C:\Programme\sbanleit3.jpg [2010/05/12 17:41:39 | 000,017,637 | ---- | C] () -- C:\Programme\sbanleit2.jpg [2010/05/12 17:41:39 | 000,016,099 | ---- | C] () -- C:\Programme\sbanleit5.jpg [2010/05/12 17:41:39 | 000,015,673 | ---- | C] () -- C:\Programme\sbanleit1.jpg [2010/05/12 17:41:39 | 000,011,434 | ---- | C] () -- C:\Programme\sbanleit4.jpg [2010/05/12 17:41:39 | 000,005,988 | ---- | C] () -- C:\Programme\sbanleit6.jpg [2010/04/09 12:27:27 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/04/09 12:12:10 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2010/04/09 12:12:10 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2010/04/09 12:12:10 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2010/03/01 12:30:00 | 000,017,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/01/19 06:33:36 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010/01/15 09:15:16 | 000,063,485 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/01/14 15:51:39 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ScrAntic.ini [2009/11/29 09:17:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI [2009/11/17 09:02:55 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009/11/17 09:02:55 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009/11/17 09:02:48 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\$_hpcst$.hpc [2009/10/22 06:18:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009/10/22 06:18:50 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009/10/06 15:20:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009/09/11 11:41:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll [2009/09/11 11:41:52 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini [2009/09/11 11:41:51 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys [2009/09/11 11:41:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe [2009/09/01 11:00:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/06/05 17:19:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/05/05 09:26:29 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2009/05/04 06:08:30 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009/03/29 15:25:03 | 000,000,299 | ---- | C] () -- C:\WINDOWS\game.ini [2009/03/09 15:02:08 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\AVSDVDPlayer.m3u [2009/03/09 15:01:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/03/09 15:01:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/03/07 13:15:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/03/07 13:15:13 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 12:17:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/03/07 12:16:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009/03/07 12:04:22 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009/03/07 12:04:15 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/03/07 12:04:14 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/03/07 12:04:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2009/03/07 12:04:11 | 000,176,918 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009/03/07 11:57:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/03/07 11:52:24 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/03/07 11:43:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/03/07 11:41:59 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/03/02 13:26:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2009/02/04 13:26:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/10/07 02:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 02:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/10/03 15:48:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2008/09/29 15:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2008/05/04 11:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007/10/25 11:26:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006/09/19 02:07:28 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 07:00:00 | 000,448,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006/02/28 07:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 07:00:00 | 000,080,338 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006/02/28 07:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/07/12 08:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2004/03/23 10:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2004/02/27 09:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2003/03/14 06:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe [1998/10/10 19:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2012/02/08 19:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent [2013/01/15 16:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\.minecraft [2009/03/29 15:26:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Activision [2012/02/15 07:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ALDITALKVerbindungsassistent [2009/05/08 04:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ashampoo [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DAEMON Tools Lite [2011/08/29 07:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoft [2011/06/28 17:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers [2010/03/27 08:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Earth 2140 [2012/11/22 04:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Fox Dgital Copy [2011/03/06 11:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\gtk-2.0 [2011/04/11 10:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ICQ [2009/03/14 09:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leadertech [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leawo [2009/03/11 16:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\OpenOffice.org [2009/03/08 06:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Opera [2009/11/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\PC Suite [2009/11/17 09:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Samsung [2009/05/12 15:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TeamViewer [2012/11/14 04:20:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Thunderbird [2012/12/09 15:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\tiger-k [2012/10/15 08:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TP-LINK [2009/03/10 12:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TuneUp Software [2010/09/09 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ubisoft [2012/02/09 11:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Verbindungsassistent [2010/01/16 09:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Zylom [2009/12/07 15:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010/04/09 12:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2013/01/06 14:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Leawo [2009/11/17 09:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009/12/16 03:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\POP3Profiles [2009/03/02 13:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games [2012/10/15 06:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2011/06/26 05:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009/03/10 12:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010/09/09 13:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2010/01/16 09:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2009/03/17 08:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011/02/22 11:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/03/10 12:15:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009/09/20 15:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/14 07:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2013/01/07 09:39:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/30 15:10:49 | 000,000,000 | ---D | M] -- C:\23ef2ab834e8ccfd874889c7 [2009/04/03 07:35:46 | 000,000,000 | ---D | M] -- C:\bilder mpark [2009/03/07 11:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2009/12/07 13:45:12 | 000,000,000 | ---D | M] -- C:\Games [2012/01/07 13:55:37 | 000,000,000 | ---D | M] -- C:\Program Files [2010/11/17 17:08:01 | 000,000,000 | ---D | M] -- C:\PROGRAMM [2013/01/07 05:00:32 | 000,000,000 | R--D | M] -- C:\Programme [2009/03/07 13:12:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011/06/28 17:27:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/03/23 15:31:34 | 000,000,000 | ---D | M] -- C:\Ubisoft [2013/01/15 03:45:41 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\agp440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\eventlog.dll [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 00:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe < MD5 for: NETLOGON.DLL > [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\netlogon.dll [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\scecli.dll [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006/02/28 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006/02/28 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\userinit.exe [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006/02/28 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006/02/28 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/03/07 12:41:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/03/07 12:41:17 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/03/07 12:41:17 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2012/11/01 07:17:52 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2012/11/01 07:17:52 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 00:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 00:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > _____________________________________________________________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/9/2013 8:04:35 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298.08 Gb Total Space | 19.27 Gb Free Space | 6.47% Space Free | Partition Type: NTFS Drive D: | 14.44 Gb Total Space | 8.57 Gb Free Space | 59.36% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet003 ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled] -- -- (WMPNetworkSvc) SRV - File not found [On_Demand] -- -- (ServiceLayer) SRV - File not found [Auto] -- -- (PowerManager) SRV - File not found [On_Demand] -- -- (AppMgmt) SRV - File not found [Disabled] -- -- (a2free) SRV - [2012/11/08 12:44:46 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2012/07/13 06:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/02/08 19:28:00 | 000,342,984 | ---- | M] () [Auto] -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe -- (ALDITALKVerbindungsassistent_Service) SRV - [2011/12/26 07:46:42 | 000,375,872 | ---- | M] (Ralink Technology, Corp.) [Auto] -- C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe -- (RalinkRegistryWriter) SRV - [2011/03/16 03:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/02/18 09:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2010/03/04 16:38:00 | 000,071,096 | ---- | M] () [Auto] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess) SRV - [2009/09/24 14:53:22 | 000,238,952 | ---- | M] (Teruten) [Auto] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2009/08/18 05:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009/07/26 00:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand] -- C:\Games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/03/03 06:45:11 | 000,296,400 | ---- | M] () [Auto] -- C:\Programme\Verbindungsassistent\WTGService.exe -- (WTGService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [File_System | Boot] -- -- (Lbd) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand] -- -- (FXDrv32) DRV - File not found [Kernel | System] -- -- (Changer) DRV - File not found [Kernel | On_Demand] -- -- (BTWUSB) DRV - File not found [Kernel | On_Demand] -- -- (btwhid) DRV - File not found [Kernel | On_Demand] -- -- (BTWDNDIS) DRV - File not found [Kernel | On_Demand] -- -- (BTDriver) DRV - File not found [Kernel | On_Demand] -- -- (btaudio) DRV - File not found [Kernel | On_Demand] -- -- (bDMusicb) DRV - [2012/02/14 07:07:52 | 001,139,040 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2012/02/08 19:28:01 | 000,101,760 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2011/12/26 07:46:48 | 000,019,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Scutum50.sys -- (Scutum50) DRV - [2010/10/12 17:05:51 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2010/04/27 18:57:28 | 000,066,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2010/04/27 18:57:28 | 000,015,048 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2010/04/27 18:57:22 | 000,022,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2010/04/27 16:01:26 | 000,037,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter) DRV - [2010/04/19 13:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6) DRV - [2010/02/03 08:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2009/11/12 07:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2009/10/22 06:18:52 | 000,281,760 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009/10/22 06:18:50 | 000,025,888 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/09/21 03:33:06 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008/10/03 18:29:30 | 003,331,584 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2008/07/24 05:02:44 | 004,749,824 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2008/04/29 04:31:00 | 000,143,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008/03/16 17:19:58 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k57xp32.sys -- (k57w2k) Broadcom NetLink (TM) DRV - [2007/12/28 09:02:12 | 000,287,232 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wg111v3.sys -- (RTL8187B) DRV - [2007/10/01 21:06:40 | 000,451,968 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73) DRV - [2007/09/17 09:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007/07/03 10:58:20 | 000,106,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2007/07/03 10:57:24 | 000,011,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2007/07/03 10:54:24 | 000,080,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM) DRV - [2007/03/27 11:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3) DRV - [2006/04/05 19:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2005/11/10 13:54:56 | 000,402,944 | R--- | M] (Belkin Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BLKWGU.sys -- (BLKWGU(Belkin)) Belkin Wireless G USB Network Adapter(Belkin) DRV - [2004/10/25 07:40:58 | 000,017,664 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ZDPSp50.sys -- (ZDPSp50) DRV - [2001/08/17 07:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Knoden_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Suche IE - HKU\Knoden_ON_C\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - Reg Error: Key error. File not found IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local IE - HKU\Knoden_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 212.23.97.9:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Programme\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/10/15 13:29:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/11/08 12:45:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2012/11/14 04:20:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2009/03/07 13:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Extensions [2013/01/16 05:55:38 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions [2010/05/06 09:37:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010/01/06 10:46:17 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\mozilla\Firefox\Profiles\pu8pe171.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2012/10/15 13:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2009/07/03 11:45:03 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru File not found (No name found) -- [2012/10/10 20:05:24 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012/10/10 21:10:32 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/10/10 21:10:32 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012/10/10 21:10:32 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012/10/10 21:10:32 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012/10/10 21:10:32 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012/10/10 21:10:32 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006/02/28 07:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No CLSID value found. O3 - HKU\Knoden_ON_C\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Programme\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (ATI Technologies Inc.) O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe () O4 - HKLM..\Run: [Start WingMan Profiler] C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [svñhîst] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O4 - Startup: C:\Dokumente und Einstellungen\Knoden\Startmenü\Programme\Autostart\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\Knoden_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - File not found O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/07 22:25:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a02-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4ed01a03-ade5-11df-af80-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0ae-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{584ea0b3-7009-11df-af5d-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac2-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5ff80ac5-f74c-11e0-b0e0-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d9b03e50-04ea-11df-aef5-001fe262301e}\Shell\AutoRun\command - "" = E:\pushinst.exe O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell - "" = AutoRun O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ffb7adfa-5a3a-11e1-b17b-001fe262301e}\Shell\AutoRun\command - "" = E:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A0739DE2-571F-11D2-A031-0060977F760C} - InterActual PCFriendly ActiveX Control ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE NetSvcs: AppMgmt - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "TuneUp.ProgramStatisticsSvc" MsConfig - Services: "TuneUp.Defrag" MsConfig - Services: "WMPNetworkSvc" MsConfig - Services: "TunngleService" MsConfig - Services: "gupdate1c9da1fc6c11eda" MsConfig - Services: "btwdins" MsConfig - Services: "a2free" MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Belkin Wireless USB Utility.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^BTTray.lnk - - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^TP-LINK Wireless Configuration Utility.lnk - C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe - () MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^Knoden^Startmenü^Programme^Autostart^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: F5D7050v3 - hkey= - key= - File not found MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found MsConfig - StartUpReg: NPSStartup - hkey= - key= - File not found MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: Skype - hkey= - key= - C:\Programme\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - C:\Programme\Steam\Steam.exe (Valve Corporation) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 ========== Files/Folders - Created Within 30 Days ========== [2013/01/17 05:11:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Eigene Dateien\gegl-0.0 [2013/01/13 15:52:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\vlc [2013/01/13 15:52:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [2009/09/11 11:41:50 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd.dll [2009/09/11 11:41:50 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd.dll [2009/09/11 11:41:50 | 000,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd.dll [2007/03/12 04:41:52 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll [2005/11/23 05:55:32 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/02/06 07:42:52 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013/02/06 07:42:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/02/06 07:42:39 | 000,056,728 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap [2013/02/06 07:37:25 | 000,094,720 | RHS- | M] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/06 07:17:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013/02/06 04:48:37 | 000,448,898 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013/02/06 04:48:37 | 000,432,784 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013/02/06 04:48:37 | 000,080,338 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013/02/06 04:48:37 | 000,067,740 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013/02/06 04:44:32 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/02/05 10:18:13 | 000,019,411 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 18:54:04 | 000,010,516 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:17 | 000,202,563 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/23 16:28:25 | 000,019,456 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/17 07:09:17 | 000,013,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2013/01/17 05:12:22 | 000,000,871 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:12 | 002,360,681 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:25 | 002,631,204 | ---- | M] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/13 15:52:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/02/06 07:37:25 | 000,094,720 | RHS- | C] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe [2013/02/05 04:48:30 | 000,019,411 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\kitas Augsburg.odt [2013/02/04 11:20:44 | 000,010,516 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Lernen DF3.odt [2013/01/28 12:59:16 | 000,202,563 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\pc neu.JPG [2013/01/17 05:12:22 | 000,000,871 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\.recently-used.xbel [2013/01/17 04:48:11 | 002,360,681 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00770.JPG [2013/01/17 04:45:24 | 002,631,204 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\DSC00313.JPG [2013/01/15 08:13:40 | 000,013,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Desktop\Reflexion Triple P.odt [2012/10/15 06:40:40 | 000,001,191 | ---- | C] () -- C:\WINDOWS\System32\W32N55.INI [2012/10/15 06:40:40 | 000,000,449 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.ini [2012/10/15 06:40:39 | 000,480,608 | ---- | C] () -- C:\WINDOWS\System32\DiagFunc.dll [2012/10/15 06:40:39 | 000,034,080 | ---- | C] () -- C:\WINDOWS\System32\CTAAEI.dll [2012/10/15 06:40:20 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2012/02/14 14:52:46 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012/01/11 17:14:48 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012/01/07 13:57:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI [2011/10/30 15:43:06 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{076D03A8-0A21-47BE-AA86-C281F0006B60} [2011/10/30 15:42:57 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\{0FB64222-080E-4962-BCA6-4682121633E6} [2011/04/09 11:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010/10/12 17:16:09 | 000,000,619 | ---- | C] () -- C:\WINDOWS\eReg.dat [2010/09/09 13:06:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Access.dat [2010/06/04 17:19:57 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll [2010/05/12 17:42:44 | 001,441,268 | ---- | C] () -- C:\Programme\save.dat [2010/05/12 17:41:39 | 000,020,274 | ---- | C] () -- C:\Programme\sbanleit3.jpg [2010/05/12 17:41:39 | 000,017,637 | ---- | C] () -- C:\Programme\sbanleit2.jpg [2010/05/12 17:41:39 | 000,016,099 | ---- | C] () -- C:\Programme\sbanleit5.jpg [2010/05/12 17:41:39 | 000,015,673 | ---- | C] () -- C:\Programme\sbanleit1.jpg [2010/05/12 17:41:39 | 000,011,434 | ---- | C] () -- C:\Programme\sbanleit4.jpg [2010/05/12 17:41:39 | 000,005,988 | ---- | C] () -- C:\Programme\sbanleit6.jpg [2010/04/09 12:27:27 | 000,000,085 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/04/09 12:12:10 | 000,002,951 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Config.nt.bak [2010/04/09 12:12:10 | 000,001,806 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Autoexec.nt.bak [2010/04/09 12:12:10 | 000,000,820 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\hosts.bak [2010/03/01 12:30:00 | 000,017,168 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010/01/19 06:33:36 | 000,097,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\Fwusb1b.bin [2010/01/15 09:15:16 | 000,063,485 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/01/14 15:51:39 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ScrAntic.ini [2009/11/29 09:17:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\syscheck.INI [2009/11/17 09:02:55 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2009/11/17 09:02:55 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2009/11/17 09:02:48 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\$_hpcst$.hpc [2009/10/22 06:18:51 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009/10/22 06:18:50 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009/10/06 15:20:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009/09/11 11:41:52 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\dsnpstd.dll [2009/09/11 11:41:52 | 000,015,541 | ---- | C] () -- C:\WINDOWS\snpstd.ini [2009/09/11 11:41:51 | 000,302,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpstd.sys [2009/09/11 11:41:49 | 000,020,480 | ---- | C] () -- C:\WINDOWS\usnpstd.exe [2009/09/01 11:00:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/06/05 17:19:01 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/05/05 09:26:29 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini [2009/05/04 06:08:30 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini [2009/03/29 15:25:03 | 000,000,299 | ---- | C] () -- C:\WINDOWS\game.ini [2009/03/09 15:02:08 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\AVSDVDPlayer.m3u [2009/03/09 15:01:11 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/03/09 15:01:11 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/03/07 13:15:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/03/07 13:15:13 | 000,019,456 | ---- | C] () -- C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/07 12:17:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin [2009/03/07 12:16:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2009/03/07 12:04:22 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe [2009/03/07 12:04:15 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat [2009/03/07 12:04:14 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat [2009/03/07 12:04:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat [2009/03/07 12:04:11 | 000,176,918 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2009/03/07 11:57:17 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/03/07 11:52:24 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/03/07 11:43:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/03/07 11:41:59 | 000,125,320 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/03/02 13:26:56 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat [2009/02/04 13:26:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2008/10/07 02:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll [2008/10/07 02:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll [2008/10/07 02:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll [2008/10/03 15:48:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe [2008/09/29 15:22:28 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe [2008/05/04 11:39:34 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\ViaClassCoInstaller.dll [2007/10/25 11:26:10 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2006/09/19 02:07:28 | 000,827,392 | ---- | C] () -- C:\WINDOWS\vsnpstd3.exe [2006/02/28 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2006/02/28 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2006/02/28 07:00:00 | 000,448,898 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2006/02/28 07:00:00 | 000,432,784 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2006/02/28 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2006/02/28 07:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2006/02/28 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2006/02/28 07:00:00 | 000,080,338 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2006/02/28 07:00:00 | 000,067,740 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2006/02/28 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2006/02/28 07:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2006/02/28 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2006/02/28 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2006/02/28 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2006/02/28 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2006/02/28 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2005/07/12 08:44:42 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2004/03/23 10:38:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2004/02/27 09:36:18 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini [2003/03/14 06:24:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe [1998/10/10 19:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2012/02/08 19:28:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\ALDITALKVerbindungsassistent [2013/01/15 16:34:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\.minecraft [2009/03/29 15:26:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Activision [2012/02/15 07:41:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ALDITALKVerbindungsassistent [2009/05/08 04:35:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ashampoo [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:10:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DAEMON Tools Lite [2011/08/29 07:26:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoft [2011/06/28 17:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\DVDVideoSoftIEHelpers [2010/03/27 08:20:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Earth 2140 [2012/11/22 04:13:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Fox Dgital Copy [2011/03/06 11:38:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\gtk-2.0 [2011/04/11 10:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\ICQ [2009/03/14 09:08:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leadertech [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Leawo [2009/03/11 16:48:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\OpenOffice.org [2009/03/08 06:55:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Opera [2009/11/17 09:06:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\PC Suite [2009/11/17 09:02:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Samsung [2009/05/12 15:41:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TeamViewer [2012/11/14 04:20:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Thunderbird [2012/12/09 15:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\tiger-k [2012/10/15 08:12:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TP-LINK [2009/03/10 12:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\TuneUp Software [2010/09/09 13:33:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Ubisoft [2012/02/09 11:57:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Verbindungsassistent [2010/01/16 09:51:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Knoden\Anwendungsdaten\Zylom [2009/12/07 15:38:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BioWare [2010/09/07 17:03:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited [2010/10/12 17:05:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2010/04/09 12:53:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\G DATA [2013/01/06 14:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KONAMI [2012/12/09 15:44:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Leawo [2009/11/17 09:06:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2009/12/16 03:54:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\POP3Profiles [2009/03/02 13:21:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PopCap Games [2012/10/15 06:40:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TP-LINK [2011/06/26 05:38:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TrackMania [2009/03/10 12:16:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2010/09/09 13:05:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tunngle [2010/03/21 15:06:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2010/01/16 09:51:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Zylom [2009/03/17 08:35:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} [2011/02/22 11:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009/03/10 12:15:12 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{55A29068-F2CE-456C-9148-C869879E2357} [2009/09/20 15:29:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/04/14 07:12:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2013/01/07 09:39:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009/08/30 15:10:49 | 000,000,000 | ---D | M] -- C:\23ef2ab834e8ccfd874889c7 [2009/04/03 07:35:46 | 000,000,000 | ---D | M] -- C:\bilder mpark [2009/03/07 11:59:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen [2009/12/07 13:45:12 | 000,000,000 | ---D | M] -- C:\Games [2012/01/07 13:55:37 | 000,000,000 | ---D | M] -- C:\Program Files [2010/11/17 17:08:01 | 000,000,000 | ---D | M] -- C:\PROGRAMM [2013/01/07 05:00:32 | 000,000,000 | R--D | M] -- C:\Programme [2009/03/07 13:12:45 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011/06/28 17:27:37 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/03/23 15:31:34 | 000,000,000 | ---D | M] -- C:\Ubisoft [2013/01/15 03:45:41 | 000,000,000 | ---D | M] -- C:\WINDOWS < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\agp440.sys [2008/04/13 17:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2006/02/28 07:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys [2008/04/14 01:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\atapi.sys [2008/04/13 17:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2006/02/28 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 21:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\eventlog.dll [2008/04/14 00:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll [2006/02/28 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2008/04/14 00:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe < MD5 for: NETLOGON.DLL > [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 21:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\netlogon.dll [2008/04/14 00:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll [2006/02/28 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 21:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\scecli.dll [2008/04/14 00:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll [2006/02/28 07:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2006/02/28 07:00:00 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2008/04/13 21:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\user32.dll [2008/04/14 00:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < MD5 for: USERINIT.EXE > [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2008/04/13 21:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\userinit.exe [2008/04/14 00:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe [2006/02/28 07:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe < MD5 for: WINLOGON.EXE > [2006/02/28 07:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2008/04/13 21:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\SoftwareDistribution\Download\353532c428eb23a15c972081863622b7\winlogon.exe [2008/04/14 00:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2006/02/28 07:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2009/03/07 12:41:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav [2009/03/07 12:41:17 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav [2009/03/07 12:41:17 | 000,454,656 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav < %systemroot%\system32\*.dll /lockedfiles > [2011/03/03 01:54:43 | 000,149,504 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dnsapi.dll [2012/11/01 07:17:52 | 011,111,424 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [2012/11/01 07:17:52 | 002,000,384 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iertutil.dll [2008/04/14 00:52:20 | 000,280,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\mstask.dll [2008/04/14 00:52:22 | 000,067,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ntdsapi.dll [2012/06/08 09:25:14 | 008,503,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\shell32.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > |
10.02.2013, 17:29 | #5 |
/// Malware-holic | Grauer Bildschirm nach Windowsstart aloa, auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL [2013/02/06 07:37:25 | 000,094,720 | RHS- | M] () -- C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe :Files :Commands [EMPTYFLASH] [emptytemp] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.02.2013, 20:05 | #6 |
| Grauer Bildschirm nach Windowsstart OK erledigt hier der Log: ========== OTL ========== C:\Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Knoden ->Temp folder emptied: 66175681 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 54753017 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 9227 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 226144 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 975689 bytes Total Flash Files Cleaned = 117.00 mb [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Knoden ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 2148906 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 18241857 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes Total Files Cleaned = 19.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 02102013_200343 |
10.02.2013, 20:06 | #7 |
/// Malware-holic | Grauer Bildschirm nach Windowsstart Aloa, wenn der normale Modus funktioniert: download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.02.2013, 20:21 | #8 |
| Grauer Bildschirm nach Windowsstart Ein paar Haken hießen anders als in deiner Anleitung, darum hab ich alle vier gesetzt. Hier der Log: 20:17:00.0562 2508 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 20:17:02.0562 2508 ============================================================ 20:17:02.0562 2508 Current date / time: 2013/02/10 20:17:02.0562 20:17:02.0562 2508 SystemInfo: 20:17:02.0562 2508 20:17:02.0562 2508 OS Version: 5.1.2600 ServicePack: 3.0 20:17:02.0562 2508 Product type: Workstation 20:17:02.0562 2508 ComputerName: DENNIS 20:17:02.0562 2508 UserName: Knoden 20:17:02.0562 2508 Windows directory: C:\WINDOWS 20:17:02.0562 2508 System windows directory: C:\WINDOWS 20:17:02.0562 2508 Processor architecture: Intel x86 20:17:02.0562 2508 Number of processors: 4 20:17:02.0562 2508 Page size: 0x1000 20:17:02.0562 2508 Boot type: Normal boot 20:17:02.0562 2508 ============================================================ 20:17:03.0859 2508 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 20:17:03.0859 2508 ============================================================ 20:17:03.0859 2508 \Device\Harddisk0\DR0: 20:17:03.0859 2508 MBR partitions: 20:17:03.0859 2508 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1 20:17:03.0859 2508 ============================================================ 20:17:03.0890 2508 C: <-> \Device\Harddisk0\DR0\Partition0 20:17:03.0921 2508 ============================================================ 20:17:03.0921 2508 Initialize success 20:17:03.0921 2508 ============================================================ 20:18:59.0125 0140 ============================================================ 20:18:59.0125 0140 Scan started 20:18:59.0125 0140 Mode: Manual; SigCheck; TDLFS; 20:18:59.0125 0140 ============================================================ 20:18:59.0343 0140 6to4 (d5a6658cbfbbf9a0f8827e83c9fde806) C:\WINDOWS\System32\6to4svc.dll 20:19:00.0093 0140 6to4 - ok 20:19:00.0125 0140 a2free - ok 20:19:00.0125 0140 Abiosdsk - ok 20:19:00.0125 0140 abp480n5 - ok 20:19:00.0171 0140 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys 20:19:00.0703 0140 ACPI - ok 20:19:00.0734 0140 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\drivers\ACPIEC.sys 20:19:00.0828 0140 ACPIEC - ok 20:19:00.0828 0140 adpu160m - ok 20:19:00.0859 0140 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 20:19:00.0937 0140 aec - ok 20:19:00.0984 0140 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys 20:19:01.0000 0140 AegisP ( UnsignedFile.Multi.Generic ) - warning 20:19:01.0000 0140 AegisP - detected UnsignedFile.Multi.Generic (1) 20:19:01.0031 0140 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 20:19:01.0093 0140 AFD - ok 20:19:01.0093 0140 Aha154x - ok 20:19:01.0109 0140 aic78u2 - ok 20:19:01.0109 0140 aic78xx - ok 20:19:01.0265 0140 ALDITALKVerbindungsassistent_Service (73350b0f3a59c52118137ebde11c2a5d) C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe 20:19:01.0312 0140 ALDITALKVerbindungsassistent_Service - ok 20:19:01.0359 0140 Alerter (738d80cc01d7bc7584be917b7f544394) C:\WINDOWS\system32\alrsvc.dll 20:19:01.0453 0140 Alerter - ok 20:19:01.0500 0140 ALG (190cd73d4984f94d823f9444980513e5) C:\WINDOWS\System32\alg.exe 20:19:01.0578 0140 ALG - ok 20:19:01.0593 0140 AliIde - ok 20:19:01.0593 0140 amsint - ok 20:19:01.0703 0140 Apple Mobile Device (20f6f19fe9e753f2780dc2fa083ad597) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:19:01.0703 0140 Apple Mobile Device - ok 20:19:01.0703 0140 AppMgmt - ok 20:19:01.0734 0140 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 20:19:01.0812 0140 Arp1394 - ok 20:19:01.0812 0140 asc - ok 20:19:01.0812 0140 asc3350p - ok 20:19:01.0828 0140 asc3550 - ok 20:19:01.0937 0140 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:19:01.0968 0140 aspnet_state - ok 20:19:02.0000 0140 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 20:19:02.0078 0140 AsyncMac - ok 20:19:02.0093 0140 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 20:19:02.0171 0140 atapi - ok 20:19:02.0171 0140 Atdisk - ok 20:19:02.0250 0140 Ati HotKey Poller (fcfd6eef3c99df24edd3f975ebbc61b8) C:\WINDOWS\system32\Ati2evxx.exe 20:19:02.0328 0140 Ati HotKey Poller - ok 20:19:02.0375 0140 ATI Smart (c3cdcc8beef13d653312639926a6aa4c) C:\WINDOWS\system32\ati2sgag.exe 20:19:02.0421 0140 ATI Smart ( UnsignedFile.Multi.Generic ) - warning 20:19:02.0421 0140 ATI Smart - detected UnsignedFile.Multi.Generic (1) 20:19:02.0609 0140 ati2mtag (42a3badcac4e31b373821a05f945e69d) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 20:19:02.0750 0140 ati2mtag - ok 20:19:02.0921 0140 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\WINDOWS\system32\DRIVERS\atksgt.sys 20:19:18.0171 0140 atksgt - ok 20:19:18.0203 0140 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 20:19:18.0281 0140 Atmarpc - ok 20:19:18.0312 0140 AudioSrv (58ed0d5452df7be732193e7999c6b9a4) C:\WINDOWS\System32\audiosrv.dll 20:19:18.0406 0140 AudioSrv - ok 20:19:18.0453 0140 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 20:19:18.0546 0140 audstub - ok 20:19:18.0718 0140 bDMusicb - ok 20:19:18.0765 0140 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 20:19:18.0859 0140 Beep - ok 20:19:18.0906 0140 BITS (d6f603772a789bb3228f310d650b8bd1) C:\WINDOWS\system32\qmgr.dll 20:19:19.0171 0140 BITS - ok 20:19:19.0203 0140 BLKWGU(Belkin) (ed910b63a75863a89aab65f2763d5b71) C:\WINDOWS\system32\DRIVERS\BLKWGU.sys 20:19:19.0250 0140 BLKWGU(Belkin) - ok 20:19:19.0390 0140 Bonjour Service (f2060a34c8a75bc24a9222eb4f8c07bd) C:\Programme\Bonjour\mDNSResponder.exe 20:19:19.0421 0140 Bonjour Service - ok 20:19:19.0484 0140 Browser (b71549f23736adf83a571061c47777fd) C:\WINDOWS\System32\browser.dll 20:19:19.0562 0140 Browser - ok 20:19:19.0562 0140 btaudio - ok 20:19:19.0562 0140 BTDriver - ok 20:19:19.0578 0140 BTWDNDIS - ok 20:19:19.0578 0140 btwhid - ok 20:19:19.0578 0140 BTWUSB - ok 20:19:19.0609 0140 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 20:19:19.0703 0140 cbidf2k - ok 20:19:19.0718 0140 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 20:19:19.0812 0140 CCDECODE - ok 20:19:19.0812 0140 cd20xrnt - ok 20:19:19.0828 0140 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 20:19:19.0906 0140 Cdaudio - ok 20:19:19.0968 0140 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 20:19:20.0046 0140 Cdfs - ok 20:19:20.0093 0140 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 20:19:20.0171 0140 Cdrom - ok 20:19:20.0171 0140 Changer - ok 20:19:20.0234 0140 CiSvc (28e3040d1f1ca2008cd6b29dfebc9a5e) C:\WINDOWS\system32\cisvc.exe 20:19:20.0328 0140 CiSvc - ok 20:19:20.0375 0140 ClipSrv (778a30ed3c134eb7e406afc407e9997d) C:\WINDOWS\system32\clipsrv.exe 20:19:20.0468 0140 ClipSrv - ok 20:19:20.0562 0140 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:19:20.0625 0140 clr_optimization_v2.0.50727_32 - ok 20:19:20.0640 0140 CmdIde - ok 20:19:20.0640 0140 COMSysApp - ok 20:19:20.0640 0140 Cpqarray - ok 20:19:20.0687 0140 CryptSvc (611f824e5c703a5a899f84c5f1699e4d) C:\WINDOWS\System32\cryptsvc.dll 20:19:20.0796 0140 CryptSvc - ok 20:19:20.0796 0140 dac2w2k - ok 20:19:20.0796 0140 dac960nt - ok 20:19:20.0890 0140 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Games\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 20:19:20.0890 0140 DAUpdaterSvc - ok 20:19:20.0968 0140 DcomLaunch (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 20:19:21.0093 0140 DcomLaunch - ok 20:19:21.0171 0140 Dhcp (c29a1c9b75ba38fa37f8c44405dec360) C:\WINDOWS\System32\dhcpcsvc.dll 20:19:21.0250 0140 Dhcp - ok 20:19:21.0265 0140 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 20:19:21.0328 0140 Disk - ok 20:19:21.0328 0140 dmadmin - ok 20:19:21.0406 0140 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys 20:19:21.0515 0140 dmboot - ok 20:19:21.0546 0140 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys 20:19:21.0640 0140 dmio - ok 20:19:21.0671 0140 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 20:19:21.0765 0140 dmload - ok 20:19:21.0796 0140 dmserver (25c83ffbba13b554eb6d59a9b2e2ee78) C:\WINDOWS\System32\dmserver.dll 20:19:21.0875 0140 dmserver - ok 20:19:21.0906 0140 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 20:19:21.0984 0140 DMusic - ok 20:19:22.0000 0140 Dnscache (407f3227ac618fd1ca54b335b083de07) C:\WINDOWS\System32\dnsrslvr.dll 20:19:22.0156 0140 Dnscache - ok 20:19:22.0203 0140 Dot3svc (676e36c4ff5bcea1900f44182b9723e6) C:\WINDOWS\System32\dot3svc.dll 20:19:22.0265 0140 Dot3svc - ok 20:19:22.0281 0140 dpti2o - ok 20:19:22.0312 0140 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 20:19:22.0390 0140 drmkaud - ok 20:19:22.0421 0140 EapHost (4e4f2fddab0a0736d7671134dcce91fb) C:\WINDOWS\System32\eapsvc.dll 20:19:22.0515 0140 EapHost - ok 20:19:22.0562 0140 EAPPkt (c47e7c5e7410c7de98f7219e3008c23d) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys 20:19:22.0578 0140 EAPPkt ( UnsignedFile.Multi.Generic ) - warning 20:19:22.0578 0140 EAPPkt - detected UnsignedFile.Multi.Generic (1) 20:19:22.0625 0140 ERSvc (877c18558d70587aa7823a1a308ac96b) C:\WINDOWS\System32\ersvc.dll 20:19:22.0703 0140 ERSvc - ok 20:19:22.0750 0140 Eventlog (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 20:19:22.0796 0140 Eventlog - ok 20:19:22.0843 0140 EventSystem (af4f6b5739d18ca7972ab53e091cbc74) C:\WINDOWS\system32\es.dll 20:19:22.0890 0140 EventSystem - ok 20:19:22.0921 0140 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 20:19:23.0000 0140 Fastfat - ok 20:19:23.0046 0140 FastUserSwitchingCompatibility (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:19:23.0125 0140 FastUserSwitchingCompatibility - ok 20:19:23.0187 0140 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 20:19:23.0250 0140 Fdc - ok 20:19:23.0265 0140 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys 20:19:23.0359 0140 Fips - ok 20:19:23.0375 0140 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20:19:23.0437 0140 Flpydisk - ok 20:19:23.0500 0140 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 20:19:23.0578 0140 FltMgr - ok 20:19:23.0781 0140 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 20:19:23.0781 0140 FontCache3.0.0.0 - ok 20:19:23.0843 0140 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS 20:19:23.0859 0140 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning 20:19:23.0859 0140 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1) 20:19:23.0875 0140 FsUsbExService (b49dbf7225389ec602c1b7b76c541ec2) C:\WINDOWS\system32\FsUsbExService.Exe 20:19:23.0875 0140 FsUsbExService - ok 20:19:23.0890 0140 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 20:19:23.0984 0140 Fs_Rec - ok 20:19:24.0000 0140 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 20:19:24.0078 0140 Ftdisk - ok 20:19:24.0140 0140 FWLANUSB (b45f1df1cce34e2af422f0ed78cd70ef) C:\WINDOWS\system32\DRIVERS\fwlanusb.sys 20:19:24.0187 0140 FWLANUSB - ok 20:19:24.0187 0140 FXDrv32 - ok 20:19:24.0234 0140 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 20:19:24.0234 0140 GEARAspiWDM - ok 20:19:24.0296 0140 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 20:19:24.0359 0140 Gpc - ok 20:19:24.0500 0140 gupdate1c9da1fc6c11eda (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe 20:19:24.0515 0140 gupdate1c9da1fc6c11eda - ok 20:19:24.0515 0140 gupdatem (626a24ed1228580b9518c01930936df9) C:\Programme\Google\Update\GoogleUpdate.exe 20:19:24.0531 0140 gupdatem - ok 20:19:24.0578 0140 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys 20:19:24.0625 0140 hamachi - ok 20:19:24.0625 0140 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 20:19:24.0703 0140 HDAudBus - ok 20:19:24.0796 0140 helpsvc (cb66bf85bf599befd6c6a57c2e20357f) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 20:19:24.0875 0140 helpsvc - ok 20:19:24.0906 0140 HidServ (b35da85e60c0103f2e4104532da2f12b) C:\WINDOWS\System32\hidserv.dll 20:19:25.0000 0140 HidServ - ok 20:19:25.0015 0140 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 20:19:25.0109 0140 hidusb - ok 20:19:25.0140 0140 hkmsvc (ed29f14101523a6e0e808107405d452c) C:\WINDOWS\System32\kmsvc.dll 20:19:25.0203 0140 hkmsvc - ok 20:19:25.0203 0140 hpn - ok 20:19:25.0265 0140 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 20:19:25.0296 0140 HTTP - ok 20:19:25.0359 0140 HTTPFilter (9e4adb854cebcfb81a4b36718feecd16) C:\WINDOWS\System32\w3ssl.dll 20:19:25.0437 0140 HTTPFilter - ok 20:19:25.0484 0140 hwdatacard (1720966d9c7ea5e2d78b6db92d2f9171) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 20:19:25.0531 0140 hwdatacard - ok 20:19:25.0531 0140 i2omgmt - ok 20:19:25.0546 0140 i2omp - ok 20:19:25.0578 0140 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\drivers\i8042prt.sys 20:19:25.0656 0140 i8042prt - ok 20:19:25.0750 0140 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:19:25.0796 0140 idsvc - ok 20:19:25.0812 0140 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 20:19:25.0906 0140 Imapi - ok 20:19:25.0953 0140 ImapiService (d4b413aa210c21e46aedd2ba5b68d38e) C:\WINDOWS\system32\imapi.exe 20:19:26.0031 0140 ImapiService - ok 20:19:26.0031 0140 ini910u - ok 20:19:26.0281 0140 IntcAzAudAddService (4aaa8312732655f93a254d1fa695eb79) C:\WINDOWS\system32\drivers\RtkHDAud.sys 20:19:26.0531 0140 IntcAzAudAddService - ok 20:19:26.0640 0140 IntelIde - ok 20:19:26.0671 0140 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 20:19:26.0734 0140 Ip6Fw - ok 20:19:26.0781 0140 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 20:19:26.0875 0140 IpFilterDriver - ok 20:19:26.0906 0140 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 20:19:27.0000 0140 IpInIp - ok 20:19:27.0015 0140 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 20:19:27.0093 0140 IpNat - ok 20:19:27.0234 0140 iPod Service (e51bd095b2fdf56b17ee010bb794d6ed) C:\Programme\iPod\bin\iPodService.exe 20:19:27.0296 0140 iPod Service - ok 20:19:27.0328 0140 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 20:19:27.0421 0140 IPSec - ok 20:19:27.0437 0140 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys 20:19:27.0515 0140 irda - ok 20:19:27.0546 0140 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 20:19:27.0609 0140 IRENUM - ok 20:19:27.0671 0140 Irmon (2efe1db1ec58a26b0c14bfda122e246f) C:\WINDOWS\System32\irmon.dll 20:19:27.0750 0140 Irmon - ok 20:19:27.0796 0140 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys 20:19:27.0843 0140 irsir - ok 20:19:27.0859 0140 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys 20:19:27.0953 0140 isapnp - ok 20:19:28.0109 0140 JavaQuickStarterService (b591e761161d1ef547d76ef236eaa6a5) C:\Programme\Java\jre7\bin\jqs.exe 20:19:28.0125 0140 JavaQuickStarterService - ok 20:19:28.0187 0140 k57w2k (8353d24d87c597377d8628d9a7f148c3) C:\WINDOWS\system32\DRIVERS\k57xp32.sys 20:19:28.0218 0140 k57w2k - ok 20:19:28.0250 0140 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 20:19:28.0312 0140 Kbdclass - ok 20:19:28.0328 0140 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 20:19:28.0390 0140 kbdhid - ok 20:19:28.0406 0140 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 20:19:28.0468 0140 kmixer - ok 20:19:28.0484 0140 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 20:19:28.0625 0140 KSecDD - ok 20:19:28.0671 0140 lanmanserver (2bbdcb79900990f0716dfcb714e72de7) C:\WINDOWS\System32\srvsvc.dll 20:19:28.0718 0140 lanmanserver - ok 20:19:28.0781 0140 lanmanworkstation (1869b14b06b44b44af70548e1ea3303f) C:\WINDOWS\System32\wkssvc.dll 20:19:28.0859 0140 lanmanworkstation - ok 20:19:28.0859 0140 Lbd - ok 20:19:28.0859 0140 lbrtfdc - ok 20:19:28.0890 0140 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\WINDOWS\system32\DRIVERS\lirsgt.sys 20:19:28.0906 0140 lirsgt - ok 20:19:28.0937 0140 LmHosts (636714b7d43c8d0c80449123fd266920) C:\WINDOWS\System32\lmhsvc.dll 20:19:29.0015 0140 LmHosts - ok 20:19:29.0046 0140 Messenger (b7550a7107281d170ce85524b1488c98) C:\WINDOWS\System32\msgsvc.dll 20:19:29.0140 0140 Messenger - ok 20:19:29.0171 0140 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 20:19:29.0265 0140 mnmdd - ok 20:19:29.0312 0140 mnmsrvc (c2f1d365fd96791b037ee504868065d3) C:\WINDOWS\system32\mnmsrvc.exe 20:19:29.0390 0140 mnmsrvc - ok 20:19:29.0406 0140 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys 20:19:29.0468 0140 Modem - ok 20:19:29.0484 0140 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys 20:19:29.0546 0140 Mouclass - ok 20:19:29.0578 0140 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys 20:19:29.0656 0140 mouhid - ok 20:19:29.0656 0140 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 20:19:29.0750 0140 MountMgr - ok 20:19:29.0750 0140 mraid35x - ok 20:19:29.0781 0140 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 20:19:29.0859 0140 MRxDAV - ok 20:19:29.0921 0140 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 20:19:29.0968 0140 MRxSmb - ok 20:19:29.0984 0140 MSDTC (35a031af38c55f92d28aa03ee9f12cc9) C:\WINDOWS\system32\msdtc.exe 20:19:30.0046 0140 MSDTC - ok 20:19:30.0062 0140 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 20:19:30.0156 0140 Msfs - ok 20:19:30.0156 0140 MSIServer - ok 20:19:30.0187 0140 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 20:19:30.0250 0140 MSKSSRV - ok 20:19:30.0265 0140 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 20:19:30.0328 0140 MSPCLOCK - ok 20:19:30.0328 0140 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 20:19:30.0421 0140 MSPQM - ok 20:19:30.0453 0140 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 20:19:30.0515 0140 mssmbios - ok 20:19:30.0562 0140 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys 20:19:30.0625 0140 MSTEE - ok 20:19:30.0625 0140 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 20:19:30.0671 0140 Mup - ok 20:19:30.0718 0140 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 20:19:30.0796 0140 NABTSFEC - ok 20:19:30.0859 0140 napagent (46bb15ae2ac7d025d6d2567b876817bd) C:\WINDOWS\System32\qagentrt.dll 20:19:30.0968 0140 napagent - ok 20:19:30.0968 0140 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 20:19:31.0046 0140 NDIS - ok 20:19:31.0093 0140 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 20:19:31.0156 0140 NdisIP - ok 20:19:31.0187 0140 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 20:19:31.0234 0140 NdisTapi - ok 20:19:31.0250 0140 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 20:19:31.0328 0140 Ndisuio - ok 20:19:31.0343 0140 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 20:19:31.0406 0140 NdisWan - ok 20:19:31.0437 0140 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 20:19:31.0500 0140 NDProxy - ok 20:19:31.0531 0140 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\WINDOWS\system32\DRIVERS\netaapl.sys 20:19:31.0562 0140 Netaapl - ok 20:19:31.0562 0140 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 20:19:31.0671 0140 NetBIOS - ok 20:19:31.0703 0140 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 20:19:31.0765 0140 NetBT - ok 20:19:31.0812 0140 NetDDE (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 20:19:31.0906 0140 NetDDE - ok 20:19:31.0906 0140 NetDDEdsdm (8ace4251bffd09ce75679fe940e996cc) C:\WINDOWS\system32\netdde.exe 20:19:31.0968 0140 NetDDEdsdm - ok 20:19:32.0015 0140 Netlogon (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:19:32.0093 0140 Netlogon - ok 20:19:32.0156 0140 Netman (e6d88f1f6745bf00b57e7855a2ab696c) C:\WINDOWS\System32\netman.dll 20:19:32.0234 0140 Netman - ok 20:19:32.0453 0140 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:19:32.0468 0140 NetTcpPortSharing - ok 20:19:32.0515 0140 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 20:19:32.0578 0140 NIC1394 - ok 20:19:32.0640 0140 Nla (f1b67b6b0751ae0e6e964b02821206a3) C:\WINDOWS\System32\mswsock.dll 20:19:32.0687 0140 Nla - ok 20:19:32.0843 0140 NMSAccess (7aea4df1ca68fd45dd4bbe1f0243ce7f) C:\Programme\CDBurnerXP\NMSAccessU.exe 20:19:32.0843 0140 NMSAccess - ok 20:19:32.0890 0140 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 20:19:32.0968 0140 Npfs - ok 20:19:32.0984 0140 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 20:19:33.0109 0140 Ntfs - ok 20:19:33.0109 0140 NtLmSsp (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:19:33.0171 0140 NtLmSsp - ok 20:19:33.0234 0140 NtmsSvc (56af4064996fa5bac9c449b1514b4770) C:\WINDOWS\system32\ntmssvc.dll 20:19:33.0343 0140 NtmsSvc - ok 20:19:33.0390 0140 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 20:19:33.0468 0140 Null - ok 20:19:33.0500 0140 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 20:19:33.0609 0140 NwlnkFlt - ok 20:19:33.0625 0140 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 20:19:33.0703 0140 NwlnkFwd - ok 20:19:33.0703 0140 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 20:19:33.0796 0140 ohci1394 - ok 20:19:33.0843 0140 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys 20:19:33.0921 0140 Parport - ok 20:19:33.0937 0140 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 20:19:34.0000 0140 PartMgr - ok 20:19:34.0031 0140 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys 20:19:34.0125 0140 ParVdm - ok 20:19:34.0156 0140 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys 20:19:34.0171 0140 pccsmcfd - ok 20:19:34.0187 0140 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys 20:19:34.0281 0140 PCI - ok 20:19:34.0281 0140 PCIDump - ok 20:19:34.0281 0140 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys 20:19:34.0390 0140 PCIIde - ok 20:19:34.0437 0140 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\drivers\Pcmcia.sys 20:19:34.0531 0140 Pcmcia - ok 20:19:34.0531 0140 PDCOMP - ok 20:19:34.0531 0140 PDFRAME - ok 20:19:34.0546 0140 PDRELI - ok 20:19:34.0546 0140 PDRFRAME - ok 20:19:34.0546 0140 perc2 - ok 20:19:34.0546 0140 perc2hib - ok 20:19:34.0593 0140 PlugPlay (a3edbe9053889fb24ab22492472b39dc) C:\WINDOWS\system32\services.exe 20:19:34.0625 0140 PlugPlay - ok 20:19:34.0625 0140 PolicyAgent (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:19:34.0687 0140 PolicyAgent - ok 20:19:34.0687 0140 PowerManager - ok 20:19:34.0750 0140 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 20:19:34.0812 0140 PptpMiniport - ok 20:19:34.0812 0140 Processor (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys 20:19:34.0906 0140 Processor - ok 20:19:34.0906 0140 ProtectedStorage (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:19:34.0968 0140 ProtectedStorage - ok 20:19:34.0968 0140 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 20:19:35.0046 0140 PSched - ok 20:19:35.0062 0140 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 20:19:35.0171 0140 Ptilink - ok 20:19:35.0203 0140 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys 20:19:35.0218 0140 PxHelp20 - ok 20:19:35.0218 0140 ql1080 - ok 20:19:35.0218 0140 Ql10wnt - ok 20:19:35.0218 0140 ql12160 - ok 20:19:35.0234 0140 ql1240 - ok 20:19:35.0234 0140 ql1280 - ok 20:19:35.0390 0140 RalinkRegistryWriter (f502a4b72524d21c5ca7183e61fb522e) C:\Programme\TP-LINK\TP-LINK Wireless Configuration Utility\Service\RaRegistry.exe 20:19:35.0421 0140 RalinkRegistryWriter - ok 20:19:35.0484 0140 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 20:19:35.0562 0140 RasAcd - ok 20:19:35.0609 0140 RasAuto (f5ba6caccdb66c8f048e867563203246) C:\WINDOWS\System32\rasauto.dll 20:19:35.0687 0140 RasAuto - ok 20:19:35.0734 0140 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys 20:19:35.0765 0140 Rasirda - ok 20:19:35.0765 0140 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 20:19:35.0828 0140 Rasl2tp - ok 20:19:35.0890 0140 RasMan (f9a7b66ea345726edb5862a46b1eccd5) C:\WINDOWS\System32\rasmans.dll 20:19:35.0968 0140 RasMan - ok 20:19:35.0984 0140 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 20:19:36.0046 0140 RasPppoe - ok 20:19:36.0062 0140 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 20:19:36.0140 0140 Raspti - ok 20:19:36.0203 0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 20:19:36.0265 0140 Rdbss - ok 20:19:36.0265 0140 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 20:19:36.0343 0140 RDPCDD - ok 20:19:36.0390 0140 RDPWD (43af5212bd8fb5ba6eed9754358bd8f7) C:\WINDOWS\system32\drivers\RDPWD.sys 20:19:36.0437 0140 RDPWD - ok 20:19:36.0500 0140 RDSessMgr (263af18af0f3db99f574c95f284ccec9) C:\WINDOWS\system32\sessmgr.exe 20:19:36.0578 0140 RDSessMgr - ok 20:19:36.0609 0140 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys 20:19:36.0671 0140 redbook - ok 20:19:36.0718 0140 RemoteAccess (0e97ec96d6942ceec2d188cc2eb69a01) C:\WINDOWS\System32\mprdim.dll 20:19:36.0812 0140 RemoteAccess - ok 20:19:36.0812 0140 RpcLocator (2a02e21867497df20b8fc95631395169) C:\WINDOWS\system32\locator.exe 20:19:36.0875 0140 RpcLocator - ok 20:19:36.0921 0140 RpcSs (3127afbf2c1ed0ab14a1bbb7aaecb85b) C:\WINDOWS\system32\rpcss.dll 20:19:36.0953 0140 RpcSs - ok 20:19:36.0984 0140 RSVP (4bdd71b4b521521499dfd14735c4f398) C:\WINDOWS\system32\rsvp.exe 20:19:37.0062 0140 RSVP - ok 20:19:37.0140 0140 rt2870 (0a7293edc2537652a4914018a7589f14) C:\WINDOWS\system32\DRIVERS\rt2870.sys 20:19:37.0187 0140 rt2870 - ok 20:19:37.0234 0140 RT73 (4f153709d0691c6de8c9a4c5e813907c) C:\WINDOWS\system32\DRIVERS\rt73.sys 20:19:37.0281 0140 RT73 ( UnsignedFile.Multi.Generic ) - warning 20:19:37.0281 0140 RT73 - detected UnsignedFile.Multi.Generic (1) 20:19:37.0343 0140 RTHDMIAzAudService (39c5c2fbf652c9f8c194873d5c8a1f58) C:\WINDOWS\system32\drivers\RtHDMIV.sys 20:19:37.0359 0140 RTHDMIAzAudService - ok 20:19:37.0421 0140 RTL8187B (60aecd4284317784111716bb88342f46) C:\WINDOWS\system32\DRIVERS\wg111v3.sys 20:19:37.0484 0140 RTL8187B - ok 20:19:37.0500 0140 SamSs (afb8261b56cba0d86aeb6df682af9785) C:\WINDOWS\system32\lsass.exe 20:19:37.0578 0140 SamSs - ok 20:19:37.0578 0140 SCardSvr (dcec079fad95d36c8dd5cb6d779dfe32) C:\WINDOWS\System32\SCardSvr.exe 20:19:37.0640 0140 SCardSvr - ok 20:19:37.0687 0140 Schedule (a050194a44d7fa8d7186ed2f4e8367ae) C:\WINDOWS\system32\schedsvc.dll 20:19:37.0765 0140 Schedule - ok 20:19:37.0812 0140 Scutum50 (f34c06d1c706a6d9433570b087a18b02) C:\WINDOWS\system32\Drivers\Scutum50.sys 20:19:37.0843 0140 Scutum50 ( UnsignedFile.Multi.Generic ) - warning 20:19:37.0843 0140 Scutum50 - detected UnsignedFile.Multi.Generic (1) 20:19:37.0890 0140 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 20:19:37.0953 0140 Secdrv - ok 20:19:37.0984 0140 seclogon (bee4cfd1d48c23b44cf4b974b0b79b2b) C:\WINDOWS\System32\seclogon.dll 20:19:38.0078 0140 seclogon - ok 20:19:38.0109 0140 SENS (2aac9b6ed9eddffb721d6452e34d67e3) C:\WINDOWS\system32\sens.dll 20:19:38.0171 0140 SENS - ok 20:19:38.0171 0140 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 20:19:38.0250 0140 serenum - ok 20:19:38.0281 0140 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys 20:19:38.0359 0140 Serial - ok 20:19:38.0468 0140 ServiceLayer - ok 20:19:38.0515 0140 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 20:19:38.0593 0140 Sfloppy - ok 20:19:38.0640 0140 SharedAccess (cad058d5f8b889a87ca3eb3cf624dcef) C:\WINDOWS\System32\ipnathlp.dll 20:19:38.0765 0140 SharedAccess - ok 20:19:38.0828 0140 ShellHWDetection (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:19:38.0843 0140 ShellHWDetection - ok 20:19:38.0843 0140 Simbad - ok 20:19:38.0875 0140 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Programme\Skype\Updater\Updater.exe 20:19:38.0890 0140 SkypeUpdate - ok 20:19:38.0921 0140 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys 20:19:38.0984 0140 SLIP - ok 20:19:39.0421 0140 SNPSTD3 (11bb0e11d42cc3a43d741d9b30839be1) C:\WINDOWS\system32\DRIVERS\snpstd3.sys 20:19:39.0921 0140 SNPSTD3 - ok 20:19:40.0031 0140 Sparrow - ok 20:19:40.0046 0140 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 20:19:40.0125 0140 splitter - ok 20:19:40.0140 0140 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 20:19:40.0171 0140 Spooler - ok 20:19:40.0265 0140 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys 20:19:40.0265 0140 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505 20:19:40.0265 0140 sptd ( LockedFile.Multi.Generic ) - warning 20:19:40.0265 0140 sptd - detected LockedFile.Multi.Generic (1) 20:19:40.0265 0140 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys 20:19:40.0328 0140 sr - ok 20:19:40.0390 0140 srservice (fe77a85495065f3ad59c5c65b6c54182) C:\WINDOWS\system32\srsvc.dll 20:19:40.0468 0140 srservice - ok 20:19:40.0500 0140 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 20:19:40.0562 0140 Srv - ok 20:19:40.0593 0140 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\WINDOWS\system32\DRIVERS\sscdbus.sys 20:19:40.0671 0140 sscdbus - ok 20:19:40.0687 0140 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys 20:19:40.0781 0140 sscdmdfl - ok 20:19:40.0796 0140 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys 20:19:40.0828 0140 sscdmdm - ok 20:19:40.0890 0140 SSDPSRV (4df5b05dfaec29e13e1ed6f6ee12c500) C:\WINDOWS\System32\ssdpsrv.dll 20:19:40.0968 0140 SSDPSRV - ok 20:19:41.0000 0140 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\WINDOWS\system32\drivers\StarOpen.sys 20:19:41.0031 0140 StarOpen ( UnsignedFile.Multi.Generic ) - warning 20:19:41.0031 0140 StarOpen - detected UnsignedFile.Multi.Generic (1) 20:19:41.0109 0140 Steam Client Service - ok 20:19:41.0171 0140 stisvc (bc2c5985611c5356b24aeb370953ded9) C:\WINDOWS\system32\wiaservc.dll 20:19:41.0281 0140 stisvc - ok 20:19:41.0312 0140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 20:19:41.0390 0140 streamip - ok 20:19:41.0437 0140 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 20:19:41.0515 0140 swenum - ok 20:19:41.0546 0140 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 20:19:41.0625 0140 swmidi - ok 20:19:41.0625 0140 SwPrv - ok 20:19:41.0625 0140 symc810 - ok 20:19:41.0640 0140 symc8xx - ok 20:19:41.0640 0140 sym_hi - ok 20:19:41.0640 0140 sym_u3 - ok 20:19:41.0687 0140 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 20:19:41.0765 0140 sysaudio - ok 20:19:41.0781 0140 SysmonLog (2903fffa2523926d6219428040dce6b9) C:\WINDOWS\system32\smlogsvc.exe 20:19:41.0843 0140 SysmonLog - ok 20:19:41.0921 0140 TapiSrv (05903cac4b98908d55ea5774775b382e) C:\WINDOWS\System32\tapisrv.dll 20:19:41.0984 0140 TapiSrv - ok 20:19:42.0062 0140 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 20:19:42.0125 0140 Tcpip - ok 20:19:42.0187 0140 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 20:19:42.0218 0140 Tcpip6 - ok 20:19:42.0250 0140 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 20:19:42.0312 0140 TDPIPE - ok 20:19:42.0328 0140 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 20:19:42.0421 0140 TDTCP - ok 20:19:42.0437 0140 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 20:19:42.0500 0140 TermDD - ok 20:19:42.0546 0140 TermService (b7de02c863d8f5a005a7bf375375a6a4) C:\WINDOWS\System32\termsrv.dll 20:19:42.0625 0140 TermService - ok 20:19:42.0671 0140 Themes (2db7d303c36ddd055215052f118e8e75) C:\WINDOWS\System32\shsvcs.dll 20:19:42.0671 0140 Themes - ok 20:19:42.0687 0140 TosIde - ok 20:19:42.0687 0140 TrkWks (626504572b175867f30f3215c04b3e2f) C:\WINDOWS\system32\trkwks.dll 20:19:42.0765 0140 TrkWks - ok 20:19:42.0828 0140 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 20:19:42.0890 0140 tunmp - ok 20:19:42.0906 0140 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 20:19:42.0968 0140 Udfs - ok 20:19:42.0968 0140 ultra - ok 20:19:43.0000 0140 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 20:19:43.0093 0140 Update - ok 20:19:43.0140 0140 upnphost (1dfd8975d8c89214b98d9387c1125b49) C:\WINDOWS\System32\upnphost.dll 20:19:43.0218 0140 upnphost - ok 20:19:43.0218 0140 UPS (9b11e6118958e63e1fef129466e2bda7) C:\WINDOWS\System32\ups.exe 20:19:43.0296 0140 UPS - ok 20:19:43.0343 0140 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 20:19:43.0406 0140 USBAAPL - ok 20:19:43.0437 0140 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 20:19:43.0531 0140 usbccgp - ok 20:19:43.0562 0140 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 20:19:43.0625 0140 usbehci - ok 20:19:43.0625 0140 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 20:19:43.0718 0140 usbhub - ok 20:19:43.0734 0140 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 20:19:43.0796 0140 usbohci - ok 20:19:43.0812 0140 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 20:19:43.0906 0140 usbscan - ok 20:19:43.0921 0140 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 20:19:44.0000 0140 USBSTOR - ok 20:19:44.0000 0140 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 20:19:44.0078 0140 VgaSave - ok 20:19:44.0078 0140 ViaIde - ok 20:19:44.0078 0140 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys 20:19:44.0140 0140 VolSnap - ok 20:19:44.0203 0140 VSS (68f106273be29e7b7ef8266977268e78) C:\WINDOWS\System32\vssvc.exe 20:19:44.0296 0140 VSS - ok 20:19:44.0328 0140 W32Time (7b353059e665f8b7ad2bbeaef597cf45) C:\WINDOWS\system32\w32time.dll 20:19:44.0421 0140 W32Time - ok 20:19:44.0421 0140 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 20:19:44.0500 0140 Wanarp - ok 20:19:44.0546 0140 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys 20:19:44.0593 0140 Wdf01000 - ok 20:19:44.0593 0140 WDICA - ok 20:19:44.0625 0140 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 20:19:44.0703 0140 wdmaud - ok 20:19:44.0734 0140 WebClient (81727c9873e3905a2ffc1ebd07265002) C:\WINDOWS\System32\webclnt.dll 20:19:44.0796 0140 WebClient - ok 20:19:44.0906 0140 winmgmt (6f3f3973d97714cc5f906a19fe883729) C:\WINDOWS\system32\wbem\WMIsvc.dll 20:19:44.0984 0140 winmgmt - ok 20:19:45.0156 0140 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:19:45.0265 0140 wlidsvc - ok 20:19:45.0437 0140 WmBEnum (5d410936831f7fb58eff941eac3f6d3d) C:\WINDOWS\system32\drivers\WmBEnum.sys 20:19:45.0453 0140 WmBEnum - ok 20:19:45.0500 0140 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 20:19:45.0578 0140 WmdmPmSN - ok 20:19:45.0593 0140 WmFilter (7a13cfde92956ca61a0927d766c5ad4f) C:\WINDOWS\system32\drivers\WmFilter.sys 20:19:45.0609 0140 WmFilter - ok 20:19:45.0640 0140 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 20:19:45.0703 0140 WmiAcpi - ok 20:19:45.0750 0140 WmiApSrv (93908111ba57a6e60ec2fa2de202105c) C:\WINDOWS\system32\wbem\wmiapsrv.exe 20:19:45.0828 0140 WmiApSrv - ok 20:19:45.0859 0140 WMPNetworkSvc - ok 20:19:45.0875 0140 WmVirHid (6f04646bc690f8bbfc344be32a60796d) C:\WINDOWS\system32\drivers\WmVirHid.sys 20:19:45.0890 0140 WmVirHid - ok 20:19:45.0890 0140 WmXlCore (1d6ca43d562333f4dfb40bcef2453f3a) C:\WINDOWS\system32\drivers\WmXlCore.sys 20:19:45.0921 0140 WmXlCore - ok 20:19:45.0937 0140 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 20:19:45.0953 0140 WpdUsb - ok 20:19:46.0000 0140 wscsvc (300b3e84faf1a5c1f791c159ba28035d) C:\WINDOWS\system32\wscsvc.dll 20:19:46.0062 0140 wscsvc - ok 20:19:46.0093 0140 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 20:19:46.0187 0140 WSTCODEC - ok 20:19:46.0312 0140 WTGService (d7e88349be0f01e4d8d776adb1f325bf) C:\Programme\Verbindungsassistent\WTGService.exe 20:19:46.0328 0140 WTGService - ok 20:19:46.0375 0140 wuauserv (7b4fe05202aa6bf9f4dfd0e6a0d8a085) C:\WINDOWS\system32\wuauserv.dll 20:19:46.0484 0140 wuauserv - ok 20:19:46.0531 0140 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 20:19:46.0593 0140 WudfPf - ok 20:19:46.0625 0140 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 20:19:46.0640 0140 WudfRd - ok 20:19:46.0687 0140 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 20:19:46.0718 0140 WudfSvc - ok 20:19:46.0781 0140 WZCSVC (c4f109c005f6725162d2d12ca751e4a7) C:\WINDOWS\System32\wzcsvc.dll 20:19:46.0875 0140 WZCSVC - ok 20:19:46.0890 0140 xmlprov (0ada34871a2e1cd2caafed1237a47750) C:\WINDOWS\System32\xmlprov.dll 20:19:47.0046 0140 xmlprov - ok 20:19:47.0062 0140 ZDPSp50 (00ae175b903d45ed4a62384d3315dc2a) C:\WINDOWS\system32\Drivers\ZDPSp50.sys 20:19:47.0093 0140 ZDPSp50 ( UnsignedFile.Multi.Generic ) - warning 20:19:47.0093 0140 ZDPSp50 - detected UnsignedFile.Multi.Generic (1) 20:19:47.0125 0140 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0 20:19:47.0343 0140 \Device\Harddisk0\DR0 - ok 20:19:47.0343 0140 Boot (0x1200) (a7bcecb78623ec80af130fa3381de7c8) \Device\Harddisk0\DR0\Partition0 20:19:47.0343 0140 \Device\Harddisk0\DR0\Partition0 - ok 20:19:47.0343 0140 ============================================================ 20:19:47.0343 0140 Scan finished 20:19:47.0343 0140 ============================================================ 20:19:47.0468 0508 Detected object count: 9 20:19:47.0468 0508 Actual detected object count: 9 20:20:24.0656 0508 AegisP ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 ATI Smart ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 EAPPkt ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 EAPPkt ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 RT73 ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 RT73 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 Scutum50 ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 Scutum50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 sptd ( LockedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:20:24.0656 0508 ZDPSp50 ( UnsignedFile.Multi.Generic ) - skipped by user 20:20:24.0656 0508 ZDPSp50 ( UnsignedFile.Multi.Generic ) - User select action: Skip |
10.02.2013, 20:38 | #9 |
/// Malware-holic | Grauer Bildschirm nach Windowsstart passt. Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.02.2013, 21:00 | #10 |
| Grauer Bildschirm nach Windowsstart Ok hab ich gemacht, aber während dem scan ist windows abgestürzt, blauer Bildschirm mit ner Fehlermeldung. Neu hochgefahren, aber keine .txt von Combofix gefunden. |
10.02.2013, 21:04 | #11 |
/// Malware-holic | Grauer Bildschirm nach Windowsstart starte neu, drücke f8 wähle abgesicherter modus, melde dich in deinem Konto an, versuche Combofix erneut, starte neu, poste bitte den Bericht
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
10.02.2013, 21:35 | #12 |
| Grauer Bildschirm nach Windowsstart Da gibt es mehrere Möglichkeiten im abgesicherten Modus: Microsoft Windows Recovery Console do not select [Debugger aktiviert] Microsoft Windows XP Home Edition ...aber bei letzte Option kommt wieder der blaue Bildschirm und der PC startet neu. Soll ichs im Normalen Modus nochmal versuchen? |
11.02.2013, 12:51 | #13 |
/// Malware-holic | Grauer Bildschirm nach Windowsstart nein. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
13.02.2013, 15:39 | #14 |
| Grauer Bildschirm nach Windowsstart Hat ohne Probleme geklappt. Malwarebytes Anti-Malware 1.70.0.1100 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.02.13.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Knoden :: *** [Administrator] 13.02.2013 13:40:02 mbam-log-2013-02-13 (13-40-02).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 392943 Laufzeit: 1 Stunde(n), 42 Minute(n), 9 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svñhîst (Trojan.Agent) -> Daten: %USERPROFILE%\wgsdgsdgdsgsd.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Dokumente und Einstellungen\Knoden\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\6.0\24\60701698-2cdccae7 (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\02102013_200343\C_Dokumente und Einstellungen\Knoden\wgsdgsdgdsgsd.exe (Trojan.Ransom.ED) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
13.02.2013, 18:03 | #15 |
/// Malware-holic | Grauer Bildschirm nach Windowsstart hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Grauer Bildschirm nach Windowsstart |
bildschirm, fenster, grauer, grauer bildschirm, komplette, kompletten, natürlich, problem, sekunden, strom, systems, systemstart, vordergrund, vorgehen, wenige, wenigen, windowsstart, öffnet |