| |
| |||||||
Log-Analyse und Auswertung: gvu Trojaner mit webcam Bild, Windows XPWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.08.2013, 10:40
| #1 |
| |  gvu Trojaner mit webcam Bild, Windows XP Guten Morgen Trojaner Board Team, auch ich bin seit 2 Tagen glücklicher Besitzer des GVU Trojaners. Über die an einem anderen Rechner erstellte OTLPE-CD, bin ich wieder auf den infizierten Rechner gelangt. In bester Hoffnung, dass Ihr mir helfen könnte, hänge ich die beiden logfiles an: Code:
ATTFilter OTL logfile created on: 8/3/2013 8:44:10 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111.79 Gb Total Space | 88.28 Gb Free Space | 78.97% Space Free | Partition Type: NTFS
Drive D: | 111.78 Gb Total Space | 63.98 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/08/07 09:51:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/07 18:55:54 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/01/18 02:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto] -- C:\Programme\Gemeinsame Dateien\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
========== Driver Services (SafeList) ==========
DRV - [2012/01/18 02:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech HD Webcam C310(UVC)
DRV - [2012/01/18 02:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/05/14 18:04:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/05/14 18:02:14 | 000,114,784 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvpopflt.sys -- (lvpopflt)
DRV - [2010/05/07 13:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/06/26 12:21:02 | 001,956,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2009/05/07 17:15:47 | 000,639,224 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/04/13 14:45:36 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irbus.sys -- (IrBus)
DRV - [2006/09/25 16:44:30 | 000,113,152 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/09/12 14:27:00 | 004,381,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/07/03 10:11:20 | 000,217,600 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sis163u.sys -- (SIS163u)
DRV - [2006/06/18 18:38:18 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/05/09 11:20:40 | 000,013,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/05/09 11:20:38 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/03/07 00:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2005/09/09 13:56:14 | 000,006,144 | ---- | M] (hxxp://www.internals.com) [Kernel | System] -- C:\WINDOWS\system32\WinIo.sys -- (WINIO)
DRV - [2004/03/26 16:32:54 | 000,031,744 | ---- | M] () [Kernel | On_Demand] -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Temp\krdpdre.sys -- (krdpdre)
DRV - [2003/11/30 22:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\ud_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\ud_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\ud_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\ud_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\ud_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\ud_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Programme\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Programme\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/12/10 04:09:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Programme\Java\jre6\lib\deploy\jqs\ff [2012/08/04 17:03:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013/05/07 18:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2013/05/07 18:55:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/05/07 18:55:54 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/05/07 18:55:55 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2006/06/30 19:52:22 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006/06/30 19:52:22 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2006/06/30 19:52:22 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2006/06/30 19:52:22 | 000,002,669 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\google.xml
[2006/06/30 19:52:22 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2006/06/30 19:52:22 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2006/06/30 19:52:22 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004/08/10 15:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Deals Plugin Extension) - {11111111-1111-1111-1111-110211181106} - C:\Programme\Deals Plugin Extension\Deals Plugin Extension.dll (Innovative Apps)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\ud_ON_C\..\Toolbar\ShellBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ud_ON_C\..\Toolbar\WebBrowser: (&Adresse) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKU\ud_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FuncKey] C:\Programme\Hotkey Management\FuncKey.exe ()
O4 - HKLM..\Run: [LWS] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PowerManager] C:\Programme\Power Manager\PM.exe ()
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\systemprofile_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\ud_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\ud_ON_C..\Run: [Messenger (Yahoo!)] C:\Programme\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\ud_ON_C..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Temp\ivledesmviiqjlwvj.exe ()
O4 - HKU\ud_ON_C..\Run: [Updater21806.exe] C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\Updater21806\Updater21806.exe (Innovative Apps)
O4 - Startup: C:\Dokumente und Einstellungen\ud\Startmenü\Programme\Autostart\AutorunsDisabled [2012/11/27 07:31:55 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ud_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\ud_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.69.103.78 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\AutorunsDisabled\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\ud_ON_C Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/02 16:02:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/07/31 18:20:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Yahoo! Companion
[2013/07/31 18:20:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Yahoo! Messenger
[2013/07/30 14:08:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Railroad Tycoon 3
[2013/07/26 14:15:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MRT
[2013/07/25 10:50:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\Logitech® Webcam-Software
[2013/07/23 08:09:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\WRPSoft
[2013/07/23 08:09:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ud\Eigene Dateien\CicloTour
[2013/07/23 08:09:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CicloTour4.3
[2013/07/21 12:29:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2013/07/21 12:29:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\Microsoft Corporation
[2013/07/21 12:28:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Windows 7 Upgrade Advisor
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/08/07 09:51:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/08/07 09:51:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/08/07 09:51:23 | 017,617,288 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/08/03 08:44:11 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.dat
[2013/07/31 19:53:48 | 001,084,736 | ---- | M] () -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\2433f433
[2013/07/31 19:53:48 | 001,084,701 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/07/31 19:53:47 | 001,084,709 | ---- | M] () -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/31 19:51:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/31 18:20:29 | 000,000,800 | ---- | M] () -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/07/31 18:20:29 | 000,000,782 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Yahoo! Messenger.lnk
[2013/07/31 18:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Yahoo! Messenger
[2013/07/30 16:50:37 | 000,001,062 | ---- | M] () -- C:\Dokumente und Einstellungen\ud\Desktop\CicloTour.dat
[2013/07/30 16:50:37 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\ud\Desktop\CicloTour.sul
[2013/07/30 16:36:51 | 000,001,275 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Logitech Webcam Software .lnk
[2013/07/30 16:36:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Logitech
[2013/07/30 14:11:24 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2013/07/30 14:08:11 | 000,000,263 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Railroad Tycoon 3.lnk
[2013/07/30 14:08:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Railroad Tycoon 3
[2013/07/27 07:56:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2013/07/23 09:59:00 | 000,002,333 | ---- | M] () -- C:\Dokumente und Einstellungen\ud\Eigene Dateien\ciclo22.odb
[2013/07/23 09:00:07 | 000,002,332 | ---- | M] () -- C:\Dokumente und Einstellungen\ud\Eigene Dateien\ciclo.odb
[2013/07/23 08:09:21 | 000,000,607 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CicloTour.lnk
[2013/07/23 08:09:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CicloTour4.3
[2013/07/21 12:28:43 | 000,001,840 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows 7 Upgrade Advisor.lnk
[2013/07/21 12:28:43 | 000,001,834 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/07/19 05:26:57 | 001,271,210 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2013/07/19 05:26:57 | 000,538,498 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013/07/19 05:26:57 | 000,511,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/07/19 05:26:57 | 000,110,770 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013/07/19 05:26:57 | 000,094,254 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/07/18 08:04:18 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/18 08:04:18 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/14 07:56:45 | 000,168,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/07/14 02:36:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/07/14 02:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Silverlight
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[34 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/31 19:53:48 | 001,084,736 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\2433f433
[2013/07/31 19:53:47 | 001,084,709 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/31 19:53:47 | 001,084,701 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/07/31 18:20:29 | 000,000,800 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk
[2013/07/31 18:20:29 | 000,000,782 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Yahoo! Messenger.lnk
[2013/07/30 14:09:33 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2013/07/30 14:08:11 | 000,000,263 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Railroad Tycoon 3.lnk
[2013/07/23 09:00:31 | 000,002,333 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\Eigene Dateien\ciclo22.odb
[2013/07/23 08:09:21 | 000,000,607 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CicloTour.lnk
[2013/07/21 12:28:43 | 000,001,834 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2013/07/21 12:28:42 | 000,001,840 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Windows 7 Upgrade Advisor.lnk
[2012/12/08 10:22:48 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/12/08 10:22:48 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/12/08 10:22:21 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/12/08 10:22:21 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2012/12/08 10:21:01 | 000,033,019 | ---- | C] () -- C:\WINDOWS\System32\CoreAAC-uninstall.exe
[2012/02/21 13:31:13 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/13 12:27:30 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2011/08/12 06:20:14 | 000,015,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2011/07/29 16:59:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/13 19:45:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/10 17:52:41 | 006,291,456 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\ntuser.dat
[2010/11/10 17:52:41 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.dat
[2010/09/26 05:27:28 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2010/08/25 03:48:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\distlib.ini
[2010/05/14 17:56:06 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/05/14 17:56:06 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/05/14 17:55:58 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/14 17:47:00 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/05/07 13:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2010/03/18 03:25:12 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/18 03:19:59 | 000,000,085 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2010/02/28 10:42:02 | 000,001,534 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ss.ini
[2009/06/26 12:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2009/04/24 17:11:50 | 000,017,920 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/24 18:48:10 | 000,077,925 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/11 18:07:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/14 14:46:11 | 000,249,856 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\ntuser.dat
[2008/12/03 19:40:37 | 000,028,352 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2008/12/02 19:46:08 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/12/02 19:46:08 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2008/12/02 19:46:08 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/12/02 19:46:08 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2008/12/02 19:46:08 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/12/02 19:46:08 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/12/02 19:46:08 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2008/12/02 19:46:08 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2008/12/02 18:13:03 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/12/02 17:13:53 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\unwlsdrv.exe
[2008/12/02 16:47:17 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2008/12/02 16:43:14 | 006,903,548 | -H-- | C] () -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2008/12/02 16:40:37 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/12/02 16:40:37 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/12/02 16:17:53 | 000,000,135 | ---- | C] () -- C:\Dokumente und Einstellungen\ud\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008/12/02 16:16:22 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\ud\ntuser.ini
[2008/12/02 16:14:30 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\LocalService\ntuser.ini
[2008/12/02 16:14:16 | 000,000,020 | -HS- | C] () -- C:\Dokumente und Einstellungen\NetworkService\ntuser.ini
[2008/12/02 16:14:15 | 000,233,472 | ---- | C] () -- C:\Dokumente und Einstellungen\NetworkService\NTUSER.DAT
[2008/12/02 16:12:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/12/02 16:06:28 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/12/02 16:02:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\control.ini
[2008/12/02 16:00:06 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2008/12/02 15:59:56 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2008/12/02 15:56:17 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/12/02 15:56:04 | 000,000,037 | ---- | C] () -- C:\WINDOWS\vbaddin.ini
[2008/12/02 15:56:04 | 000,000,036 | ---- | C] () -- C:\WINDOWS\vb.ini
[2008/12/02 15:52:57 | 000,027,055 | ---- | C] () -- C:\WINDOWS\System32\tslabels.ini
[2008/12/02 15:52:56 | 000,003,999 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.ini
[2008/12/02 15:44:10 | 001,271,210 | ---- | C] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/02 15:44:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/12/02 15:42:50 | 000,168,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/06/29 09:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 09:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 10:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 10:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2005/08/05 09:26:04 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/08/10 15:00:00 | 001,015,477 | ---- | C] () -- C:\WINDOWS\System32\esentprf.ini
[2004/08/10 15:00:00 | 000,733,696 | ---- | C] () -- C:\WINDOWS\System32\qedwipes.dll
[2004/08/10 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 15:00:00 | 000,538,498 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004/08/10 15:00:00 | 000,511,610 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 15:00:00 | 000,456,192 | ---- | C] () -- C:\WINDOWS\System32\encdec.dll
[2004/08/10 15:00:00 | 000,355,112 | ---- | C] () -- C:\WINDOWS\System32\msjetoledb40.dll
[2004/08/10 15:00:00 | 000,291,840 | ---- | C] () -- C:\WINDOWS\System32\sbe.dll
[2004/08/10 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 15:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/10 15:00:00 | 000,253,440 | ---- | C] () -- C:\WINDOWS\System32\compatui.dll
[2004/08/10 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 15:00:00 | 000,199,168 | ---- | C] () -- C:\WINDOWS\System32\ir32_32.dll
[2004/08/10 15:00:00 | 000,110,770 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004/08/10 15:00:00 | 000,094,282 | ---- | C] () -- C:\WINDOWS\System32\msencode.dll
[2004/08/10 15:00:00 | 000,094,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 15:00:00 | 000,071,022 | ---- | C] () -- C:\WINDOWS\System32\edit.com
[2004/08/10 15:00:00 | 000,070,656 | ---- | C] () -- C:\WINDOWS\System32\amstream.dll
[2004/08/10 15:00:00 | 000,054,128 | ---- | C] () -- C:\WINDOWS\System32\dosx.exe
[2004/08/10 15:00:00 | 000,053,478 | ---- | C] () -- C:\WINDOWS\System32\tcpmon.ini
[2004/08/10 15:00:00 | 000,052,777 | ---- | C] () -- C:\WINDOWS\System32\command.com
[2004/08/10 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 15:00:00 | 000,042,809 | ---- | C] () -- C:\WINDOWS\System32\key01.sys
[2004/08/10 15:00:00 | 000,042,537 | ---- | C] () -- C:\WINDOWS\System32\keyboard.sys
[2004/08/10 15:00:00 | 000,039,546 | ---- | C] () -- C:\WINDOWS\System32\mem.exe
[2004/08/10 15:00:00 | 000,035,648 | ---- | C] () -- C:\WINDOWS\System32\ntio411.sys
[2004/08/10 15:00:00 | 000,035,424 | ---- | C] () -- C:\WINDOWS\System32\ntio412.sys
[2004/08/10 15:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio804.sys
[2004/08/10 15:00:00 | 000,034,560 | ---- | C] () -- C:\WINDOWS\System32\ntio404.sys
[2004/08/10 15:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/10 15:00:00 | 000,034,032 | ---- | C] () -- C:\WINDOWS\System32\ntio.sys
[2004/08/10 15:00:00 | 000,029,370 | ---- | C] () -- C:\WINDOWS\System32\ntdos411.sys
[2004/08/10 15:00:00 | 000,029,274 | ---- | C] () -- C:\WINDOWS\System32\ntdos412.sys
[2004/08/10 15:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos804.sys
[2004/08/10 15:00:00 | 000,029,146 | ---- | C] () -- C:\WINDOWS\System32\ntdos404.sys
[2004/08/10 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 15:00:00 | 000,027,914 | ---- | C] () -- C:\WINDOWS\System32\ntdos.sys
[2004/08/10 15:00:00 | 000,027,097 | ---- | C] () -- C:\WINDOWS\System32\country.sys
[2004/08/10 15:00:00 | 000,021,542 | ---- | C] () -- C:\WINDOWS\System32\mqperf.ini
[2004/08/10 15:00:00 | 000,021,210 | ---- | C] () -- C:\WINDOWS\System32\debug.exe
[2004/08/10 15:00:00 | 000,019,726 | ---- | C] () -- C:\WINDOWS\System32\graphics.com
[2004/08/10 15:00:00 | 000,017,241 | ---- | C] () -- C:\WINDOWS\System32\rsvp.ini
[2004/08/10 15:00:00 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\tsd32.dll
[2004/08/10 15:00:00 | 000,014,816 | ---- | C] () -- C:\WINDOWS\System32\kb16.com
[2004/08/10 15:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo.dll
[2004/08/10 15:00:00 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\msdmo(2).dll
[2004/08/10 15:00:00 | 000,014,060 | ---- | C] () -- C:\WINDOWS\System32\pschdprf.ini
[2004/08/10 15:00:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\win87em.dll
[2004/08/10 15:00:00 | 000,013,026 | ---- | C] () -- C:\WINDOWS\System32\edlin.exe
[2004/08/10 15:00:00 | 000,012,610 | ---- | C] () -- C:\WINDOWS\System32\append.exe
[2004/08/10 15:00:00 | 000,011,903 | ---- | C] () -- C:\WINDOWS\System32\setver.exe
[2004/08/10 15:00:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\scriptpw.dll
[2004/08/10 15:00:00 | 000,009,032 | ---- | C] () -- C:\WINDOWS\System32\ansi.sys
[2004/08/10 15:00:00 | 000,008,584 | ---- | C] () -- C:\WINDOWS\System32\exe2bin.exe
[2004/08/10 15:00:00 | 000,007,084 | ---- | C] () -- C:\WINDOWS\System32\nlsfunc.exe
[2004/08/10 15:00:00 | 000,006,287 | ---- | C] () -- C:\WINDOWS\System32\rasctrs.ini
[2004/08/10 15:00:00 | 000,004,992 | ---- | C] () -- C:\WINDOWS\System32\himem.sys
[2004/08/10 15:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 15:00:00 | 000,004,438 | ---- | C] () -- C:\WINDOWS\System32\perfci.ini
[2004/08/10 15:00:00 | 000,004,233 | ---- | C] () -- C:\WINDOWS\System32\perfwci.ini
[2004/08/10 15:00:00 | 000,003,358 | ---- | C] () -- C:\WINDOWS\System32\redir.exe
[2004/08/10 15:00:00 | 000,003,262 | ---- | C] () -- C:\WINDOWS\System32\nw16.exe
[2004/08/10 15:00:00 | 000,002,656 | ---- | C] () -- C:\WINDOWS\System32\netware.drv
[2004/08/10 15:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 15:00:00 | 000,001,783 | ---- | C] () -- C:\WINDOWS\System32\perffilt.ini
[2004/08/10 15:00:00 | 000,001,405 | ---- | C] () -- C:\WINDOWS\msdfmap.ini
[2004/08/10 15:00:00 | 000,001,273 | ---- | C] () -- C:\WINDOWS\System32\loadfix.com
[2004/08/10 15:00:00 | 000,001,157 | ---- | C] () -- C:\WINDOWS\System32\vwipxspx.exe
[2004/08/10 15:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\share.exe
[2004/08/10 15:00:00 | 000,000,882 | ---- | C] () -- C:\WINDOWS\System32\fastopen.exe
[2004/08/10 15:00:00 | 000,000,817 | ---- | C] () -- C:\WINDOWS\System32\mscdexnt.exe
[2004/08/10 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 15:00:00 | 000,000,566 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/10 15:00:00 | 000,000,369 | ---- | C] () -- C:\WINDOWS\System32\prodspec.ini
[2004/08/10 15:00:00 | 000,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/07/30 05:48:28 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/30 04:49:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 00:54:50 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\dvdplay.exe
[2001/08/18 00:54:08 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\paqsp.dll
[2001/03/30 16:58:36 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\Property.dll
========== LOP Check ==========
[2011/12/13 12:26:16 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\Application Updater
[2012/12/08 17:50:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\AnvSoft
[2009/04/24 09:56:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\Ashampoo
[2012/11/28 03:24:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\DriverCure
[2012/12/08 17:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\DVDVideoSoft
[2009/11/30 17:44:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\ifolor
[2009/03/11 17:49:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\JLC's Software
[2010/11/20 16:21:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\Leadertech
[2013/05/13 11:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\LibreOffice
[2009/04/10 16:50:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\MSNInstaller
[2013/05/31 16:26:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\ooVoo Details
[2012/11/18 09:10:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\OpenCandy
[2009/02/19 18:24:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\OpenOffice.org
[2010/03/23 16:13:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\Opera
[2013/02/20 13:19:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\RavensburgerTipToi
[2009/12/05 08:09:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\ScreenSeven
[2012/11/28 03:24:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\SpeedyPC Software
[2012/11/28 03:18:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\Systweak
[2012/11/18 09:12:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\TuneUp Software
[2013/07/23 08:09:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\ud\Anwendungsdaten\WRPSoft
[2012/11/20 14:15:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Alawar Stargaze
[2009/04/24 09:56:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ashampoo
[2012/11/18 09:11:33 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2009/03/24 18:44:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeRIP
[2010/09/11 12:14:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ifolor
[2010/10/13 14:32:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2013/02/20 13:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RavensburgerTipToi
[2012/11/28 03:33:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SpeedyPC Software
[2011/12/15 16:27:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2012/11/18 09:12:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012/11/18 09:11:33 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
========== Purity Check ==========
< End of report >
Code:
ATTFilter OTL Extras logfile created on: 8/3/2013 8:44:10 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 88.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 111.79 Gb Total Space | 88.28 Gb Free Space | 78.97% Space Free | Partition Type: NTFS
Drive D: | 111.78 Gb Total Space | 63.98 Gb Free Space | 57.24% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Programme\Opera\opera.exe" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Bilder-Planet Fotoservice] -- "E:\fotto\Bilder-Planet Fotoservice\Bilder-Planet Fotoservice.exe" "%1"
Directory [CEWE FOTOSCHAU] -- "E:\fotto\Bilder-Planet Fotoservice\CEWE FOTOSCHAU.exe" -d "%1"
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Programme\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"E:\internet\fussball\TVUPlayer\TVUPlayer.exe" = E:\internet\fussball\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"C:\Programme\TVUPlayer\TVUPlayer.exe" = C:\Programme\TVUPlayer\TVUPlayer.exe:*:Enabled:TVUPlayer Component
"E:\film\Zattoo\Zattoo1.exe" = E:\film\Zattoo\Zattoo1.exe:*:Enabled:
"E:\internet\yahoo\Messenger\YahooMessenger.exe" = E:\internet\yahoo\Messenger\YahooMessenger.exe:*:Disabled:Yahoo! Messenger
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"E:\internet\fussball\PPLive\PPLive.exe" = E:\internet\fussball\PPLive\PPLive.exe:*:Disabled:PPLive
"E:\internet\webdde\MESSENGR.EXE" = E:\internet\webdde\MESSENGR.EXE:*:Disabled:WEB.DE MultiMessenger
"C:\Programme\NetMeeting\conf.exe" = C:\Programme\NetMeeting\conf.exe:*:Disabled:Windows® NetMeeting® -- (Microsoft Corporation)
"E:\film\Zattoo\zattood.exe" = E:\film\Zattoo\zattood.exe:*:Disabled:zattood
"C:\Programme\Messenger\msmsgs.exe" = C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"E:\film\PPLive\PPLive.exe" = E:\film\PPLive\PPLive.exe:*:Enabled:PPLive
"C:\Programme\Yahoo!\Messenger\YahooMessenger.exe" = C:\Programme\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
"E:\internet\mee\Messenger\YahooMessenger.exe" = E:\internet\mee\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Programme\Logitech\Vid HD\Vid.exe" = C:\Programme\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"E:\rtii\logit\Vid\Vid.exe" = E:\rtii\logit\Vid\Vid.exe:*:Enabled:Logitech Vid HD
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 37
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.61
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7E9FB5B-626B-49D9-A99C-7BFA63C222D3}" = Railroad Tycoon II - Platinum
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{DE29025A-091F-4998-AD2D-24C84421190F}" = Railroad Tycoon 3
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EBCCE08A-B3EE-40E7-96D7-31741D481015}" = No One Lives Forever 2
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F77ED0CD-2E5E-4FC7-82E0-BB7D461E739F}" = LibreOffice 4.0.3.3
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe Digital Editions 2.0" = Adobe Digital Editions 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 6_is1" = Ashampoo Photo Commander 6.60
"Avi2Dvd" = Avi2Dvd 0.6.4
"AviSynth" = AviSynth 2.5
"Bilder-Planet Fotoservice" = Bilder-Planet Fotoservice
"CicloTour_is1" = CicloTour 4.3
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F10001" = HDAUDIO Soft Data Fax Modem with SmartCP
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Deals Plugin Extension" = Deals Plugin Extension
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Google Updater" = Google Updater
"HaaliMkx" = Haali Media Splitter
"Hotkey 1.1.7_is1" = Hotkey 1.1.7
"Logitech Vid" = Logitech Vid HD
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Opera 12.13.1734" = Opera 12.13
"Power Manager_is1" = Power Manager 2.1.4
"Ravensburger tiptoi" = Ravensburger tiptoi
"SiS163u" = Fujitsu Siemens Computers WLAN 802.11b/g (SiS163u)
"VLC media player" = VLC media player 0.9.8a
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
< End of report >
|
| Themen zu gvu Trojaner mit webcam Bild, Windows XP |
| adobe, besitzer, bho, desktop, einstellungen, error, explorer, firefox, flash player, format, ftp, helper, infizierte, internet browser, mozilla, object, plug-in, realtek, registry, rundll, scan, schannel.dll, temp, trojaner, trojaner board, udp, windows, windows xp, wlan, wrapper |
Baum-Darstellung