Nach BKA Virus und OTLPE Bootstart und der Entfernung mit Virenscanner Meldung chkdsk ausführen?

Disco · 29.09.2013, 22:59

Hilfe!
habe den BKA Tojaner auf meinem System (Windows XP)
konnte über die OTLPE Boot diskete wieder ins Sysmtem habe dann den CC-Cleaner vom USB-Stick aktiviert (der scanvorgang hat 8,5 Std. getauert) hat auch sage und schreibe 44 schadhafte softwarefehler erkannt. habe die dann alle über den cleaner entfernt.
So jetzt startet windwos bis zu meinem bnutzer login und bringt dann laufend die meldung das ich chkdsk starten soll, da irgenwelche Fehrerhafte Dateiein im Systemstart sind. Nach dem clicken auf mein benutzerlogo wird kurz angezeigt das die Benutzerdaten geladen werden aber gleich darauf werde ich wieder abgemeldet und ich kann nur den Computer runterfahren.
Wie starte ich aber chkdsk wenn windows garnicht startet?

Danke im vorraus.

ps. über die OTLPE REATOGO-X-PE kann ich starten

Habe jetzt nach dem Start vom Computer über F8 Taste chkdsk ausführen können. Hat auch alles bereinigt und was wiederherzustellen war wieder hergestellt und anderes gelöscht. Nach start vom computer, wenn ich mein benutzer ICON anclicke kommt auch kurz die Meldung Benutzereinstellungen werden geladen dann erfoglt aber wieder sofort die Abmeldung?

schrauber · 30.09.2013, 07:49

hi,

poste mal ein OTLPE Logfile.

Disco · 30.09.2013, 10:04

Hallo danke für die schnelle Antwort.
Hier Die Dateien Extras.txt und OTL Teil 1 und zwei

Gruß Disco

schrauber · 30.09.2013, 16:54

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Disco · 30.09.2013, 18:38

OK Danke ich versuchs nochmal

Gruß Disco

Code:

ATTFilter

OTL logfile created on: 10/1/2013 6:26:15 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511.00 Mb Total Physical Memory | 277.00 Mb Available Physical Memory | 54.00% Memory free
459.00 Mb Paging File | 334.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.55 Gb Total Space | 21.77 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive D: | 68.64 Gb Total Space | 24.30 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 2.22 Gb Free Space | 37.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2013/09/20 10:05:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/25 18:33:12 | 000,261,200 | ---- | M] (Total Defense, Inc.) [On_Demand] -- C:\Programme\MSC\MSC Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2012/10/25 18:33:12 | 000,207,952 | ---- | M] (Total Defense, Inc.) [Auto] -- C:\Programme\MSC\MSC Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2012/10/25 18:33:04 | 000,210,248 | ---- | M] (CA) [Auto] -- C:\Programme\MSC\MSC Internet Security Suite\MSC Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/10/18 09:04:37 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto] -- C:\Programme\MSC\MSC Internet Security Suite\MSC Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/04/04 06:42:28 | 000,662,096 | ---- | M] (CA) [Auto] -- C:\Programme\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2009/03/11 08:28:22 | 000,078,696 | ---- | M] () [Auto] -- C:\Programme\MySecurityCenter\Programs\Service.exe -- (MySecurityCenter License Service)
SRV - [2006/12/23 11:54:04 | 000,262,144 | ---- | M] (Nero AG) [Disabled] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 10:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/11/17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/03/04 06:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005/03/04 06:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/07/16 20:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | Boot] --  -- (ElbyVCD)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/10/27 10:07:50 | 000,170,064 | ---- | M] (Total Defense) [File_System | Boot] -- C:\WINDOWS\system32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/10/26 06:51:22 | 000,083,536 | ---- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/09/06 16:03:36 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2011/09/06 16:03:36 | 000,123,984 | ---- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2010/11/06 05:56:02 | 000,005,248 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2007/08/29 11:33:42 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2007/02/28 01:38:22 | 000,091,008 | ---- | M] (OMNIKEY) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2006/09/22 11:40:29 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/07 12:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/02/22 09:49:36 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/07/28 03:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/27 23:30:54 | 000,079,232 | ---- | M] (Inmax Technology Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Imx5123.sys -- (Imx5123)
DRV - [2004/04/09 11:55:50 | 000,017,456 | ---- | M] (Paragon Software Group) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2003/08/07 10:36:48 | 000,362,688 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2003/07/16 02:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/06/12 02:47:42 | 000,024,704 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2003/06/05 02:04:22 | 000,350,752 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
DRV - [2003/05/22 11:44:44 | 000,670,203 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2003/04/18 21:14:48 | 000,732,416 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ISDN_u.sys -- (ISDN_u)
DRV - [2003/03/20 09:01:46 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/13 04:41:58 | 000,026,435 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2002/10/22 07:58:06 | 000,040,448 | ---- | M] (Susteen Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SUSCOM.SYS -- (SUSCOM)
DRV - [2002/04/17 14:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2001/11/14 12:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2000/07/23 20:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
DRV - [1998/03/03 08:55:58 | 000,040,480 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mgnt.sys -- (MicroGuard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator.COMPUTERNAME_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Administrator.COMPUTERNAME_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.urspringen.de/
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
 
 
O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Programme\MSC\MSC Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)
O4 - HKLM..\Run: [Copy Handler]  File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [KB3442917]  File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Microsoft Works Update Detection]  File not found
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)
O4 - HKLM..\Run: [setc] C:\Programme\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Administrator.COMPUTERNAME_ON_C..\Run: [AOLMIcon]  File not found
O4 - HKU\Pipesmoker_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Pipesmoker_ON_C..\Run: [DataSync Outlook] C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe (O3SIS AG)
O4 - HKU\Pipesmoker_ON_C..\Run: [KB3442917]  File not found
O4 - HKU\Pipesmoker_ON_C..\Run: [llmxipjj]  File not found
O4 - HKU\Pipesmoker_ON_C..\Run: [ooevyprr]  File not found
O4 - HKU\Administrator.COMPUTERNAME_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\Pipesmoker\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Pipesmoker\Startmenü\Programme\Autostart\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3442917 = "C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917\KB3442917.exe"
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTERNAME_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3442917 = "C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917\KB3442917.exe"
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///F:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {30FC2FD9-1AB1-4638-B3D2-434B7CB11AD5} https://nlhomevpn.vsvpn.com/tarantella/java/getcompname.cab (Netilla Get Computer Name Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///F:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348420498937 (WUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///F:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37884.393599537 (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} hxxp://express.foto.com/SFUploader/SpeedUploader.cab (Foto.com SpeedUploader 1.0 Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.3
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917\KB3442917.exe") -  File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 1.bmp
O27 - HKLM IFEO\userinit.exe: Debugger - C:\WINDOWS\system32\videopdns.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/20 10:50:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Identities
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Help
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Cyberlink
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Ahead
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Adobe
[2013/09/30 01:07:57 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft
[2013/09/30 01:07:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Favoriten
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Videos
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene TV Aufzeichnungen
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Tabellen
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Musik
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Downloads
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Dokumente
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Bilder
[2013/09/30 01:07:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Cookies
[2013/09/30 01:07:57 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Druckumgebung
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Real
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\Help
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Desktop
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2013/09/30 01:07:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\UserData
[2013/09/30 01:07:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\SendTo
[2013/09/30 01:07:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Recent
[2013/09/30 01:07:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Zubehör
[2013/09/30 01:07:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü
[2013/09/30 01:07:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Autostart
[2013/09/30 01:07:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Vorlagen
[2013/09/30 01:07:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Netzwerkumgebung
[2013/09/30 01:07:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\Powercinema
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\AOL
[2013/09/29 22:46:41 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/09/29 13:02:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\LocalService\Recent
[2013/09/28 05:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917
[2013/09/20 10:05:06 | 003,723,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/09/18 10:33:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pipesmoker\Eigene Dateien\FONIC-Mobiles Internet
[2004/11/29 15:07:07 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll
[2004/09/08 03:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/09/30 16:19:24 | 000,049,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2013/09/30 16:19:24 | 000,048,225 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2013/09/30 16:19:24 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2013/09/30 16:19:24 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2013/09/30 16:19:24 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2013/09/30 16:19:24 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2013/09/30 16:19:24 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2013/09/30 16:19:24 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2013/09/30 16:19:24 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2013/09/30 16:19:24 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2013/09/30 16:19:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/09/30 16:17:20 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/30 16:09:16 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/30 16:09:10 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2013/09/30 16:08:50 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/29 10:36:48 | 002,209,056 | ---- | M] () -- C:\avira-eu-cleaner_de.exe
[2013/09/29 05:15:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/28 13:05:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/28 02:29:14 | 000,066,222 | ---- | M] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\wklnhst.dat
[2013/09/20 10:05:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 10:05:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/20 10:05:06 | 003,723,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/09/12 06:55:51 | 000,739,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/12 03:33:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/04 08:21:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/30 13:50:26 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/30 01:08:10 | 000,000,788 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/09/30 01:08:10 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Browser starten.lnk
[2013/09/30 01:08:10 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2013/09/30 01:08:01 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/30 01:08:01 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2013/09/30 01:07:59 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Remoteunterstützung.lnk
[2013/09/30 01:07:59 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Internet Explorer.lnk
[2013/09/30 01:07:59 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Outlook Express.lnk
[2013/09/29 13:48:34 | 002,209,056 | ---- | C] () -- C:\avira-eu-cleaner_de.exe
[2013/07/04 12:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2013/07/04 12:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2013/03/21 10:29:42 | 000,207,928 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2013/03/21 10:29:42 | 000,138,808 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2013/03/21 10:29:42 | 000,074,808 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2013/03/21 10:29:40 | 000,319,032 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012/02/16 01:13:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/02 07:12:30 | 000,000,048 | ---- | C] () -- C:\WINDOWS\lic_key.dat
[2011/09/02 07:02:07 | 000,000,463 | ---- | C] () -- C:\WINDOWS\mbcase.uninst.ini
[2011/05/13 04:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2011/05/13 04:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2011/05/13 04:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2011/01/29 05:48:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/26 15:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\geotrans2d.INI
[2010/11/26 15:41:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\geotrans2.INI
[2010/11/06 05:56:02 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2010/11/05 07:32:11 | 000,000,142 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/11/05 07:32:11 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/11/05 07:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/11/05 07:32:02 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/11/05 07:32:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/11/05 07:32:01 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/11/05 07:31:59 | 000,009,015 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2010/11/05 07:31:00 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/11/05 07:31:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2070N.DAT
[2009/05/09 12:31:38 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/28 06:35:31 | 000,000,207 | ---- | C] () -- C:\WINDOWS\BECIF.INI
[2009/04/28 06:32:50 | 000,000,100 | ---- | C] () -- C:\WINDOWS\BECUPDATE.INI
[2009/04/28 06:30:26 | 000,001,433 | ---- | C] () -- C:\WINDOWS\BEC.INI
[2008/12/18 11:44:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/12/18 11:44:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008/02/11 10:24:42 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA110VC8.dll
[2008/01/18 09:25:06 | 000,000,412 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2007/11/20 13:49:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2007/09/16 16:25:42 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/09/15 03:22:27 | 000,038,888 | ---- | C] () -- C:\WINDOWS\RBKSETUP.EXE
[2007/09/11 09:33:26 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007/06/28 18:21:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/28 12:43:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/06/26 13:51:47 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll
[2007/06/26 13:51:47 | 000,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini
[2007/06/26 13:51:47 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini
[2007/03/10 15:04:09 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC7.dll
[2007/03/10 15:04:09 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2007/02/19 08:12:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll
[2007/01/28 14:54:47 | 000,000,130 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2006/11/04 18:16:26 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC8.dll
[2006/10/22 04:44:41 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2006/09/22 11:48:26 | 000,000,092 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos_dlx.INI
[2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2006/04/28 16:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/07 14:37:11 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/02/22 09:49:36 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/02/22 09:49:33 | 000,040,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\mgnt.sys
[2006/01/10 10:56:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/01/07 13:31:17 | 000,000,034 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2006/01/07 13:31:15 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2006/01/07 13:29:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2005/12/09 11:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/09 07:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005/11/09 07:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005/11/09 07:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005/08/10 08:21:49 | 000,000,006 | ---- | C] () -- C:\WINDOWS\mk32.dll
[2005/08/10 08:21:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\mk16.dll
[2005/08/08 08:42:12 | 001,270,784 | ---- | C] () -- C:\WINDOWS\System32\pwrpdfuid.dll
[2005/08/08 08:42:12 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll
[2005/05/31 01:43:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/23 08:31:47 | 000,001,260 | ---- | C] () -- C:\WINDOWS\IMG2PDF.ini
[2005/03/22 09:59:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/11 18:01:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PezDownload.INI
[2005/03/11 09:02:31 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Picture Easy 3.ini
[2005/03/11 09:02:29 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\inetwh16.dll
[2005/02/21 18:15:01 | 000,000,183 | ---- | C] () -- C:\WINDOWS\KREDIT.INI
[2005/02/18 08:48:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\books.dat
[2005/02/18 08:43:32 | 000,000,850 | ---- | C] () -- C:\WINDOWS\Eltric.ini
[2005/02/18 08:43:20 | 000,000,125 | ---- | C] () -- C:\WINDOWS\taquin.ini
[2005/02/18 08:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2005/02/12 06:12:48 | 000,089,856 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2005/02/11 10:07:07 | 000,000,145 | ---- | C] () -- C:\WINDOWS\system32co0100.dat
[2005/02/11 10:00:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\coclean.exe
[2005/02/09 09:33:33 | 000,046,128 | ---- | C] () -- C:\WINDOWS\System32\DLLPRF32.DAT
[2005/02/09 09:04:25 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2005/02/01 13:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinDB.INI
[2005/02/01 11:03:33 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2005/02/01 10:53:13 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2004/12/28 07:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2004/12/28 07:50:20 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\mxfilerelatedcache.mxc2
[2004/12/26 08:46:26 | 000,000,382 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4.INI
[2004/12/17 16:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MX_SHARE.DAT
[2004/12/10 03:18:47 | 000,000,385 | ---- | C] () -- C:\WINDOWS\BkcEmu.ini
[2004/12/10 03:14:15 | 000,007,476 | ---- | C] () -- C:\WINDOWS\JWUNINST.EXE
[2004/11/29 15:07:07 | 000,041,243 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll
[2004/11/29 15:07:07 | 000,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll
[2004/11/29 15:07:07 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\capitask.exe
[2004/11/29 13:52:36 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2004/10/15 11:48:23 | 000,000,261 | ---- | C] () -- C:\WINDOWS\PLAKAT.INI
[2004/10/15 07:00:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ppengine.ini
[2004/10/06 08:24:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Album.INI
[2004/10/01 10:57:11 | 000,001,814 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2004/09/18 11:59:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT610phmgunin.exe
[2004/09/17 04:02:19 | 000,023,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Microsoft Access.ADR
[2004/09/17 03:59:49 | 000,005,614 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Microsoft Access.NOT
[2004/09/17 03:58:17 | 000,011,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Microsoft Access.CAL
[2004/09/14 05:40:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2004/09/13 08:40:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI
[2004/09/13 08:38:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/09/13 08:33:05 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004/09/13 08:33:04 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/09/13 07:19:56 | 000,066,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\wklnhst.dat
[2004/09/13 07:05:07 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2004/09/13 05:14:50 | 000,081,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/13 05:14:50 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/10/01 15:50:57 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2003/10/01 15:50:56 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2003/10/01 15:50:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2003/10/01 15:50:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2003/10/01 15:50:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2003/09/22 17:59:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/22 16:57:21 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2003/09/22 16:55:19 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_PCM.exe
[2003/09/20 19:42:09 | 000,000,970 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/20 19:42:01 | 000,498,094 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/09/20 19:42:01 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/09/20 19:42:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/09/20 19:42:01 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/09/20 19:41:45 | 000,477,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/09/20 19:41:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/09/20 19:41:45 | 000,078,786 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/09/20 19:41:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/09/20 19:41:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/09/20 19:41:44 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/09/20 19:41:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/20 19:41:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/09/20 19:41:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/09/20 19:41:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/09/20 19:41:24 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/20 14:01:38 | 000,001,472 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/20 13:39:18 | 004,142,932 | ---- | C] () -- C:\WINDOWS\System32\DETour.exe
[2003/09/20 13:24:45 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2003/09/20 13:11:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/20 12:41:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/20 12:09:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\Dit.exe
[2003/09/20 12:09:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\DitExp.exe
[2003/09/20 12:09:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2003/09/20 12:09:48 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2003/09/20 11:45:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/20 11:45:01 | 000,739,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/20 11:37:25 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/20 11:33:52 | 000,233,472 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.EXE
[2003/09/20 11:33:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2003/09/20 11:33:52 | 000,003,424 | ---- | C] () -- C:\WINDOWS\cmiainfo.sys
[2003/09/20 11:33:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/09/20 11:33:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/09/20 11:33:51 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/09/20 11:33:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/09/20 11:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/09/20 11:33:49 | 000,064,957 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2003/09/20 11:33:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2003/09/20 11:33:48 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2003/09/20 11:33:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/09/20 10:59:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/20 10:53:11 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/20 10:51:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/20 10:48:36 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/10 07:22:42 | 000,008,632 | ---- | C] () -- C:\WINDOWS\PRISMDOM.ini
[2003/05/28 10:37:44 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2003/04/18 21:14:48 | 000,732,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISDN_u.sys
[2003/01/13 04:41:58 | 000,026,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[1999/04/29 19:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/26 18:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
 
========== LOP Check ==========
 
[2003/09/27 06:30:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2013/09/29 23:42:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Apavlr
[2013/09/29 23:42:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Brzravrhli
[2010/03/16 08:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\CallingID
[2010/03/15 14:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\CallingID(2)
[2013/07/05 08:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Canon
[2010/01/13 09:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\DataSync Outlook
[2013/09/29 05:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Dropbox
[2011/09/18 08:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\DVDVideoSoft
[2011/09/18 08:43:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\DVDVideoSoftIEHelpers
[2004/11/17 12:17:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\EverAd
[2006/10/09 14:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\fotobuch.de
[2007/11/04 03:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\fotobuch.de AG
[2012/04/06 06:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Free PDF to Word Converter
[2012/07/21 10:36:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\FRITZ!
[2009/02/15 12:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\GARMIN
[2009/04/28 06:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\geoinform
[2013/04/12 05:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Lexware
[2007/08/29 11:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Magix
[2004/09/18 11:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\MobileAction
[2010/11/22 08:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\MOPSOS
[2008/01/16 13:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Ulead Systems
[2013/09/29 23:42:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Vuvegp
[2013/09/29 23:42:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Wcymfwcpy
[2005/11/03 13:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\WEBDE
[2012/11/15 04:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\XnView
[2013/09/29 23:42:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Yfypykfmc
[2013/09/29 23:42:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Ypfycyyyy
[2007/03/10 15:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2011/10/27 08:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA
[2010/03/15 14:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA(2)
[2010/03/16 08:52:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA(3)
[2013/07/05 08:05:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2007/11/04 03:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2006/09/27 07:50:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FREEDB
[2009/02/14 10:23:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2013/05/22 03:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2007/08/29 11:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2004/09/13 07:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2013/04/19 03:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2011/07/28 15:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Pipesmoker\Desktop\MapSource.exe:SummaryInformation
< End of report >

	Code: 

 ATTFilter

  
	OTL Extras logfile created on: 10/1/2013 6:26:15 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511.00 Mb Total Physical Memory | 277.00 Mb Available Physical Memory | 54.00% Memory free
459.00 Mb Paging File | 334.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.55 Gb Total Space | 21.77 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive D: | 68.64 Gb Total Space | 24.30 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 2.22 Gb Free Space | 37.98% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\VR-NetWorld\ONLUPD04.EXE" = C:\Programme\VR-NetWorld\ONLUPD04.EXE:*:Enabled:OnlUpd04.EXE
"C:\Programme\VR-NetWorld\ONLUPD01.exe" = C:\Programme\VR-NetWorld\ONLUPD01.exe:*:Enabled:OnlUpd01.EXE
"C:\Programme\WinMX\WinMX.exe" = C:\Programme\WinMX\WinMX.exe:*:Enabled:WinMX Application
"C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\start.exe" = C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\start.exe:*:Enabled:Startprogramm Fotobuch Design-Center -- (fotobuch.de AG)
"C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\FBC.exe" = C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\FBC.exe:*:Enabled:Fotobuch Design-Center -- (fotobuch.de AG)
"C:\Programme\fotobuch.de AG\Designer\Designer.exe" = C:\Programme\fotobuch.de AG\Designer\Designer.exe:*:Designer.exe
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DE4DE52-DB27-4D0F-93B6-E3C9E4698A10}" = PowerPDF Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601" = CanoScan LiDE 700F Scanner Driver
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"{1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1}" = VideoLive Mail
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 2.0
"{26866243-CFFE-49C8-9546-3C6918CF8AB7}" = Lexware buchhalter 2007
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3C2DE16D-F677-4F88-8B6A-31B7F3907B23}" = Lexware buchhalter 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{3EC454CC-DF11-4E8B-B8F1-52F6DFEEA902}" = Paragon Drive Backup 6.0 Sonder Edition
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{515E1B00-E2B4-4975-9900-95F66077C3AE}" = eTrust Antivirus Registration
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5BDBA4A4-E7F8-4F26-A749-D52E7FB71966}" = Brother HL-2070N
"{601D8D9A-86DD-44BF-A81C-B98DDB46A536}" = Print-Pack Tattoo
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{6411B38F-7704-484B-A93B-FD900BC8E8EB}" = PIF DESIGNER2.0
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}" = Lexware buchhalter 2013
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema XL II
"{6F8A93F7-40A8-486D-B9C2-545F568D50B3}" = Lexware buchhalter 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{95A51471-9E5C-4F8D-A7F5-AB288910CC10}" = Paragon ISO Burner
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACEBC7B-4D46-462A-929C-99177EC5BEA6}" = InstantCopy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}" = Lexware Elster
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB93551-3FFE-42B2-8315-96252BBC1031}" = Nero 7 Essentials
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8464788-07B3-4760-9D5D-803080D74119}" = Lexware buchhalter 2007
"{B8BC806D-0703-11D4-BB23-006008676AF8}" = Sony Ericsson Communications Suite
"{BC6332C4-60CD-4B71-B7FE-CE921D46ECC2}_is1" = DirReader 1.53
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1955A3A-EA24-4682-8641-43B5B688B09A}" = USB Wireless Keyboard Driver Ver1.24M
"{D5CF3710-211B-11D4-B9B9-00105AE05C5D}" = XTNDConnect PC
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"7-Zip" = 7-Zip 4.15 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"AskSmb 7" = MuM Symbolbibliotheken für AutoSketch 6/7
"ATI Display Driver" = ATI Display Driver
"AutoSketch v7.0" = AutoSketch v7.0
"AVMFBox" = FRITZ!Box
"C-Media Audio" = C-Media 3D Audio
"Corel Applications" = Corel Applications
"DivX Codec" = DivX Codec
"Dkill95" = Dkill95
"Edit Digi-Pictures" = Edit Digi-Pictures 1.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"eTrust Suite Personal" = MSC Internet Security Suite
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"FRITZ!DSL" = AVM FRITZ!DSL
"Hardcopy(C__Programme_Hardcopy)" = Hardcopy (C:\Programme\Hardcopy)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"KSDTrans" = KSDTrans
"L&H Power Translator" = L&H Power Translator Pro
"MAGIX Foto Clinic 6 D" = MAGIX Foto Clinic 6 6.0.10.0 (D)
"MAGIX Fotos auf CD & DVD 6.5 deluxe D" = MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Maroc-Topo Map_is1" = Maroc-Topo Map 1.21
"MediaShow" = Medi@Show
"Microcat for Land Rover" = Microcat for Land Rover
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myPixxDesCent65_is1" = Fotobuch Design-Center V6.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSIS" = Nullsoft Install System
"OSM Map of Czech Republic" = OSM Map of Czech Republic
"OSM Map of Morocco" = OSM Map of Morocco
"Picasa 3" = Picasa 3
"Picture Easy 3.0" = Picture Easy 3.0
"RealPlayer 6.0" = RealOne Player
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shockwave" = Shockwave
"SIM Secretary" = SIM Secretary
"SSC Service Utility_is1" = SSC Service Utility v4.30
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XnFoto_is1" = XnFoto www.foto.com
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
< End of report >

schrauber · 01.10.2013, 15:56

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\Pipesmoker_ON_C..\Run: [KB3442917]  File not found
O4 - HKU\Pipesmoker_ON_C..\Run: [llmxipjj]  File not found
O4 - HKU\Pipesmoker_ON_C..\Run: [ooevyprr]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3442917 = "C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917\KB3442917.exe"
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: KB3442917 = "C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917\KB3442917.exe"
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O20 - HKLM Winlogon: Shell - ("C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917\KB3442917.exe") -  File not found
:files
C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\KB3442917

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Rechner normal starten.

Disco · 01.10.2013, 21:02

Hall Schrauber,
tut mir leid aber ich check das nicht was ich machen soll bzw. wie ich mit deiner Nachricht umgehen soll?
Auf meinem infizierten Rechner kann ich mit der OLTPE by Old Timer - Version 3.1.48.0 vom CD-Laufwerk meines infizierten Rechner starten.
Wenn ich dann auf Das OLTPE Batton doppelclicke kommt die Meldung: Do you wish to load remote user profile(s) for scanning? was ich dan auch mit yes quittiere.
Dann kommt das Bild: Select User Profile wo mir angeboten wird:
Administrator. COMPUTERNAME
LocalService
NetworService
Pipesmoker und
systemprofile

Nun habe ich Pipesmoker markiert ( das häckchen bei Automatically Load All Remaning User? ist drin.
Nun bestätige ich mit OK
Dann kommt die Maske mit dem "Run Scan" hier habe ich alle "Punkte" so gesetzt wie beschrieben (allerdings haben ich nicht die kästchen zur Verfügung die rechts zwischen "Quick Scan" und "Output stehen)
ganz unten in der Maske steht "Custom Scon/Fixes"
wenn ich nun auf "Run Scan" clicke wird die "Extras.txt" und die "OTL.txt" erstellt.

tut mir leid das du soviel Geduld mit mir aufwenden mußt und hoffentlich nerve ich dich nicht allzusehr.

Gruß Klaus (Disco)

schrauber · 02.10.2013, 07:31

In diese Box kopierst du den Inhalt der Codebox oben, von mir gepostet.

Dann auf Fix drücken anstatt auf Scan. Den Text von mir am Besten auf nem USB Stick speichern, dann am infizierten Rechner öffnen und kopieren.

Disco · 02.10.2013, 08:51

Danke Schrauber, jetzt hab ichs kapiert
aber nun nächstes Problem:
Ich kann denn Code den du mir geschickt hast nicht kopiern?
Wenn ich auf den Code-Kästchen "Alles auswählen" ckicke, wird der gesammte Text markiert. Wenn ich jetzt rechte Maustaste dann kopier anwähle und dann auf meinem USB-Stick zugreife und auf Einfügen gehe pasiert nichts?

Gruß Klaus (Disco)

Disco · 02.10.2013, 14:21

Hallo Schrauber,
also hab es jetzt hinbekommen deine OTL.txt auf den USB-Stick kopiert, infizierten Computer über die OTLPE-CD gestartet, OTLPE geöffnet und die deine OTL.txt eingefügt, dann auf RunFix gestartet danach kommt die im Anhang beigefügte LOG-Datei.
Den Computer runtergefahren OTLPE-CD raus und neu gestartet bis dahin alles normal.
Wenn ich jetzt auf mein Benutzer-ICON drücke komm dann auch mein Startbildschirm (in meinem Fall Medion) aber sonst nichts. kurz danach werde ich wieder automatisch abgemeldet?

Gruß Disco

schrauber · 02.10.2013, 21:42

Mach mal nen neuen Scan mit OTLPE und poste das Logfile.

Disco · 02.10.2013, 22:15

OK hier noch mal aktuell die Logfiles

Code:

ATTFilter

OTL logfile created on: 10/3/2013 2:08:03 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511.00 Mb Total Physical Memory | 277.00 Mb Available Physical Memory | 54.00% Memory free
459.00 Mb Paging File | 334.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.55 Gb Total Space | 21.77 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive D: | 68.64 Gb Total Space | 24.30 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 2.22 Gb Free Space | 37.98% Space Free | Partition Type: FAT32
Drive H: | 3.75 Gb Total Space | 1.52 Gb Free Space | 40.57% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand] --  -- (AppMgmt)
SRV - [2013/09/20 10:05:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/25 18:33:12 | 000,261,200 | ---- | M] (Total Defense, Inc.) [On_Demand] -- C:\Programme\MSC\MSC Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2012/10/25 18:33:12 | 000,207,952 | ---- | M] (Total Defense, Inc.) [Auto] -- C:\Programme\MSC\MSC Internet Security Suite\ccschedulersvc.exe -- (ccSchedulerSVC)
SRV - [2012/10/25 18:33:04 | 000,210,248 | ---- | M] (CA) [Auto] -- C:\Programme\MSC\MSC Internet Security Suite\MSC Anti-Virus Plus\CAAMSvc.exe -- (CAAMSvc)
SRV - [2011/10/18 09:04:37 | 000,222,544 | ---- | M] (Computer Associates International, Inc.) [Auto] -- C:\Programme\MSC\MSC Internet Security Suite\MSC Anti-Virus Plus\isafe.exe -- (CAISafe)
SRV - [2011/04/04 06:42:28 | 000,662,096 | ---- | M] (CA) [Auto] -- C:\Programme\CA\SharedComponents\TMEngine\UmxEngine.exe -- (UmxEngine)
SRV - [2009/03/11 08:28:22 | 000,078,696 | ---- | M] () [Auto] -- C:\Programme\MySecurityCenter\Programs\Service.exe -- (MySecurityCenter License Service)
SRV - [2006/12/23 11:54:04 | 000,262,144 | ---- | M] (Nero AG) [Disabled] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006/12/14 10:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand] -- C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService)
SRV - [2005/11/17 09:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand] -- C:\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2005/03/04 06:50:00 | 000,118,784 | ---- | M] (AVM Berlin) [Auto] -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE -- (AVM IGD CTRL Service)
SRV - [2005/03/04 06:42:08 | 000,315,392 | ---- | M] (AVM Berlin) [On_Demand] -- C:\Programme\Gemeinsame Dateien\AVM\De_serv.exe -- (de_serv)
SRV - [2004/10/21 22:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2002/07/16 20:03:00 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Programme\Gemeinsame Dateien\EPSON\EBAPI\SAgent2.exe -- (EPSONStatusAgent2)
SRV - [2001/11/12 07:31:48 | 000,020,480 | ---- | M] (X10) [On_Demand] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
SRV - [2001/02/23 04:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | Boot] --  -- (ElbyVCD)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2011/10/27 10:07:50 | 000,170,064 | ---- | M] (Total Defense) [File_System | Boot] -- C:\WINDOWS\system32\drivers\KmxAMRT.sys -- (KmxAMRT)
DRV - [2011/10/26 06:51:22 | 000,083,536 | ---- | M] (CA) [File_System | System] -- C:\WINDOWS\system32\drivers\KmxAgent.sys -- (KmxAgent)
DRV - [2011/09/06 16:03:36 | 000,331,344 | ---- | M] (CA) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\KmxCfg.sys -- (KmxCfg)
DRV - [2011/09/06 16:03:36 | 000,123,984 | ---- | M] (CA) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\KmxStart.sys -- (KmxStart)
DRV - [2010/11/06 05:56:02 | 000,005,248 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2007/08/29 11:33:42 | 000,110,304 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV09.sys -- (ACEDRV09)
DRV - [2007/02/28 01:38:22 | 000,091,008 | ---- | M] (OMNIKEY) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cxbu0wdm.sys -- (cxbu0wdm)
DRV - [2006/09/22 11:40:29 | 000,101,376 | ---- | M] (Protect Software GmbH) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\ACEDRV07.sys -- (ACEDRV07)
DRV - [2006/05/03 12:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/04/07 12:06:38 | 000,038,496 | ---- | M] (OLYMPUS IMAGING CORP.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\VNUSB.sys -- (VNUSB)
DRV - [2006/02/22 09:49:36 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2005/07/28 03:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/10/27 23:30:54 | 000,079,232 | ---- | M] (Inmax Technology Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Imx5123.sys -- (Imx5123)
DRV - [2004/04/09 11:55:50 | 000,017,456 | ---- | M] (Paragon Software Group) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\hotcore.sys -- (hotcore)
DRV - [2003/08/07 10:36:48 | 000,362,688 | ---- | M] (Intersil Americas Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PRISMA00.sys -- (PRISM_A00)
DRV - [2003/07/16 02:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2003/06/12 02:47:42 | 000,024,704 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PhTVTune.sys -- (PhTVTune)
DRV - [2003/06/05 02:04:22 | 000,350,752 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Cap7134.sys -- (Cap7134) MEDION (7134)
DRV - [2003/05/22 11:44:44 | 000,670,203 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ctxs51.sys -- (Intels51)
DRV - [2003/04/18 21:14:48 | 000,732,416 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ISDN_u.sys -- (ISDN_u)
DRV - [2003/03/20 09:01:46 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/01/13 04:41:58 | 000,026,435 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wdmwanmp.sys -- (WDMWANMP)
DRV - [2002/10/22 07:58:06 | 000,040,448 | ---- | M] (Susteen Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SUSCOM.SYS -- (SUSCOM)
DRV - [2002/04/17 14:27:02 | 000,011,264 | ---- | M] (VOB Computersysteme GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2K)
DRV - [2001/11/14 12:07:42 | 000,010,761 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\x10uif.sys -- (X10UIF)
DRV - [2001/08/17 09:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2000/07/23 20:01:00 | 000,019,537 | ---- | M] (Brother Industries Ltd.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\BrPar.sys -- (BrPar)
DRV - [1998/03/03 08:55:58 | 000,040,480 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mgnt.sys -- (MicroGuard)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator.COMPUTERNAME_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com/
IE - HKU\Administrator.COMPUTERNAME_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.urspringen.de/
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Pipesmoker_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
 
 
 
O1 HOSTS File: ([2002/08/29 08:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [cctray] C:\Programme\MSC\MSC Internet Security Suite\casc.exe (Total Defense, Inc.)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)
O4 - HKLM..\Run: [Copy Handler]  File not found
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe ()
O4 - HKLM..\Run: [KB3442917]  File not found
O4 - HKLM..\Run: [LexwareInfoService] C:\Programme\Gemeinsame Dateien\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [Microsoft Works Update Detection]  File not found
O4 - HKLM..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe ()
O4 - HKLM..\Run: [PRISMSTA.EXE] C:\WINDOWS\System32\PRISMSTA.exe (Intersil Americas Inc.)
O4 - HKLM..\Run: [setc] C:\Programme\MySecurityCenter\Programs\setc.exe (MySecurityCenter)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Gemeinsame Dateien\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Administrator.COMPUTERNAME_ON_C..\Run: [AOLMIcon]  File not found
O4 - HKU\Pipesmoker_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Pipesmoker_ON_C..\Run: [DataSync Outlook] C:\Programme\Deutsche Telekom\DataSync Outlook\DataSync Outlook.exe (O3SIS AG)
O4 - HKU\Administrator.COMPUTERNAME_ON_C..\RunOnce: [NeroHomeFirstStart] C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O4 - Startup: C:\Dokumente und Einstellungen\Pipesmoker\Startmenü\Programme\Autostart\Dropbox.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\Pipesmoker\Startmenü\Programme\Autostart\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.COMPUTERNAME_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_26.dll (Sun Microsystems, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///F:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {30FC2FD9-1AB1-4638-B3D2-434B7CB11AD5} https://nlhomevpn.vsvpn.com/tarantella/java/getcompname.cab (Netilla Get Computer Name Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///F:/components/A9.ocx (A9Helper.A9)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1348420498937 (WUWebControl Class)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///F:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab (CeWe Color AG & Co. OHG Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37884.393599537 (Reg Error: Key error.)
O16 - DPF: {CAC677B6-4963-4305-9066-0BD135CD9233} https://as.photoprintit.de/ips-opdata/layout/default_cms01/activex/IPSUploader4.cab (IPSUploader4 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} hxxp://express.foto.com/SFUploader/SpeedUploader.cab (Foto.com SpeedUploader 1.0 Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\MEDION 1.bmp
O27 - HKLM IFEO\userinit.exe: Debugger - C:\WINDOWS\system32\videopdns.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/09/20 10:50:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/03 03:49:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Identities
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Help
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Cyberlink
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Ahead
[2013/09/30 01:07:58 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Adobe
[2013/09/30 01:07:57 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft
[2013/09/30 01:07:57 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Favoriten
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Videos
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene TV Aufzeichnungen
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Tabellen
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Musik
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Downloads
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Dokumente
[2013/09/30 01:07:57 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien\Eigene Bilder
[2013/09/30 01:07:57 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Cookies
[2013/09/30 01:07:57 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Druckumgebung
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Real
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\Help
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Eigene Dateien
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Desktop
[2013/09/30 01:07:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2013/09/30 01:07:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\UserData
[2013/09/30 01:07:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\SendTo
[2013/09/30 01:07:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Recent
[2013/09/30 01:07:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Zubehör
[2013/09/30 01:07:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü
[2013/09/30 01:07:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Autostart
[2013/09/30 01:07:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Vorlagen
[2013/09/30 01:07:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Netzwerkumgebung
[2013/09/30 01:07:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\Powercinema
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2013/09/30 01:07:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\AOL
[2013/09/29 22:46:41 | 000,000,000 | -HSD | C] -- C:\found.000
[2013/09/29 13:02:35 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\LocalService\Recent
[2013/09/20 10:05:06 | 003,723,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/09/18 10:33:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Pipesmoker\Eigene Dateien\FONIC-Mobiles Internet
[2004/11/29 15:07:07 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll
[2004/09/08 03:47:52 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\RCCOLLAB.DLL
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/02 23:15:03 | 000,049,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\KmxAgent.asc
[2013/10/02 23:15:03 | 000,048,225 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2013/10/02 23:15:03 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2013/10/02 23:15:03 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2013/10/02 23:15:03 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2013/10/02 23:15:03 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2013/10/02 23:15:03 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2013/10/02 23:15:03 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2013/10/02 23:15:03 | 000,000,085 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k7
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k6
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k5
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k4
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k3
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k2
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k1
[2013/10/02 23:15:03 | 000,000,049 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxzone.u2k0
[2013/10/02 23:15:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/10/02 23:12:24 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/02 23:11:21 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2013/10/02 23:11:01 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/02 02:22:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/09/30 16:17:20 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/29 10:36:48 | 002,209,056 | ---- | M] () -- C:\avira-eu-cleaner_de.exe
[2013/09/28 13:05:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/09/28 02:29:14 | 000,066,222 | ---- | M] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\wklnhst.dat
[2013/09/20 10:05:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/09/20 10:05:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/09/20 10:05:06 | 003,723,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerInstaller.exe
[2013/09/12 06:55:51 | 000,739,032 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/09/12 03:33:45 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/09/04 08:21:53 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit_.INI
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/09/30 13:50:26 | 536,399,872 | -HS- | C] () -- C:\hiberfil.sys
[2013/09/30 01:08:10 | 000,000,788 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2013/09/30 01:08:10 | 000,000,759 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Internet Explorer Browser starten.lnk
[2013/09/30 01:08:10 | 000,000,079 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Desktop anzeigen.scf
[2013/09/30 01:08:01 | 000,006,144 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/09/30 01:08:01 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2013/09/30 01:07:59 | 000,001,599 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Remoteunterstützung.lnk
[2013/09/30 01:07:59 | 000,000,747 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Internet Explorer.lnk
[2013/09/30 01:07:59 | 000,000,718 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator.COMPUTERNAME\Startmenü\Programme\Outlook Express.lnk
[2013/09/29 13:48:34 | 002,209,056 | ---- | C] () -- C:\avira-eu-cleaner_de.exe
[2013/07/04 12:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\UMXADDIN.INI
[2013/07/04 12:14:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pexplore.ini
[2013/03/21 10:29:42 | 000,207,928 | ---- | C] () -- C:\WINDOWS\System32\LXPrnUtil10.dll
[2013/03/21 10:29:42 | 000,138,808 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvmc100.dll
[2013/03/21 10:29:42 | 000,074,808 | ---- | C] () -- C:\WINDOWS\System32\LxDNTvm100.dll
[2013/03/21 10:29:40 | 000,319,032 | ---- | C] () -- C:\WINDOWS\System32\LxDNT100.dll
[2012/02/16 01:13:41 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/09/02 07:12:30 | 000,000,048 | ---- | C] () -- C:\WINDOWS\lic_key.dat
[2011/09/02 07:02:07 | 000,000,463 | ---- | C] () -- C:\WINDOWS\mbcase.uninst.ini
[2011/05/13 04:03:16 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC8.dll
[2011/05/13 04:01:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC8.dll
[2011/05/13 04:01:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC8.dll
[2011/01/29 05:48:22 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2010/11/26 15:41:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\geotrans2d.INI
[2010/11/26 15:41:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\geotrans2.INI
[2010/11/06 05:56:02 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2010/11/05 07:32:11 | 000,000,142 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2010/11/05 07:32:11 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2010/11/05 07:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2010/11/05 07:32:02 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2010/11/05 07:32:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2010/11/05 07:32:01 | 000,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2010/11/05 07:31:59 | 000,009,015 | ---- | C] () -- C:\WINDOWS\HL-2070N.INI
[2010/11/05 07:31:00 | 000,000,432 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/11/05 07:31:00 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\BD2070N.DAT
[2009/05/09 12:31:38 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/04/28 06:35:31 | 000,000,207 | ---- | C] () -- C:\WINDOWS\BECIF.INI
[2009/04/28 06:32:50 | 000,000,100 | ---- | C] () -- C:\WINDOWS\BECUPDATE.INI
[2009/04/28 06:30:26 | 000,001,433 | ---- | C] () -- C:\WINDOWS\BEC.INI
[2008/12/18 11:44:30 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\OdiOlDVR.dll
[2008/12/18 11:44:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\OdiAPI.dll
[2008/02/11 10:24:42 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA110VC8.dll
[2008/01/18 09:25:06 | 000,000,412 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2007/11/20 13:49:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2007/09/16 16:25:42 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Pex.INI
[2007/09/15 03:22:27 | 000,038,888 | ---- | C] () -- C:\WINDOWS\RBKSETUP.EXE
[2007/09/11 09:33:26 | 000,001,763 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007/06/28 18:21:13 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/28 12:43:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/06/26 13:51:47 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\cmabout.dll
[2007/06/26 13:51:47 | 000,010,229 | ---- | C] () -- C:\WINDOWS\System32\cmdiag.ini
[2007/06/26 13:51:47 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\cmabout.ini
[2007/03/10 15:04:09 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC7.dll
[2007/03/10 15:04:09 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\LxUtl10.dll
[2007/02/19 08:12:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\chksvrn.dll
[2007/01/28 14:54:47 | 000,000,130 | ---- | C] () -- C:\WINDOWS\Goya.INI
[2006/11/04 18:16:26 | 000,409,600 | ---- | C] () -- C:\WINDOWS\System32\BH_DATA100VC8.dll
[2006/10/22 04:44:41 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2006/09/22 11:48:26 | 000,000,092 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos_dlx.INI
[2006/09/21 08:53:28 | 000,282,679 | ---- | C] () -- C:\WINDOWS\System32\dnt27.dll
[2006/09/21 08:52:24 | 000,077,882 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27.dll
[2006/09/21 08:52:14 | 000,077,881 | ---- | C] () -- C:\WINDOWS\System32\dntvm27.dll
[2006/04/28 16:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/03/07 14:37:11 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006/02/22 09:49:36 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2006/02/22 09:49:33 | 000,040,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\mgnt.sys
[2006/01/10 10:56:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\prestopm.INI
[2006/01/07 13:31:17 | 000,000,034 | ---- | C] () -- C:\WINDOWS\if40le.ini
[2006/01/07 13:31:15 | 000,000,016 | ---- | C] () -- C:\WINDOWS\SCNDRVU.INI
[2006/01/07 13:29:59 | 000,049,152 | R--- | C] () -- C:\WINDOWS\AutoSet.dll
[2005/12/09 11:55:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/11/09 07:13:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\dnt27VC7.dll
[2005/11/09 07:11:46 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dntvmc27VC7.dll
[2005/11/09 07:11:30 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dntvm27VC7.dll
[2005/08/10 08:21:49 | 000,000,006 | ---- | C] () -- C:\WINDOWS\mk32.dll
[2005/08/10 08:21:49 | 000,000,005 | ---- | C] () -- C:\WINDOWS\mk16.dll
[2005/08/08 08:42:12 | 001,270,784 | ---- | C] () -- C:\WINDOWS\System32\pwrpdfuid.dll
[2005/08/08 08:42:12 | 000,014,336 | ---- | C] () -- C:\WINDOWS\System32\vsmon1.dll
[2005/05/31 01:43:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2005/05/23 08:31:47 | 000,001,260 | ---- | C] () -- C:\WINDOWS\IMG2PDF.ini
[2005/03/22 09:59:21 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/03/11 18:01:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PezDownload.INI
[2005/03/11 09:02:31 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Picture Easy 3.ini
[2005/03/11 09:02:29 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\inetwh16.dll
[2005/02/21 18:15:01 | 000,000,183 | ---- | C] () -- C:\WINDOWS\KREDIT.INI
[2005/02/18 08:48:35 | 000,000,002 | ---- | C] () -- C:\WINDOWS\books.dat
[2005/02/18 08:43:32 | 000,000,850 | ---- | C] () -- C:\WINDOWS\Eltric.ini
[2005/02/18 08:43:20 | 000,000,125 | ---- | C] () -- C:\WINDOWS\taquin.ini
[2005/02/18 08:43:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\asym.ini
[2005/02/12 06:12:48 | 000,089,856 | ---- | C] () -- C:\WINDOWS\PI.EXE
[2005/02/11 10:07:07 | 000,000,145 | ---- | C] () -- C:\WINDOWS\system32co0100.dat
[2005/02/11 10:00:08 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\coclean.exe
[2005/02/09 09:33:33 | 000,046,128 | ---- | C] () -- C:\WINDOWS\System32\DLLPRF32.DAT
[2005/02/09 09:04:25 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI
[2005/02/01 13:15:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WinDB.INI
[2005/02/01 11:03:33 | 003,870,720 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll
[2005/02/01 10:53:13 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\WnASPI32.dll
[2004/12/28 07:53:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\musiceditor.INI
[2004/12/28 07:50:20 | 000,000,016 | -H-- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\mxfilerelatedcache.mxc2
[2004/12/26 08:46:26 | 000,000,382 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4.INI
[2004/12/17 16:33:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\MX_SHARE.DAT
[2004/12/10 03:18:47 | 000,000,385 | ---- | C] () -- C:\WINDOWS\BkcEmu.ini
[2004/12/10 03:14:15 | 000,007,476 | ---- | C] () -- C:\WINDOWS\JWUNINST.EXE
[2004/11/29 15:07:07 | 000,041,243 | ---- | C] () -- C:\WINDOWS\System32\isdncoin.dll
[2004/11/29 15:07:07 | 000,008,976 | ---- | C] () -- C:\WINDOWS\System32\capi20.dll
[2004/11/29 15:07:07 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\capitask.exe
[2004/11/29 13:52:36 | 000,000,017 | ---- | C] () -- C:\WINDOWS\Missing.ini
[2004/10/15 11:48:23 | 000,000,261 | ---- | C] () -- C:\WINDOWS\PLAKAT.INI
[2004/10/15 07:00:10 | 000,001,024 | ---- | C] () -- C:\WINDOWS\ppengine.ini
[2004/10/06 08:24:13 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Album.INI
[2004/10/01 10:57:11 | 000,001,814 | ---- | C] () -- C:\WINDOWS\goldwave.ini
[2004/09/18 11:59:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT610phmgunin.exe
[2004/09/17 04:02:19 | 000,023,612 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Microsoft Access.ADR
[2004/09/17 03:59:49 | 000,005,614 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Microsoft Access.NOT
[2004/09/17 03:58:17 | 000,011,148 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Microsoft Access.CAL
[2004/09/14 05:40:09 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2004/09/13 08:40:12 | 000,000,116 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI
[2004/09/13 08:38:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2004/09/13 08:33:05 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini
[2004/09/13 08:33:04 | 000,006,642 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2004/09/13 07:19:56 | 000,066,222 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\wklnhst.dat
[2004/09/13 07:05:07 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2004/09/13 05:14:50 | 000,081,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/13 05:14:50 | 000,000,143 | ---- | C] () -- C:\Dokumente und Einstellungen\Pipesmoker\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/10/01 15:50:57 | 000,000,360 | ---- | C] () -- C:\WINDOWS\CNYHKey.ini
[2003/10/01 15:50:56 | 000,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2003/10/01 15:50:56 | 000,049,152 | ---- | C] () -- C:\WINDOWS\CNYUSB.dll
[2003/10/01 15:50:56 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKCYDLL.dll
[2003/10/01 15:50:56 | 000,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2003/09/22 17:59:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/09/22 16:57:21 | 000,127,184 | ---- | C] () -- C:\WINDOWS\Unwise.exe
[2003/09/22 16:55:19 | 000,040,960 | ---- | C] () -- C:\Programme\Uninstall_PCM.exe
[2003/09/20 19:42:09 | 000,000,970 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/09/20 19:42:01 | 000,498,094 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/09/20 19:42:01 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2003/09/20 19:42:01 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/09/20 19:42:01 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2003/09/20 19:41:45 | 000,477,328 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/09/20 19:41:45 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/09/20 19:41:45 | 000,078,786 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/09/20 19:41:45 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/09/20 19:41:44 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/09/20 19:41:44 | 000,004,518 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/09/20 19:41:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/09/20 19:41:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/09/20 19:41:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/09/20 19:41:33 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/09/20 19:41:24 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/09/20 14:01:38 | 000,001,472 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/09/20 13:39:18 | 004,142,932 | ---- | C] () -- C:\WINDOWS\System32\DETour.exe
[2003/09/20 13:24:45 | 000,000,047 | ---- | C] () -- C:\WINDOWS\InoSetup.ini
[2003/09/20 13:11:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2003/09/20 12:41:11 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2003/09/20 12:09:48 | 000,073,728 | ---- | C] () -- C:\WINDOWS\Dit.exe
[2003/09/20 12:09:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\DitExp.exe
[2003/09/20 12:09:48 | 000,065,536 | ---- | C] () -- C:\WINDOWS\Dit.DLL
[2003/09/20 12:09:48 | 000,000,208 | ---- | C] () -- C:\WINDOWS\Dit.INI
[2003/09/20 11:45:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/20 11:45:01 | 000,739,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/09/20 11:37:25 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2003/09/20 11:33:52 | 000,233,472 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.EXE
[2003/09/20 11:33:52 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRMDRV.DLL
[2003/09/20 11:33:52 | 000,003,424 | ---- | C] () -- C:\WINDOWS\cmiainfo.sys
[2003/09/20 11:33:52 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2003/09/20 11:33:52 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2003/09/20 11:33:51 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.exe
[2003/09/20 11:33:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/09/20 11:33:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2003/09/20 11:33:49 | 000,064,957 | ---- | C] () -- C:\WINDOWS\Cmuda.ini
[2003/09/20 11:33:48 | 000,266,240 | ---- | C] () -- C:\WINDOWS\CMIUninstall.exe
[2003/09/20 11:33:48 | 000,225,280 | ---- | C] () -- C:\WINDOWS\CmiRmRedundDir.exe
[2003/09/20 11:33:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2003/09/20 10:59:33 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/09/20 10:53:11 | 000,000,863 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/09/20 10:51:36 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/09/20 10:48:36 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/09/10 07:22:42 | 000,008,632 | ---- | C] () -- C:\WINDOWS\PRISMDOM.ini
[2003/05/28 10:37:44 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\PSDrvCheck.exe
[2003/04/18 21:14:48 | 000,732,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISDN_u.sys
[2003/01/13 04:41:58 | 000,026,435 | ---- | C] () -- C:\WINDOWS\System32\drivers\wdmwanmp.sys
[2001/10/10 03:57:58 | 000,073,786 | ---- | C] () -- C:\WINDOWS\System32\dntvmc23.dll
[2001/10/10 03:57:58 | 000,061,497 | ---- | C] () -- C:\WINDOWS\System32\dntvm23.dll
[2001/03/07 03:02:30 | 000,229,431 | ---- | C] () -- C:\WINDOWS\System32\dnt23.dll
[1999/04/29 19:00:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1999/01/26 18:00:00 | 000,114,816 | ---- | C] () -- C:\WINDOWS\System32\MSMT4232.DLL
 
========== LOP Check ==========
 
[2003/09/27 06:30:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\X10 Commander
[2013/09/29 23:42:07 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Apavlr
[2013/09/29 23:42:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Brzravrhli
[2010/03/16 08:52:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\CallingID
[2010/03/15 14:40:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\CallingID(2)
[2013/07/05 08:10:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Canon
[2010/01/13 09:44:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\DataSync Outlook
[2013/09/29 05:19:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Dropbox
[2011/09/18 08:44:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\DVDVideoSoft
[2011/09/18 08:43:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\DVDVideoSoftIEHelpers
[2004/11/17 12:17:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\EverAd
[2006/10/09 14:54:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\fotobuch.de
[2007/11/04 03:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\fotobuch.de AG
[2012/04/06 06:43:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Free PDF to Word Converter
[2012/07/21 10:36:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\FRITZ!
[2009/02/15 12:00:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\GARMIN
[2009/04/28 06:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\geoinform
[2013/04/12 05:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Lexware
[2007/08/29 11:33:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Magix
[2004/09/18 11:59:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\MobileAction
[2010/11/22 08:28:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\MOPSOS
[2008/01/16 13:23:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Ulead Systems
[2013/09/29 23:42:06 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Vuvegp
[2013/09/29 23:42:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Wcymfwcpy
[2005/11/03 13:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\WEBDE
[2012/11/15 04:58:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\XnView
[2013/09/29 23:42:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Yfypykfmc
[2013/09/29 23:42:04 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Ypfycyyyy
[2007/03/10 15:12:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BTrieve
[2011/10/27 08:15:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA
[2010/03/15 14:40:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA(2)
[2010/03/16 08:52:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CA(3)
[2013/07/05 08:05:59 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2007/11/04 03:52:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fotobuch.de AG
[2006/09/27 07:50:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FREEDB
[2009/02/14 10:23:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN
[2013/05/22 03:41:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lexware
[2007/08/29 11:23:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX
[2004/09/13 07:17:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2013/04/19 03:00:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\tmp
[2011/07/28 15:03:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ulead Systems
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 88 bytes -> C:\Dokumente und Einstellungen\Pipesmoker\Desktop\MapSource.exe:SummaryInformation
< End of report >

	Code: 

 ATTFilter

  
	OTL Extras logfile created on: 10/3/2013 2:08:03 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
511.00 Mb Total Physical Memory | 277.00 Mb Available Physical Memory | 54.00% Memory free
459.00 Mb Paging File | 334.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 74.55 Gb Total Space | 21.77 Gb Free Space | 29.20% Space Free | Partition Type: NTFS
Drive D: | 68.64 Gb Total Space | 24.30 Gb Free Space | 35.41% Space Free | Partition Type: NTFS
Drive E: | 5.85 Gb Total Space | 2.22 Gb Free Space | 37.98% Space Free | Partition Type: FAT32
Drive H: | 3.75 Gb Total Space | 1.52 Gb Free Space | 40.57% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Programme\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Programme\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiMalware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\Temp\NavBrowser.exe" = C:\WINDOWS\Temp\NavBrowser.exe:*:Enabled:NAVBrowser
"C:\Programme\CA\eTrust Antivirus\InoRpc.exe" = C:\Programme\CA\eTrust Antivirus\InoRpc.exe:*:Enabled:eTrust Antivirus - RPC Server
"C:\Programme\CA\eTrust Antivirus\InocIT.exe" = C:\Programme\CA\eTrust Antivirus\InocIT.exe:*:Enabled:eTrust Antivirus - Local Scanner
"C:\Programme\CA\eTrust Antivirus\Realmon.exe" = C:\Programme\CA\eTrust Antivirus\Realmon.exe:*:Enabled:eTrust Antivirus - Realtime monitor
"C:\Programme\VR-NetWorld\ONLUPD04.EXE" = C:\Programme\VR-NetWorld\ONLUPD04.EXE:*:Enabled:OnlUpd04.EXE
"C:\Programme\VR-NetWorld\ONLUPD01.exe" = C:\Programme\VR-NetWorld\ONLUPD01.exe:*:Enabled:OnlUpd01.EXE
"C:\Programme\WinMX\WinMX.exe" = C:\Programme\WinMX\WinMX.exe:*:Enabled:WinMX Application
"C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\start.exe" = C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\start.exe:*:Enabled:Startprogramm Fotobuch Design-Center -- (fotobuch.de AG)
"C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\FBC.exe" = C:\Programme\myPixx Fotobuch\Fotobuch Design-Center\FBC.exe:*:Enabled:Fotobuch Design-Center -- (fotobuch.de AG)
"C:\Programme\fotobuch.de AG\Designer\Designer.exe" = C:\Programme\fotobuch.de AG\Designer\Designer.exe:*:Designer.exe
"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Disabled:Microsoft  Fax Console -- (Microsoft Corporation)
"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Enabled:LimeWire swarmed installer -- (LimeWire)
"C:\Programme\LimeWire\LimeWire.exe" = C:\Programme\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Programme\fotobuch.de AG\Designer 2.0\Designer.exe:*:Designer.exe
"C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe" = C:\Programme\Gemeinsame Dateien\MAGIX Shared\UPnPService\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service -- (Magix AG)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!Box Firmware-Update -- (AVM Berlin)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Google\Google Earth\client\googleearth.exe" = C:\Programme\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Dropbox\bin\Dropbox.exe" = C:\Dokumente und Einstellungen\Pipesmoker\Anwendungsdaten\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{025C3792-E9C6-432A-92C1-661F99D021CA}" = Ulead Photo Explorer 8.6
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DE4DE52-DB27-4D0F-93B6-E3C9E4698A10}" = PowerPDF Professional
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ9601" = CanoScan LiDE 700F Scanner Driver
"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"{16480125-0428-4097-9A2A-74464004D169}" = EOS Capture 1.3
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"{1FABA7C7-6DC0-11D6-9EAB-0050BAE317E1}" = VideoLive Mail
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema 2.0
"{26866243-CFFE-49C8-9546-3C6918CF8AB7}" = Lexware buchhalter 2007
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{3C2DE16D-F677-4F88-8B6A-31B7F3907B23}" = Lexware buchhalter 2007
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1A6B70-3E02-49BC-88B0-916C80274632}" = Informationen über Ihren PC
"{3EC454CC-DF11-4E8B-B8F1-52F6DFEEA902}" = Paragon Drive Backup 6.0 Sonder Edition
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows-Journal-Viewer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EAD2E21-1D4A-4E2B-A082-8D08961539C9}" = Microsoft Works Suite-Add-Ins für Microsoft Word
"{515E1B00-E2B4-4975-9900-95F66077C3AE}" = eTrust Antivirus Registration
"{5B680750-760B-49E4-81E7-21B2B337F9F7}" = Microsoft Works
"{5BDBA4A4-E7F8-4F26-A749-D52E7FB71966}" = Brother HL-2070N
"{601D8D9A-86DD-44BF-A81C-B98DDB46A536}" = Print-Pack Tattoo
"{622C377C-CF0D-492A-BC20-0480381A79E3}" = MySecurityCenter License Service
"{62B7C52C-CAB6-48B1-8245-52356C141C92}" = RENESIS® Player Browser Plugins
"{6411B38F-7704-484B-A93B-FD900BC8E8EB}" = PIF DESIGNER2.0
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}" = Lexware buchhalter 2013
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B103F43-069C-11D6-9EA2-0050BAE317E1}" = Home Cinema XL II
"{6F8A93F7-40A8-486D-B9C2-545F568D50B3}" = Lexware buchhalter 2007
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Camera Window DS
"{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0
"{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}" = VR-NetWorld
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{911B0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Internet Library
"{95A51471-9E5C-4F8D-A7F5-AB288910CC10}" = Paragon ISO Burner
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ACEBC7B-4D46-462A-929C-99177EC5BEA6}" = InstantCopy
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}" = Lexware Elster
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Camera Window DVC
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB93551-3FFE-42B2-8315-96252BBC1031}" = Nero 7 Essentials
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B8464788-07B3-4760-9D5D-803080D74119}" = Lexware buchhalter 2007
"{B8BC806D-0703-11D4-BB23-006008676AF8}" = Sony Ericsson Communications Suite
"{BC6332C4-60CD-4B71-B7FE-CE921D46ECC2}_is1" = DirReader 1.53
"{BC63A4AC-435D-4AAD-9881-D0ED60804D1A}" = Lexware buchhalter Aktualisierung Februar 2008, Version 13.10
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1955A3A-EA24-4682-8641-43B5B688B09A}" = USB Wireless Keyboard Driver Ver1.24M
"{D5CF3710-211B-11D4-B9B9-00105AE05C5D}" = XTNDConnect PC
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E73534D5-CC93-4C63-9072-5A9734255C74}" = Camera Window MC
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA1CB7AC-E221-4822-A789-0ADB051DC498}" = Medion Flash XL
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"{FE688026-1C8C-4E50-889D-4B6607CADC24}" = Lexware buchhalter 2008
"7-Zip" = 7-Zip 4.15 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"AskSmb 7" = MuM Symbolbibliotheken für AutoSketch 6/7
"ATI Display Driver" = ATI Display Driver
"AutoSketch v7.0" = AutoSketch v7.0
"AVMFBox" = FRITZ!Box
"C-Media Audio" = C-Media 3D Audio
"Corel Applications" = Corel Applications
"DivX Codec" = DivX Codec
"Dkill95" = Dkill95
"Edit Digi-Pictures" = Edit Digi-Pictures 1.0
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"eTrust Suite Personal" = MSC Internet Security Suite
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.9.908
"FRITZ!DSL" = AVM FRITZ!DSL
"Hardcopy(C__Programme_Hardcopy)" = Hardcopy (C:\Programme\Hardcopy)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3
"InstallShield_{16480125-0428-4097-9A2A-74464004D169}" = Canon Utilities EOS Capture 1.3
"InstallShield_{1C9171AC-5519-4DF4-B44D-B28F678DEB4C}" = DataSync Outlook
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{7B847C9D-6758-45E6-B598-3BD8F43EAE9E}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{954BF446-BBC9-42CC-87A6-EBF0D55CA19A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{A70D14C6-FF2C-4B8E-A643-7E74EC607614}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{E73534D5-CC93-4C63-9072-5A9734255C74}" = Canon Camera Window for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"KSDTrans" = KSDTrans
"L&H Power Translator" = L&H Power Translator Pro
"MAGIX Foto Clinic 6 D" = MAGIX Foto Clinic 6 6.0.10.0 (D)
"MAGIX Fotos auf CD & DVD 6.5 deluxe D" = MAGIX Fotos auf CD & DVD 6.5 deluxe 6.5.0.21 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR 2.3.1.3 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Maroc-Topo Map_is1" = Maroc-Topo Map 1.21
"MediaShow" = Medi@Show
"Microcat for Land Rover" = Microcat for Land Rover
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myPixxDesCent65_is1" = Fotobuch Design-Center V6.5
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSIS" = Nullsoft Install System
"OSM Map of Czech Republic" = OSM Map of Czech Republic
"OSM Map of Morocco" = OSM Map of Morocco
"Picasa 3" = Picasa 3
"Picture Easy 3.0" = Picture Easy 3.0
"RealPlayer 6.0" = RealOne Player
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Shockwave" = Shockwave
"SIM Secretary" = SIM Secretary
"SSC Service Utility_is1" = SSC Service Utility v4.30
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"X10Hardware" = X10 Hardware(TM)
"XnFoto_is1" = XnFoto www.foto.com
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Pipesmoker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
< End of report >

schrauber · 03.10.2013, 07:58

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKLM..\Run: [KB3442917]  File not found
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Disco · 03.10.2013, 08:41

Guten morgen Schrauber danke für die Rückantwort,
habe gerade alles gemacht, funktioniert aber immer noch nicht, ist genauso wie vorher.
Nach dem anmelden dauert es eine weile, dann werde ich wieder abgemeldet.
Hier im Anhagn die Fix-Auswertungsdatei.

Gruß Disco

schrauber · 04.10.2013, 01:30

Geht auch kein abgesicherter Modus?

30.09.2013, 07:49	#2
schrauber /// the machine /// TB-Ausbilder	Nach BKA Virus und OTLPE Bootstart und der Entfernung mit Virenscanner Meldung chkdsk ausführen? hi, poste mal ein OTLPE Logfile. __________________ __________________

02.10.2013, 21:42	#11
schrauber /// the machine /// TB-Ausbilder	Nach BKA Virus und OTLPE Bootstart und der Entfernung mit Virenscanner Meldung chkdsk ausführen? Mach mal nen neuen Scan mit OTLPE und poste das Logfile. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

04.10.2013, 01:30	#15
schrauber /// the machine /// TB-Ausbilder	Nach BKA Virus und OTLPE Bootstart und der Entfernung mit Virenscanner Meldung chkdsk ausführen? Geht auch kein abgesicherter Modus? __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Nach BKA Virus und OTLPE Bootstart und der Entfernung mit Virenscanner Meldung chkdsk ausführen?

Log-Analyse und Auswertung: Nach BKA Virus und OTLPE Bootstart und der Entfernung mit Virenscanner Meldung chkdsk ausführen?