| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoor.Bot ist nach jedem Neustart wieder daWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.10.2010, 09:26
| #1 |
 |  Backdoor.Bot ist nach jedem Neustart wieder da Hallo, so langsam verzweifele ich. Ich habe Malwarebytes mehrfach einen Quicksscann durchführen lassen und die besagten Ereignisse löschen lassen, auch Antivir lief drüber und hat alles in Quarantäne gepackt, was gefunden wurde. Nach jedem neustart ist aber diese backdoor.bot wieder da. Beim Googlen bin ich darauf gestoßen, dass ich die Systemwiederherstellung mal ausmachen solle, das habe ich auch getan, aber alles ohne Erfolg. Anbei die Logfiles... Gruß glasnost HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:20:24, on 13.10.10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Programme\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\Logi_MwX.Exe E:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe C:\Programme\XpertVision\TBPanel.exe C:\WINDOWS\system32\spoolsv.exe c:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe E:\Programme\Logitech\SetPoint\SetPoint.exe c:\Programme\Avira\AntiVir Desktop\avguard.exe c:\Programme\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Gemeinsame Dateien\Logitech\KhalShared\KHALMNPR.EXE C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\oodag.exe C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Mozilla Thunderbird\thunderbird.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\Programme\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/ F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\host32.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe O4 - HKLM\..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe -1 O4 - HKLM\..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe /A O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe -HPW O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [avgnt] "c:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy' (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O17 - HKLM\System\CCS\Services\Tcpip\..\{48610874-3588-4A87-8CFB-E925A22BBF11}: NameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{E59E14FF-DF76-46C9-8F3A-7BC93E00911D}: NameServer = 192.168.0.1 O18 - Protocol: hio - {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - c:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - c:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Programme\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Game Jackal Server (GJService) - Unknown owner - E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - E:\Programme\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe -- End of file - 6832 bytes Avira AntiVir Personal Erstellungsdatum der Reportdatei: Mittwoch, 13. Oktober 2010 09:10 Es wird nach 2925284 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - FREE Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows XP Windowsversion : (Service Pack 2) [5.1.2600] Boot Modus : Normal gebootet Benutzername : Max Mustermann Computername : XXX Versionsinformationen: BUILD.DAT : 10.0.0.567 32097 Bytes 19.04.10 15:50:00 AVSCAN.EXE : 10.0.3.0 433832 Bytes 01.04.10 11:37:35 AVSCAN.DLL : 10.0.3.0 56168 Bytes 30.03.10 10:42:16 LUKE.DLL : 10.0.2.3 104296 Bytes 07.03.10 17:32:59 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.10 10:59:47 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.09 08:05:36 VBASE001.VDF : 7.10.1.0 1372672 Bytes 19.11.09 18:27:49 VBASE002.VDF : 7.10.3.1 3143680 Bytes 20.01.10 16:37:42 VBASE003.VDF : 7.10.3.75 996864 Bytes 26.01.10 15:37:42 VBASE004.VDF : 7.10.4.203 1579008 Bytes 05.03.10 10:29:03 VBASE005.VDF : 7.10.6.82 2494464 Bytes 15.04.10 07:20:30 VBASE006.VDF : 7.10.7.218 2294784 Bytes 02.06.10 07:20:35 VBASE007.VDF : 7.10.9.165 4840960 Bytes 23.07.10 18:37:17 VBASE008.VDF : 7.10.11.133 3454464 Bytes 13.09.10 09:14:58 VBASE009.VDF : 7.10.11.134 2048 Bytes 13.09.10 09:14:59 VBASE010.VDF : 7.10.11.135 2048 Bytes 13.09.10 09:14:59 VBASE011.VDF : 7.10.11.136 2048 Bytes 13.09.10 09:14:59 VBASE012.VDF : 7.10.11.137 2048 Bytes 13.09.10 09:14:59 VBASE013.VDF : 7.10.11.165 172032 Bytes 15.09.10 09:14:59 VBASE014.VDF : 7.10.11.202 144384 begin_of_the_skype_highlighting**************02 144384******end_of_the_skype_highlighting Bytes 18.09.10 09:15:00 VBASE015.VDF : 7.10.11.231 129024 Bytes 21.09.10 06:56:47 VBASE016.VDF : 7.10.12.4 126464 Bytes 23.09.10 06:56:47 VBASE017.VDF : 7.10.12.38 146944 Bytes 27.09.10 17:29:53 VBASE018.VDF : 7.10.12.64 133120 Bytes 29.09.10 17:52:42 VBASE019.VDF : 7.10.12.99 134144 Bytes 01.10.10 07:44:36 VBASE020.VDF : 7.10.12.122 131584 Bytes 05.10.10 18:59:34 VBASE021.VDF : 7.10.12.148 119296 Bytes 07.10.10 19:41:03 VBASE022.VDF : 7.10.12.175 142848 Bytes 11.10.10 06:33:08 VBASE023.VDF : 7.10.12.176 2048 Bytes 11.10.10 06:33:08 VBASE024.VDF : 7.10.12.177 2048 Bytes 11.10.10 06:33:08 VBASE025.VDF : 7.10.12.178 2048 Bytes 11.10.10 06:33:08 VBASE026.VDF : 7.10.12.179 2048 Bytes 11.10.10 06:33:08 VBASE027.VDF : 7.10.12.180 2048 Bytes 11.10.10 06:33:08 VBASE028.VDF : 7.10.12.181 2048 Bytes 11.10.10 06:33:08 VBASE029.VDF : 7.10.12.182 2048 Bytes 11.10.10 06:33:08 VBASE030.VDF : 7.10.12.183 2048 Bytes 11.10.10 06:33:08 VBASE031.VDF : 7.10.12.193 93184 Bytes 12.10.10 07:06:06 Engineversion : 8.2.4.78 AEVDF.DLL : 8.1.2.1 106868 Bytes 01.08.10 07:17:33 AESCRIPT.DLL : 8.1.3.45 1368443 Bytes 21.09.10 09:15:08 AESCN.DLL : 8.1.6.1 127347 Bytes 20.07.10 07:20:48 AESBX.DLL : 8.1.3.1 254324 Bytes 20.07.10 07:20:50 AERDL.DLL : 8.1.9.2 635252 Bytes 25.09.10 06:56:53 AEPACK.DLL : 8.2.3.11 471416 Bytes 12.10.10 06:33:13 AEOFFICE.DLL : 8.1.1.8 201081 Bytes 25.07.10 18:37:24 AEHEUR.DLL : 8.1.2.33 2949496 Bytes 12.10.10 06:33:12 AEHELP.DLL : 8.1.14.0 246134 Bytes 12.10.10 06:33:10 AEGEN.DLL : 8.1.3.23 401779 Bytes 02.10.10 07:44:37 AEEMU.DLL : 8.1.2.0 393588 Bytes 20.07.10 07:20:43 AECORE.DLL : 8.1.17.0 196982 Bytes 25.09.10 06:56:49 AEBB.DLL : 8.1.1.0 53618 Bytes 20.07.10 07:20:43 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.10 10:59:10 AVPREF.DLL : 10.0.0.0 44904 Bytes 14.01.10 10:59:07 AVREP.DLL : 10.0.0.8 62209 Bytes 18.02.10 15:47:40 AVREG.DLL : 10.0.3.0 53096 Bytes 01.04.10 11:35:44 AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01.04.10 11:39:49 AVARKT.DLL : 10.0.0.14 227176 Bytes 01.04.10 11:22:11 AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26.01.10 08:53:25 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.10 11:57:53 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.10 14:38:54 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.10 13:40:55 RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.01.10 12:10:08 RCTEXT.DLL : 10.0.53.0 98152 Bytes 09.04.10 13:14:28 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Manuelle Auswahl Konfigurationsdatei...................: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira\AntiVir Desktop\PROFILES\folder.avp Protokollierung.......................: niedrig Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: mittel Beginn des Suchlaufs: Mittwoch, 13. Oktober 2010 09:10 Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbam.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'thunderbird.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'alg.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'wmiapsrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'KHALMNPR.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SetPoint.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ctfmon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'TBPanel.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'FightBoard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Logi_MwX.Exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HelpSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PnkBstrA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'SupServ.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'oodag.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mdm.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'jqs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Server.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'DTSRVC.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CTsvcCDA.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'aawservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nvsvc32.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '2157' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' C:\WINDOWS\host32.exe [FUND] Ist das Trojanische Pferd TR/Agent.cbs Beginne mit der Desinfektion: C:\WINDOWS\host32.exe [FUND] Ist das Trojanische Pferd TR/Agent.cbs [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4ecdc888.qua' verschoben! Ende des Suchlaufs: Mittwoch, 13. Oktober 2010 10:01 Benötigte Zeit: 50:11 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 12171 Verzeichnisse wurden überprüft 292734 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 292733 Dateien ohne Befall 1975 Archive wurden durchsucht 0 Warnungen 0 Hinweise OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.10.10 10:32:07 - Run 1 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free 4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme Drive C: | 19,53 Gb Total Space | 4,69 Gb Free Space | 23,99% Space Free | Partition Type: NTFS Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS Computer Name: LUGL | User Name: btsv | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days ========== Processes (SafeList) ========== PRC - [2010.10.13 10:26:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- c:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (SafeList) ========== MOD - [2010.10.13 10:26:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe MOD - [2006.08.25 09:46:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx ========== Win32 Services (SafeList) ========== SRV - [2010.09.18 16:16:24 | 002,063,808 | ---- | M] () [Auto | Stopped] -- E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe -- (GJService) SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- c:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- c:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) SRV - [2009.03.27 10:18:00 | 000,814,501 | ---- | M] () [Auto | Stopped] -- C:\nonficker.dll -- (aaaaanonficker) SRV - [2008.08.29 10:01:22 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R) SRV - [2008.07.14 14:43:04 | 000,069,632 | ---- | M] () [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2008.07.07 09:15:18 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2003.12.15 14:39:16 | 000,221,696 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag) SRV - [2001.02.23 10:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\xmasscsi.sys -- (xmasscsi) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vaxscsi.sys -- (vaxscsi) DRV - File not found [Kernel | On_Demand | Stopped] -- e:\Temp\AMDPCI.sys -- (AMDPCI) DRV - [2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV - [2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maploml.sys -- (MaplomL) DRV - [2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\maplom.sys -- (Maplom) DRV - [2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2010.04.04 00:55:31 | 010,232,128 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2010.03.01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb) DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.01.10 14:31:32 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2010.01.10 14:31:32 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2009.07.26 10:06:20 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- c:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.01.21 22:17:28 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi) DRV - [2008.08.18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts) DRV - [2008.08.01 12:36:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2008.08.01 12:36:00 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2008.02.12 20:52:08 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay) DRV - [2008.02.11 19:14:45 | 000,716,272 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2008.01.09 11:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2008.01.07 10:37:36 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2007.12.14 08:52:36 | 000,044,000 | ---- | M] (Ray Hinchliffe) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SIVX32.sys -- (SIVDRIVER) DRV - [2007.12.10 15:22:22 | 000,110,120 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017unic.sys -- (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) DRV - [2007.12.10 15:22:22 | 000,100,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017obex.sys -- (s3017obex) DRV - [2007.12.10 15:22:20 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mgmt.sys -- (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) DRV - [2007.12.10 15:22:20 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017nd5.sys -- (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) DRV - [2007.12.10 15:22:18 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdm.sys -- (s3017mdm) DRV - [2007.12.10 15:22:18 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017mdfl.sys -- (s3017mdfl) DRV - [2007.12.10 15:22:14 | 000,083,880 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3017bus.sys -- (s3017bus) Sony Ericsson Device 3017 driver (WDM) DRV - [2007.08.21 20:49:28 | 000,017,912 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Programme\GIGABYTE\@BIOS\markfun.w32 -- (MarkFun_NT) DRV - [2007.06.29 15:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD) DRV - [2007.04.11 15:33:14 | 000,028,688 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2007.04.11 15:33:06 | 000,079,376 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2007.04.11 15:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2007.04.11 15:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2007.04.11 15:32:38 | 000,063,248 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2007.04.03 13:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116unic.sys -- (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) DRV - [2007.04.03 13:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116obex.sys -- (s116obex) DRV - [2007.04.03 13:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116nd5.sys -- (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) DRV - [2007.04.03 13:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mgmt.sys -- (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) DRV - [2007.04.03 13:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdm.sys -- (s116mdm) DRV - [2007.04.03 13:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116mdfl.sys -- (s116mdfl) DRV - [2007.04.03 13:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s116bus.sys -- (s116bus) Sony Ericsson Device 116 driver (WDM) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2007.03.15 22:50:39 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2007.02.16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2007.02.09 13:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot) DRV - [2007.02.09 13:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou) DRV - [2006.11.16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts) DRV - [2006.09.18 15:59:08 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27unic.sys -- (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) DRV - [2006.09.18 15:59:02 | 000,086,560 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27obex.sys -- (SE27obex) DRV - [2006.09.18 15:59:00 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se27nd5.sys -- (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) DRV - [2006.09.18 15:58:58 | 000,088,688 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mgmt.sys -- (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) DRV - [2006.09.18 15:58:54 | 000,097,184 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdm.sys -- (SE27mdm) DRV - [2006.09.18 15:58:52 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27mdfl.sys -- (SE27mdfl) DRV - [2006.09.18 15:58:48 | 000,061,600 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SE27bus.sys -- (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) DRV - [2006.08.30 22:28:22 | 000,015,104 | ---- | M] (Copyright (C) Listan GmbH & Co.KG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\systormflb.sys -- (systormflb) DRV - [2006.08.11 15:56:36 | 000,008,192 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pfmodnt.sys -- (PfDetNT) DRV - [2006.08.11 15:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2006.08.11 15:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2006.08.11 15:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k) DRV - [2006.08.11 15:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2006.08.11 15:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k) DRV - [2006.08.11 15:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006.08.11 15:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2006.08.11 15:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006.08.11 15:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2006.07.02 00:30:28 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2006.05.22 06:40:30 | 000,017,152 | ---- | M] (T-Online International AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys -- (MIINPazX) DRV - [2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus) DRV - [2006.03.24 17:24:31 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2006.02.21 13:12:00 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2005.11.10 18:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x) DRV - [2005.10.22 13:38:21 | 000,108,032 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SSHDRV62.sys -- (SSHDRV62) DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata) DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2004.08.04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004.08.03 23:10:12 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883) DRV - [2004.08.03 23:10:12 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc) DRV - [2004.08.03 23:10:00 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV) DRV - [2004.08.03 23:04:34 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS) DRV - [2004.08.03 22:59:52 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2004.04.05 07:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Capi20.sys -- (CAPI20) DRV - [2004.01.26 17:36:35 | 000,095,552 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02) DRV - [2004.01.26 17:01:28 | 000,052,224 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06) DRV - [2003.12.17 09:50:00 | 000,070,801 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2) DRV - [2003.12.17 09:50:00 | 000,051,729 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2) DRV - [2003.12.17 09:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS -- (LHidUsb) DRV - [2003.12.17 09:50:00 | 000,025,505 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2) DRV - [2003.12.04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k) DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01) DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1) DRV - [2003.05.14 13:42:50 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum) DRV - [2003.05.14 13:42:48 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid) DRV - [2003.05.14 13:42:44 | 000,044,288 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore) DRV - [2003.04.17 12:19:02 | 000,120,732 | ---- | M] (DeTeWe Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ulisa.sys -- (ulisa) Telekom ISDN-Adapter (USB) DRV - [2003.03.19 13:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\detewecp.sys -- (DETEWECP) DRV - [2003.02.24 05:21:12 | 000,085,265 | R--- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\si3112r.sys -- (SI3112r) DRV - [2003.02.12 05:37:48 | 000,009,600 | R--- | M] (Silicon Image, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter) DRV - [2002.09.16 17:32:08 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI) DRV - [2002.06.10 14:20:56 | 000,044,544 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvce.sys -- (QCEmerald) Logitech QuickCam Web(PID_0850) DRV - [2002.06.10 14:20:32 | 000,034,816 | ---- | M] (Logitech Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\LVSound2.sys -- (lusbaudio) DRV - [2001.08.17 15:02:50 | 000,002,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HIDSwvd.sys -- (HIDSwvd) DRV - [2001.08.17 15:02:40 | 000,035,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msgame.sys -- (msgame) DRV - [2001.08.17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Firefox\extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: e:\Programme\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.04.27 21:03:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.25 13:30:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.20 05:44:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M] [2010.07.06 13:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions [2010.07.06 13:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions [2010.07.09 19:56:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2007.12.09 13:32:52 | 000,000,000 | ---D | M] (Biet-O-Matic Firefox Extension) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2007.10.20 13:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2008.09.21 10:35:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2010.09.19 16:56:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008.02.10 12:00:17 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\searchplugins\verleihshopde.xml [2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- c:\Programme\Mozilla Firefox\extensions [2010.02.28 12:50:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- c:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.25 13:30:23 | 000,001,392 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.25 13:30:23 | 000,002,344 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.25 13:30:23 | 000,006,805 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.25 13:30:23 | 000,001,178 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.25 13:30:24 | 000,001,105 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.06 20:24:55 | 000,000,137 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software) O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] c:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe () O4 - HKLM..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe (Xpertvision, Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\hio {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll (DigiOnline GmbH) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\host32.exe) - C:\WINDOWS\host32.exe File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell - "" = AutoRun O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell - "" = AutoRun O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (oodbs) - C:\WINDOWS\System32\oodbs.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: aaaaanonficker - C:\nonficker.dll () NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk - F:\Programme\Office-Bibliothek\PCLib.exe - () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation) Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems) Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll () Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave4 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave5 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave6 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave7 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 90 Days ========== [2010.10.13 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools [2010.10.13 10:02:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\btsv\Recent [2010.10.12 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira [2010.10.12 13:06:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\jh87uhnoe3 [2010.10.07 21:50:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.30 23:25:16 | 000,030,376 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys [2010.09.30 13:18:24 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll [2010.09.18 17:04:26 | 000,049,944 | ---- | C] (Tracker Software Products Ltd.) -- C:\WINDOWS\System32\pxc40pm.dll [2010.09.18 17:04:23 | 000,000,000 | ---D | C] -- c:\Programme\Tracker Software [2010.09.18 17:04:10 | 000,282,624 | ---- | C] (TODO: <회사 이름>) -- C:\WINDOWS\System32\TwdFilt.dll [2010.09.14 15:16:06 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys [2010.09.08 16:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions [2010.09.08 16:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\My Password Recovery [2010.08.31 11:58:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\StarCraft II [2010.08.31 11:58:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Blizzard Entertainment [2010.08.29 20:30:35 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Blizzard Entertainment [2010.08.03 12:23:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis [2010.08.03 12:05:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Untis [2010.07.20 09:18:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys [2010.07.20 09:18:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys [2010.07.20 09:18:58 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys [2010.07.20 09:18:58 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys [2010.07.20 09:18:57 | 000,000,000 | ---D | C] -- c:\Programme\Avira [2010.07.20 09:18:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira [2010.01.10 14:29:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe10.dll [2007.10.20 12:14:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.sys [2007.10.20 12:14:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.sys [2006.08.11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 90 Days ========== [2010.10.13 10:26:37 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip [2010.10.13 10:26:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe [2010.10.13 10:25:18 | 000,388,977 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe [2010.10.13 10:25:16 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [2010.10.13 10:04:45 | 000,000,160 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.10.13 10:04:26 | 000,271,830 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.10.13 10:04:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.10.12 13:20:45 | 000,002,425 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\ABBYY FineReader 8.0 Professional Edition.lnk [2010.10.12 13:11:43 | 000,002,403 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Paint Shop Pro 7.lnk [2010.10.12 08:25:14 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Skype.lnk [2010.10.11 21:58:19 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.10.11 21:24:04 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.10.07 21:51:12 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.10.07 21:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.03 11:45:12 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AnyDVD.lnk [2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys [2010.09.30 13:18:24 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll [2010.09.27 20:40:22 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Miranda IM.lnk [2010.09.25 09:15:58 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Game Jackal v4.lnk [2010.09.19 19:57:14 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010.09.18 17:04:02 | 000,000,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk [2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maploml.sys [2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys [2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys [2010.09.08 22:39:17 | 000,002,092 | ---- | M] () -- C:\WINDOWS\aopr.ini [2010.09.08 22:26:50 | 000,000,115 | ---- | M] () -- C:\WINDOWS\AWOPR.INI [2010.09.08 16:51:18 | 000,001,076 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Bernt-Notke-Schule laufende Bearbeitung 2009-2010_2.pwcx [2010.09.08 16:51:18 | 000,000,259 | ---- | M] () -- C:\WINDOWS\pwc62ud.INI [2010.09.04 12:57:08 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF [2010.09.03 21:30:53 | 000,151,496 | ---- | M] () -- C:\WINDOWS\System32\drivers\systormflb.pkg [2010.08.31 12:14:06 | 000,000,542 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk [2010.08.18 22:32:52 | 000,002,688 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw [2010.08.18 22:32:52 | 000,001,216 | ---- | M] () -- C:\WINDOWS\System32\history.aaw [2010.08.15 20:18:11 | 000,076,326 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Besoldungstab_SchleswigHolstein_010310.pdf [2010.08.07 11:11:28 | 000,006,097 | ---- | M] () -- C:\WINDOWS\cdplayer.ini [2010.08.03 12:05:18 | 000,000,546 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Untis 2011.lnk [2010.07.30 20:40:28 | 000,024,576 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\In Word kann man den Text in einem Textfeld oder in einer Tabelle drehen.doc [2010.07.29 09:03:38 | 000,002,393 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ACDSee 6.0.lnk [2010.07.26 18:00:10 | 000,081,920 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Wahlpflichtkurse-10_11-Wahlzettel_anonym.doc [2010.07.20 09:19:05 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk ========== Files Created - No Company Name ========== [2010.10.13 10:26:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe [2010.10.13 10:26:22 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip [2010.10.13 10:25:18 | 000,388,977 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe [2010.10.07 21:51:12 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.09.18 17:04:02 | 000,000,405 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk [2010.09.08 22:26:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\AWOPR.INI [2010.09.08 17:52:44 | 000,002,092 | ---- | C] () -- C:\WINDOWS\aopr.ini [2010.09.08 16:51:18 | 000,001,076 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Bernt-Notke-Schule laufende Bearbeitung 2009-2010_2.pwcx [2010.09.08 16:51:17 | 000,000,259 | ---- | C] () -- C:\WINDOWS\pwc62ud.INI [2010.08.31 11:58:05 | 000,000,542 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\StarCraft II.lnk [2010.08.15 20:18:11 | 000,076,326 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Besoldungstab_SchleswigHolstein_010310.pdf [2010.08.03 12:05:18 | 000,000,546 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Untis 2011.lnk [2010.07.30 20:40:28 | 000,024,576 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\In Word kann man den Text in einem Textfeld oder in einer Tabelle drehen.doc [2010.07.26 17:58:50 | 000,081,920 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Wahlpflichtkurse-10_11-Wahlzettel_anonym.doc [2010.07.20 09:19:05 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira AntiVir Control Center.lnk [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.02.01 20:35:14 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\_pdf_.prt [2010.01.26 21:30:06 | 000,000,435 | ---- | C] () -- C:\WINDOWS\MM2009Viewer.INI [2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL [2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL [2009.12.15 22:43:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2009.07.14 15:46:20 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Apache3.INI [2009.04.23 14:28:13 | 000,138,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.02.03 18:26:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys [2009.01.12 21:12:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.07.02 14:21:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\keytrans.ini [2008.05.21 20:00:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI [2008.05.21 08:03:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2008.04.10 20:46:32 | 000,001,165 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI [2008.02.28 17:54:21 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\acdfcbdad_r.dll [2008.02.21 22:24:27 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2008.02.21 22:24:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.02.21 22:23:48 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll [2008.02.21 22:23:48 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll [2008.02.19 21:40:47 | 000,000,551 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AutoGK.ini [2008.02.19 00:16:09 | 000,000,160 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008.02.17 17:05:18 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.02.02 16:13:18 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2008.02.02 11:17:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2008.01.09 13:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.01.02 12:00:43 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PnkBstrK.sys [2008.01.02 12:00:12 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2007.12.11 21:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.12.09 14:00:18 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2007.10.20 12:14:33 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.log [2007.10.20 12:14:31 | 000,007,861 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.cat [2007.10.20 12:14:30 | 000,001,104 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.inf [2007.10.20 12:14:30 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.ini [2007.10.20 12:14:30 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.log [2007.10.20 12:14:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.cat [2007.10.20 12:14:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.inf [2007.10.17 20:03:19 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.07.25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.09 20:25:06 | 000,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI [2007.04.09 23:13:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FightBoard.INI [2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006.11.10 15:26:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI [2006.10.14 15:01:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini [2006.08.11 16:14:08 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2006.08.11 16:14:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006.08.11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006.07.05 14:44:42 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006.05.29 08:15:26 | 000,003,206 | ---- | C] () -- C:\WINDOWS\tm.ini [2006.05.23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2006.03.24 17:24:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2006.03.24 17:24:31 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2006.03.11 12:43:38 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.02.04 21:27:43 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.01.29 15:37:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2006.01.09 16:42:07 | 000,000,557 | ---- | C] () -- C:\WINDOWS\ZEUGNIS3.INI [2006.01.04 14:31:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini [2006.01.03 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.01.03 20:25:20 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2005.11.11 14:47:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005.11.11 14:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005.10.31 23:03:24 | 000,006,097 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005.10.22 13:53:16 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2005.10.22 13:38:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys [2005.10.16 19:32:07 | 000,000,929 | ---- | C] () -- C:\WINDOWS\ARPR.INI [2005.09.24 10:38:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5_dlx.INI [2005.09.17 10:01:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI [2005.09.15 13:01:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI [2005.09.15 12:54:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.09.15 12:33:01 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini [2005.09.15 12:33:00 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2005.09.03 09:31:25 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005.08.17 17:41:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2005.08.16 18:44:34 | 000,073,216 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.08.15 13:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI [2005.08.12 16:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI [2005.08.12 15:54:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2005.08.12 14:47:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2005.08.12 14:42:42 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI [2005.08.12 14:41:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll [2005.08.12 14:41:59 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2005.08.12 14:36:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI [2005.08.12 14:25:56 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.08.12 14:00:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2005.08.12 13:58:36 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2005.08.12 13:40:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll [2005.08.11 23:10:30 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2005.08.11 22:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winpm.INI [2005.08.11 22:33:01 | 003,592,192 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll [2005.08.11 21:40:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2005.08.11 04:03:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2005.01.02 21:02:47 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2005.01.02 21:02:39 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2004.05.27 16:52:52 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\mslffv1.dll [2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2002.03.21 02:08:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll [2001.12.31 16:59:52 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2001.12.31 16:59:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2001.12.31 16:59:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2009.07.26 10:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2008.05.21 18:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astonsoft [2007.07.21 20:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2009.01.08 18:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2008.02.19 00:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes [2009.04.27 21:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2008.02.19 00:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2007.06.29 22:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2007.04.20 14:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2009.12.07 23:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2005.08.12 14:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.01.19 14:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems [2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis [2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS [2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus [2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent [2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM [2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo [2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic [2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools [2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro [2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner [2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH [2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune [2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla [2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis [2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn [2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView [2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc [2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech [2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX [2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008 [2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda [2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag [2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org [2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera [2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions [2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive [2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream [2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution [2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk [2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft [2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony [2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg [2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online [2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer [2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca [2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly [2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird [2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software [2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2005.08.12 16:08:25 | 000,000,000 | ---- | M] () -- C:\.officebib.history.dat [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2009.11.01 09:57:45 | 000,000,315 | RHS- | M] () -- C:\boot.ini [2001.08.18 12:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2005.10.22 13:54:01 | 000,000,299 | ---- | M] () -- C:\clony.txt [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2008.01.04 18:01:42 | 000,000,032 | ---- | M] () -- C:\csb.log [2009.11.23 22:55:39 | 000,000,000 | ---- | M] () -- C:\DTSHDSpOut.txt [2009.10.11 13:07:26 | 000,000,181 | ---- | M] () -- C:\InstallHelper.log [2005.08.11 21:10:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2005.08.12 14:40:07 | 000,002,695 | ---- | M] () -- C:\LGSInst.Log [2005.08.12 14:41:18 | 000,000,090 | ---- | M] () -- C:\LogiSetup.log [2010.10.12 19:51:50 | 000,000,158 | ---- | M] () -- C:\mbam-error.txt [2005.08.11 21:10:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2009.03.27 10:18:00 | 000,814,501 | ---- | M] () -- C:\nonficker.dll [2005.08.11 21:39:23 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2005.08.11 21:39:23 | 000,251,184 | RHS- | M] () -- C:\ntldr [2010.10.13 10:04:08 | 2146,938,880 | -HS- | M] () -- C:\pagefile.sys [2009.02.03 18:26:10 | 000,000,173 | ---- | M] () -- C:\pdisdk.log [2009.02.03 18:26:20 | 000,000,184 | ---- | M] () -- C:\pivot.log [2009.03.16 21:03:18 | 000,000,172 | ---- | M] () -- C:\TO_InstallLog.txt < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2006.04.19 20:21:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006.07.02 22:37:10 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006.04.19 20:21:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006.07.02 22:37:12 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2005.08.11 21:10:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2006.10.14 16:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll [2006.10.14 16:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2005.08.11 05:01:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005.08.11 05:01:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005.08.11 05:01:06 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\user32.dll /md5 > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2004.08.04 00:57:40 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=D569240A22421D5F670BB6FB6DD522B5 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2004.08.04 00:57:40 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=B3ADA72D1E3E10A8F6430669DFC38ED0 -- C:\WINDOWS\system32\ws2help.dll < MD5 for: EXPLORER.EXE > [2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: WINLOGON.EXE > [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Files - Unicode (All) ========== [2010.02.01 20:35:19 | 000,015,371 | ---- | M] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf [2010.02.01 20:35:19 | 000,015,371 | ---- | C] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schannel.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oodag.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ohci1394.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ACPI.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTSVCCDA.EXE:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\btsv\Startmenü\Programme\Autostart\desktop.ini:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS @Alternate Data Stream - 48 bytes -> C:\WINDOWS:414D5E5B2C7E43DC @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfwwdm32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oodagrs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msctf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzlnt04.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eumex4sp.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmXlCore.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmVirHid.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmBEnum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usb8023.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ulisa.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SSHDRV62.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\sr.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfhlp01.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prosync1.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prohlp02.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prodrv06.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LVSound2.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\lvce.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irsir.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HIDSwvd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GcKernel.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\disk.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\detewecp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Capi20.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\atapi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asfsipc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACDV.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12kCUusd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\regedit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\LOGI_MWX.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Eigene Dateien\desktop.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\TeamSpeak 2 RC2.lnk:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\(E).lnk:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\desktop.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966 @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\explorer.exe:KAVICHS < End of report > Geändert von glasnost (13.10.2010 um 09:42 Uhr) Grund: Neue Scans |
|
13.10.2010, 09:45
| #2 |
| | Backdoor.Bot ist nach jedem Neustart wieder da Und noch die Logfiles aus dem Extralog.OTL EXTRAS Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 13.10.10 10:32:07 - Run 1
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 79,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,69 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "e:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "e:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [Winamp.Bookmark] -- "e:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "e:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "e:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\Miranda IM\miranda32.exe" = F:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"E:\Programme\Valve\Steam\Steam.exe" = E:\Programme\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"f:\Programme\BitTorrent\bittorrent.exe" = f:\Programme\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"I:\Programme\Unreal Tournament 3\Binaries\UT3.exe" = I:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- File not found
"E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe" = H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood -- (Techland)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Sony Ericsson\Update Service\Update Service.exe" = E:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe" = E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO -- File not found
"E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II -- (THQ Canada Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9CBDA-5480-4FE8-BBC9-BE29BB8AB4C0}" =
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = Twin Digital GamePad
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{178A1098-E15E-4FCF-8748-B613DC687FF0}" = MarkAble
"{1850E508-D6C3-4820-AD23-7F73A2BC606C}_is1" = Elcomsoft Password Recovery Studio
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}" = ACDSee 6.0 PowerPack
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{347C6ECC-7DB2-49CC-A344-1FB0606DA662}" = WW-Essensplaner
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53480520-7555-470E-8C69-750B0472B4BB}" = O&O Defrag Professional Edition
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68F19BCC-49D3-49FF-BAAC-A147C66A9710}" = AMD Power Monitor
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1" = Opti Drive Control 1.47
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4729BF-0396-47EF-AA0B-3A04111F19F9}" = FightBoard Advanced 1.00
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"5A46830178E35AB63403A85E361CCD6FA32C9078" = Windows-Treiberpaket - Sony Ericsson (seehcri) USB (01/09/2008 1.1.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Anotha ID3 Editor" = Anotha ID3 Editor 1.51
"Anti-Twin 2009-04-29 20.45.46" = Anti-Twin (Installation 29.04.2009)
"AnyDVD" = AnyDVD
"ASAPI Update" = ASAPI Update
"Ashampoo Photo Optimizer FREE_is1" = Ashampoo Photo Optimizer FREE
"AudioConSole" = Creative-Audiokonsole
"Audiograbber" = Audiograbber 1.83 SE
"AutoGK" = Auto Gordian Knot 2.45
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus Vuze" = Azureus Vuze
"Bf2SP64 2.31" = Bf2SP64 2.31
"Biet-O-Matic v2.4.1" = Biet-O-Matic v2.4.1
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"BSPlayer1" = BSPlayer
"CDBF - DBF Viewer and Editor_is1" = Version 1.45.01
"CDex" = CDex extraction audio
"Clean 5" = Clean 5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Das Neue Dr.Brain Gehirn Jogging" = Das Neue Dr.Brain Gehirn Jogging
"DBF Viewer 2000" = DBF Viewer 2000 2.45
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DirectVobSub" = DirectVobSub (remove only)
"DVD Identifier_is1" = DVD Identifier
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4
"fotocommunity" = fotocommunity
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeFileSync" = FreeFileSync
"Game Jackal v4_is1" = Game Jackal v4.1.0.8 (32 bit)
"GameSpy Arcade" = GameSpy Arcade
"Geschichtslexikon" = Geschichtslexikon
"GUI for dvdauthor" = GUI for dvdauthor 1.04
"Hamachi" = Hamachi 1.0.3.0
"HD Tune_is1" = HD Tune 2.54
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"iDump" = iDump v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5.5
"jv16 PowerTools_is1" = jv16 PowerTools 2007
"KeyView for Lotus" = KeyView for Lotus 97
"LabelEditor" = Label Editor
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Music Manager" = MAGIX Music Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Miranda IM" = Miranda IM 0.9.4
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.41
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"PDFCreator Toolbar" = PDFCreator Toolbar
"Photo to Sketch Pro_is1" = Photo to Sketch Pro 3.6
"Picasa 3" = Picasa 3
"Product_Name" = sbPlus
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SCHLECKER Foto-Digital-Service" = SCHLECKER Foto-Digital-Service
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007
"SiSoftware Sandra Professional_is1" = SiSoftware Sandra Professional 2003
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Untis 2011" = Untis 2011
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WaveLabLite" = WaveLab Lite
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Weight Watchers MP5_is1" = Weight Watchers MP5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Winamp 5.02 Deutsche Sprachdatei v14" = Deutsche Sprachdatei für Winamp 5.02 v14
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WW3C" = WebWeaver Client
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.0.5.3
"xp-AntiSpy" = xp-AntiSpy 3.94-2
"XpertVision_is1" = XpertVision 5.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XVid;-)" = XVid;-)
"XviD_is1" = XviD MPEG-4 Video Codec
"XviDDec" = Nic's XviD Decoder
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player German language (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Sansa Updater" = Sansa Updater
"Skat-Online V4" = Skat-Online V4
"Skat-Online V7" = Skat-Online V7
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Creative Service for CDROM Access" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Portrait Displays Display Tune Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Game Jackal Server" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Sony Ericsson OMSI download service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
< End of report >
|
|
13.10.2010, 10:53
| #3 |
| /// Malware-holic   | Backdoor.Bot ist nach jedem Neustart wieder da wo ist das Malwarebytes log?
__________________bitte otl wie folgt laufen lassen: ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt bitte beide posten |
|
13.10.2010, 11:15
| #4 |
| | Backdoor.Bot ist nach jedem Neustart wieder da Äh, die Logs von Malwarebytes habe ich doch angehängt... |
|
13.10.2010, 11:39
| #5 |
| /// Malware-holic | Backdoor.Bot ist nach jedem Neustart wieder da übersehen. malwarebytes, update, komplett scan und das neue log posten |
|
13.10.2010, 19:38
| #6 |
| | Backdoor.Bot ist nach jedem Neustart wieder da Neue Logs:OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.10.10 12:11:32 - Run 2 OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy 2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free Paging file location(s): C:\pagefile.sys 0 0 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme Drive C: | 19,53 Gb Total Space | 4,66 Gb Free Space | 23,87% Space Free | Partition Type: NTFS Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS Computer Name: xxx | User Name: Max mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - c:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - c:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - c:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Creative\SBAudigy2ZS\Surround Mixer\SurMixer.exe (Creative Technology Ltd) PRC - C:\Programme\Creative\SBAudigy2ZS\Speaker Settings\SpkSet.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\btsv\Desktop\MFTools\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (GJService) -- E:\Programme\SlySoft\Game Jackal\Game Jackal v4\Server.exe () SRV - (AntiVirService) -- c:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- c:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe () SRV - (aaaaanonficker) -- C:\nonficker.dll () SRV - (getPlus(R) Helper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.) SRV - (DTSRVC) -- C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DTSRVC.exe () SRV - (aawservice) -- C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (O&O Defrag) -- C:\WINDOWS\system32\oodag.exe (O&O Software GmbH) SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (xmasscsi) -- C:\WINDOWS\System32\Drivers\xmasscsi.sys File not found DRV - (vaxscsi) -- C:\WINDOWS\System32\Drivers\vaxscsi.sys File not found DRV - (AMDPCI) -- e:\Temp\AMDPCI.sys File not found DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (MaplomL) -- C:\WINDOWS\System32\drivers\maploml.sys (SlySoft Inc.) DRV - (Maplom) -- C:\WINDOWS\System32\drivers\maplom.sys (SlySoft Inc.) DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (avgio) -- c:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation) DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation) DRV - (ezplay) -- C:\WINDOWS\system32\drivers\ezplay.sys (VSO Software) DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys () DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (teamviewervpn) -- C:\WINDOWS\system32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (SIVDRIVER) -- C:\WINDOWS\system32\drivers\SIVX32.sys (Ray Hinchliffe) DRV - (s3017unic) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM) -- C:\WINDOWS\system32\drivers\s3017unic.sys (MCCI Corporation) DRV - (s3017obex) -- C:\WINDOWS\system32\drivers\s3017obex.sys (MCCI Corporation) DRV - (s3017mgmt) Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s3017mgmt.sys (MCCI Corporation) DRV - (s3017nd5) Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS) -- C:\WINDOWS\system32\drivers\s3017nd5.sys (MCCI Corporation) DRV - (s3017mdm) -- C:\WINDOWS\system32\drivers\s3017mdm.sys (MCCI Corporation) DRV - (s3017mdfl) -- C:\WINDOWS\system32\drivers\s3017mdfl.sys (MCCI Corporation) DRV - (s3017bus) Sony Ericsson Device 3017 driver (WDM) -- C:\WINDOWS\system32\drivers\s3017bus.sys (MCCI Corporation) DRV - (MarkFun_NT) -- C:\Programme\GIGABYTE\@BIOS\markfun.w32 (Windows (R) 2000 DDK provider) DRV - (AmdLLD) -- C:\WINDOWS\system32\drivers\AmdLLD.sys (AMD, Inc.) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech Inc.) DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation) DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation) DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation) DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation) DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation) DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation) DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation) DRV - (TBPanel) -- C:\WINDOWS\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (Cardex) -- C:\WINDOWS\system32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (ElbyCDFL) -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (Pivot) -- C:\WINDOWS\system32\drivers\pivot.sys (Portrait Displays, Inc.) DRV - (pivotmou) -- C:\WINDOWS\system32\drivers\pivotmou.sys (Portrait Displays, Inc.) DRV - (PdiPorts) -- C:\WINDOWS\system32\drivers\PdiPorts.sys (Portrait Displays, Inc.) DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI) DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI) DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI) DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI) DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI) DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI) DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI) DRV - (systormflb) -- C:\WINDOWS\system32\drivers\systormflb.sys (Copyright (C) Listan GmbH & Co.KG) DRV - (PfDetNT) -- C:\WINDOWS\system32\drivers\pfmodnt.sys (Creative Technology Ltd.) DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd) DRV - (hap17v2k) -- C:\WINDOWS\system32\drivers\haP17v2k.sys (Creative Technology Ltd) DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd) DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\haP16v2k.sys (Creative Technology Ltd) DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd) DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd) DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices) DRV - (MIINPazX) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys (T-Online International AG, Marmiko IT-Solutions GmbH) DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation) DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd) DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology) DRV - (SSHDRV62) -- C:\WINDOWS\system32\drivers\SSHDRV62.sys () DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (nvata) -- C:\WINDOWS\system32\DRIVERS\nvata.sys (NVIDIA Corporation) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation) DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (CAPI20) -- C:\WINDOWS\system32\drivers\Capi20.sys (DeTeWe Berlin) DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology) DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology) DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys (Logitech, Inc.) DRV - (L8042pr2) -- C:\WINDOWS\system32\drivers\L8042pr2.Sys (Logitech, Inc.) DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\LHIDUSB.SYS (Logitech, Inc.) DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.) DRV - (ASAPIW2k) -- C:\WINDOWS\system32\drivers\asapiW2k.sys (Pinnacle Systems GmbH) DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology) DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology) DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.) DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.) DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.) DRV - (ulisa) Telekom ISDN-Adapter (USB) -- C:\WINDOWS\system32\drivers\ulisa.sys (DeTeWe Berlin) DRV - (DETEWECP) -- C:\WINDOWS\System32\drivers\detewecp.sys (DeTeWe Berlin) DRV - (SI3112r) -- C:\WINDOWS\system32\DRIVERS\si3112r.sys (Silicon Image, Inc) DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.) DRV - (PQNTDrv) -- C:\WINDOWS\System32\drivers\PQNTDRV.sys (PowerQuest Corporation) DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (QCEmerald) Logitech QuickCam Web(PID_0850) -- C:\WINDOWS\system32\drivers\lvce.sys (Logitech Inc.) DRV - (lusbaudio) -- C:\WINDOWS\system32\drivers\LVSound2.sys (Logitech Inc.) DRV - (HIDSwvd) -- C:\WINDOWS\system32\drivers\HIDSwvd.sys (Microsoft Corporation) DRV - (msgame) -- C:\WINDOWS\system32\drivers\msgame.sys (Microsoft Corporation) DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.mini20.com/ IE - HKU\S-1-5-21-746137067-583907252-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: support@pdfcreator-toolbar.org:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Firefox\extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: e:\Programme\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.04.27 21:03:01 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.09.25 13:30:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.09.20 05:44:14 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.10.07 21:51:12 | 000,000,000 | ---D | M] [2010.07.06 13:14:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions [2010.07.06 13:14:26 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions [2010.07.09 19:56:41 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2007.12.09 13:32:52 | 000,000,000 | ---D | M] (Biet-O-Matic Firefox Extension) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2007.10.20 13:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66} [2008.09.21 10:35:58 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} [2010.09.19 16:56:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2008.02.10 12:00:17 | 000,001,670 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla\Firefox\Profiles\2d9y23yu.default\searchplugins\verleihshopde.xml [2010.10.13 09:32:50 | 000,000,000 | ---D | M] -- c:\Programme\Mozilla Firefox\extensions [2010.02.28 12:50:41 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- c:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.09.25 13:30:23 | 000,001,392 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.09.25 13:30:23 | 000,002,344 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.09.25 13:30:23 | 000,006,805 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.09.25 13:30:23 | 000,001,178 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.09.25 13:30:24 | 000,001,105 | ---- | M] () -- c:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.02.06 20:24:55 | 000,000,137 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - e:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software) O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - c:\Programme\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () O3 - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\Toolbar\WebBrowser: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - No CLSID value found. O3 - HKU\S-1-5-21-746137067-583907252-682003330-1003\..\Toolbar\WebBrowser: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] c:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DT HPW] C:\Programme\Gemeinsame Dateien\Portrait Displays\Shared\DT_startup.exe () O4 - HKLM..\Run: [FightBoard] e:\Programme\REVOLTEC\FightBoard Advanced 1.00\FightBoard.exe () O4 - HKLM..\Run: [Gainward] c:\Programme\XpertVision\TBPanel.exe (Xpertvision, Inc.) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.) O4 - HKLM..\Run: [Logitech Utility] C:\WINDOWS\LOGI_MWX.EXE (Logitech Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] File not found O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = E:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = B1 00 00 00 [binary data] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\hio {755F9D06-1AF6-43D0-9832-42D83A1061A9} - C:\Programme\Gemeinsame Dateien\DigiOnline GmbH\HierObjects.dll (DigiOnline GmbH) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\host32.exe) - C:\WINDOWS\host32.exe File not found O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2005.08.11 21:10:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell - "" = AutoRun O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{820b443e-32c7-11db-9dab-000fea271508}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell - "" = AutoRun O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d63c2e38-d82b-11da-9379-000fea271508}\Shell\AutoRun\command - "" = G:\autorun\autorun.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (oodbs) - C:\WINDOWS\System32\oodbs.exe (O&O Software GmbH) O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: aaaaanonficker - C:\nonficker.dll () NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Adobe Reader - Schnellstart.lnk - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE - File not found MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Office-Bibliothek-Direktsuche.lnk - F:\Programme\Office-Bibliothek\PCLib.exe - () MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 2 MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vds - Service SafeBootMin: vga.sys - Driver SafeBootMin: WdfLoadGroup - SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: aawservice - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft) SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: nm - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: nm.sys - C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: UploadMgr - Service SafeBootNet: vga.sys - Driver SafeBootNet: WdfLoadGroup - SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML) ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Sicherheitsupdate für Windows XP (KB913433) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.4 ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.4 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offlinebrowsingpaket ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer-Hilfe ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsererweiterungen ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - Zugang zu MSN Site ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML-Datenbindung ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Programme\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer-Hauptschriftarten ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML-Hilfe ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.) Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: VIDC.PIM1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems) Drivers32: VIDC.XFR1 - C:\WINDOWS\System32\xfcodec.dll () Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Error starting restore point: System Restore is disabled. Error closing restore point: System Restore is disabled. ========== Files/Folders - Created Within 30 Days ========== [2010.10.13 10:44:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer [2010.10.13 10:26:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Desktop\MFTools [2010.10.13 10:02:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\btsv\Recent [2010.10.12 13:31:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira [2010.10.12 13:06:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\jh87uhnoe3 [2010.10.07 21:50:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.09.30 23:25:16 | 000,030,376 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys [2010.09.30 13:18:24 | 000,089,256 | ---- | C] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll [2010.09.18 17:04:26 | 000,049,944 | ---- | C] (Tracker Software Products Ltd.) -- C:\WINDOWS\System32\pxc40pm.dll [2010.09.18 17:04:23 | 000,000,000 | ---D | C] -- c:\Programme\Tracker Software [2010.09.18 17:04:10 | 000,282,624 | ---- | C] (TODO: <회사 이름>) -- C:\WINDOWS\System32\TwdFilt.dll [2010.09.14 15:16:06 | 000,108,480 | ---- | C] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys [2010.01.10 14:29:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpe10.dll [2007.10.20 12:14:30 | 000,094,208 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.sys [2007.10.20 12:14:25 | 000,047,360 | ---- | C] (VSO Software) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.sys [2006.08.11 15:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll ========== Files - Modified Within 30 Days ========== [2010.10.13 11:03:13 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000008-00001102-00000004-20021102}.CDF [2010.10.13 10:26:37 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip [2010.10.13 10:26:37 | 000,050,477 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe [2010.10.13 10:25:18 | 000,388,977 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe [2010.10.13 10:25:16 | 000,000,558 | ---- | M] () -- C:\WINDOWS\DFC.INI [2010.10.13 10:04:45 | 000,000,160 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2010.10.13 10:04:26 | 000,271,830 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010.10.13 10:04:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,032,592 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,032,088 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000008-00001102-00000004-20021102}.rfx [2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2010.10.13 10:02:38 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2010.10.12 13:20:45 | 000,002,425 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\ABBYY FineReader 8.0 Professional Edition.lnk [2010.10.12 13:11:43 | 000,002,403 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Paint Shop Pro 7.lnk [2010.10.12 08:25:14 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Skype.lnk [2010.10.11 21:58:19 | 000,234,280 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2010.10.11 21:24:04 | 000,137,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2010.10.07 21:51:12 | 000,001,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.10.07 21:38:08 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.10.03 11:45:12 | 000,000,626 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AnyDVD.lnk [2010.09.30 23:25:16 | 000,030,376 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\drivers\ElbyCDIO.sys [2010.09.30 13:18:24 | 000,089,256 | ---- | M] (Elaborate Bytes AG) -- C:\WINDOWS\System32\ElbyCDIO.dll [2010.09.27 20:40:22 | 000,000,575 | ---- | M] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Miranda IM.lnk [2010.09.25 09:15:58 | 000,000,699 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Game Jackal v4.lnk [2010.09.19 19:57:14 | 000,001,125 | ---- | M] () -- C:\WINDOWS\winamp.ini [2010.09.18 17:04:02 | 000,000,405 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk [2010.09.15 18:42:18 | 000,046,528 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maploml.sys [2010.09.15 10:35:32 | 000,030,144 | ---- | M] (SlySoft Inc.) -- C:\WINDOWS\System32\drivers\maplom.sys [2010.09.14 15:16:06 | 000,108,480 | ---- | M] (SlySoft, Inc.) -- C:\WINDOWS\System32\drivers\AnyDVD.sys ========== Files Created - No Company Name ========== [2010.10.13 10:26:23 | 000,050,477 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\defogger.exe [2010.10.13 10:26:22 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Gmer.zip [2010.10.13 10:25:18 | 000,388,977 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Desktop\Load.exe [2010.10.07 21:51:12 | 000,001,709 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Adobe Reader 9.lnk [2010.09.18 17:04:02 | 000,000,405 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\MindMapper 2009.lnk [2010.09.08 22:26:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\AWOPR.INI [2010.09.08 17:52:44 | 000,002,092 | ---- | C] () -- C:\WINDOWS\aopr.ini [2010.09.08 16:51:17 | 000,000,259 | ---- | C] () -- C:\WINDOWS\pwc62ud.INI [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll [2010.02.01 20:35:14 | 000,000,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\_pdf_.prt [2010.01.26 21:30:06 | 000,000,435 | ---- | C] () -- C:\WINDOWS\MM2009Viewer.INI [2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\System32\TEVPXCW60.DLL [2009.12.15 22:43:19 | 000,000,039 | ---- | C] () -- C:\WINDOWS\TDEVXCW60.DLL [2009.12.15 22:43:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2009.07.14 15:46:20 | 000,000,119 | ---- | C] () -- C:\WINDOWS\Apache3.INI [2009.04.23 14:28:13 | 000,138,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2009.04.22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009.02.03 18:26:19 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys [2009.01.12 21:12:50 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2008.07.02 14:21:33 | 000,000,020 | ---- | C] () -- C:\WINDOWS\keytrans.ini [2008.05.21 20:00:42 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI [2008.05.21 08:03:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI [2008.04.10 20:46:32 | 000,001,165 | ---- | C] () -- C:\WINDOWS\APDFPRP.INI [2008.02.28 17:54:21 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\acdfcbdad_r.dll [2008.02.21 22:24:27 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll [2008.02.21 22:24:27 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2008.02.21 22:23:48 | 000,151,040 | -HS- | C] () -- C:\WINDOWS\System32\VistaUltm.dll [2008.02.21 22:23:48 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\Smab0.dll [2008.02.19 21:40:47 | 000,000,551 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AutoGK.ini [2008.02.19 00:16:09 | 000,000,160 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib [2008.02.17 17:05:18 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2008.02.02 16:13:18 | 000,000,558 | ---- | C] () -- C:\WINDOWS\DFC.INI [2008.02.02 11:17:35 | 000,024,576 | ---- | C] () -- C:\WINDOWS\CTXFIGER.DLL [2008.01.09 13:18:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008.01.02 12:00:43 | 000,138,056 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PnkBstrK.sys [2008.01.02 12:00:12 | 000,000,311 | ---- | C] () -- C:\WINDOWS\game.ini [2007.12.11 21:43:44 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007.12.09 14:00:18 | 000,015,873 | ---- | C] () -- C:\WINDOWS\System32\Inetde.dll [2007.10.20 12:14:33 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.log [2007.10.20 12:14:31 | 000,007,861 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.cat [2007.10.20 12:14:30 | 000,001,104 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.inf [2007.10.20 12:14:30 | 000,000,125 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ezplay.ini [2007.10.20 12:14:30 | 000,000,033 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.log [2007.10.20 12:14:25 | 000,007,887 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.cat [2007.10.20 12:14:25 | 000,001,144 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\pcouffin.inf [2007.10.17 20:03:19 | 000,137,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2007.07.25 15:24:28 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2007.07.09 20:25:06 | 000,015,852 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI [2007.04.09 23:13:27 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FightBoard.INI [2007.03.10 13:51:48 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2006.11.10 15:26:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\onlineeye.INI [2006.10.14 15:01:13 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\peer.ini [2006.08.11 16:14:08 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2006.08.11 16:14:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2006.08.11 15:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006.07.05 14:44:42 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache [2006.05.29 08:15:26 | 000,003,206 | ---- | C] () -- C:\WINDOWS\tm.ini [2006.05.23 13:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2006.03.24 17:24:31 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2006.03.24 17:24:31 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2006.03.11 12:43:38 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html [2006.02.04 21:27:43 | 000,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys [2006.01.29 15:37:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll [2006.01.09 16:42:07 | 000,000,557 | ---- | C] () -- C:\WINDOWS\ZEUGNIS3.INI [2006.01.04 14:31:32 | 000,000,046 | ---- | C] () -- C:\WINDOWS\hmview.ini [2006.01.03 21:05:28 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2006.01.03 20:25:20 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2005.11.11 14:47:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll [2005.11.11 14:47:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2005.10.31 23:03:24 | 000,006,097 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005.10.22 13:53:16 | 000,000,243 | ---- | C] () -- C:\WINDOWS\Clony2.ini [2005.10.22 13:38:21 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV62.sys [2005.10.16 19:32:07 | 000,000,929 | ---- | C] () -- C:\WINDOWS\ARPR.INI [2005.09.24 10:38:14 | 000,000,316 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos4_5_dlx.INI [2005.09.17 10:01:27 | 000,000,046 | ---- | C] () -- C:\WINDOWS\mxcdr.INI [2005.09.15 13:01:59 | 000,000,249 | ---- | C] () -- C:\WINDOWS\homeDVD-Fotos3_5_dlx.INI [2005.09.15 12:54:21 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2005.09.15 12:33:01 | 000,000,085 | ---- | C] () -- C:\WINDOWS\magix.ini [2005.09.15 12:33:00 | 000,001,208 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini [2005.09.03 09:31:25 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005.08.17 17:41:34 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI [2005.08.16 18:44:34 | 000,073,216 | ---- | C] () -- C:\Dokumente und Einstellungen\btsv\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005.08.15 13:54:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Classic.INI [2005.08.12 16:35:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ui.INI [2005.08.12 15:54:20 | 000,000,109 | ---- | C] () -- C:\WINDOWS\oodcnt.INI [2005.08.12 14:47:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys [2005.08.12 14:42:42 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI [2005.08.12 14:41:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LVUI2RC.dll [2005.08.12 14:41:59 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2005.08.12 14:36:27 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WINPHONE.INI [2005.08.12 14:25:56 | 000,000,506 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005.08.12 14:00:47 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI [2005.08.12 13:58:36 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2005.08.12 13:40:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\12kCUusd.dll [2005.08.11 23:10:30 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll [2005.08.11 22:35:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winpm.INI [2005.08.11 22:33:01 | 003,592,192 | ---- | C] () -- C:\WINDOWS\System32\qt-mt323.dll [2005.08.11 21:40:48 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll [2005.08.11 04:03:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2005.08.10 00:13:31 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll [2005.08.10 00:13:31 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll [2005.06.16 19:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2005.01.02 21:02:47 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\Tx32.dll [2005.01.02 21:02:39 | 000,000,478 | ---- | C] () -- C:\WINDOWS\System32\ic32.ini [2004.05.27 16:52:52 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\mslffv1.dll [2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll [2002.03.21 14:39:02 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL [2002.03.21 02:08:47 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll [2002.03.20 21:01:06 | 000,006,688 | R--- | C] () -- C:\WINDOWS\System32\Digita.sys [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportUSB.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportSerial.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrDA.dll [2002.03.20 21:00:20 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\TransportIrCOMM.dll [2001.12.31 16:59:52 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll [2001.12.31 16:59:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll [2001.12.31 16:59:40 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll [1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll [1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll ========== LOP Check ========== [2009.02.25 18:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DisplayTune [2009.07.26 10:06:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ACD Systems [2008.05.21 18:18:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Astonsoft [2007.07.21 20:23:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Azureus [2009.01.08 18:26:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BVRP Software [2008.02.19 00:17:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Elaborate Bytes [2009.04.27 21:14:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2008.02.19 00:16:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SlySoft [2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2007.06.29 22:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2007.04.20 14:36:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Teleca [2009.12.07 23:41:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2005.08.12 14:28:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software [2009.01.19 14:08:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ubisoft [2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems [2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis [2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS [2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus [2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent [2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM [2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo [2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic [2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools [2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro [2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner [2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH [2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune [2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla [2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis [2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn [2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView [2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc [2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech [2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX [2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008 [2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda [2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag [2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org [2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera [2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions [2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive [2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream [2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution [2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk [2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft [2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony [2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg [2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online [2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer [2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca [2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly [2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird [2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software [2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2006.03.07 16:18:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ABBYY [2005.08.17 14:23:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ACD Systems [2005.08.11 23:12:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Acronis [2008.04.05 14:12:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Adobe [2008.01.05 11:53:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AdobeUM [2009.11.23 22:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\AKVIS [2006.03.23 18:13:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Apple Computer [2010.10.12 13:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Avira [2009.12.07 15:37:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Azureus [2007.07.21 14:06:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BitTorrent [2007.12.10 23:07:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\BOM [2007.04.21 23:36:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars [2007.03.03 13:49:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Command & Conquer 3 Tiberium Wars Demo [2010.04.04 18:34:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Copernic [2008.02.02 11:18:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Creative [2008.02.11 21:37:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools [2007.10.20 13:39:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DAEMON Tools Pro [2008.05.21 18:24:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DeepBurner [2008.02.21 18:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DigiOnline GmbH [2009.02.03 18:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DisplayTune [2007.01.06 09:11:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\DivX [2010.10.13 10:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\dvdcss [2009.04.26 09:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\FileZilla [2006.07.20 00:32:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Google [2010.08.03 12:35:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\gp-Untis [2009.02.05 23:16:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Hamachi [2005.08.12 13:47:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Help [2005.08.11 21:17:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Identities [2010.03.01 20:36:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ImgBurn [2008.04.25 15:01:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\InstallShield [2008.02.12 16:20:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\InstallShield Installation Information [2009.07.26 10:00:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\IrfanView [2006.06.15 20:19:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Jasc [2008.02.27 18:40:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Lavasoft [2008.04.25 15:03:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Leadertech [2008.04.25 15:04:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Logitech [2005.08.12 16:14:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Macromedia [2005.09.24 13:18:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MAGIX [2010.04.13 15:20:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Malwarebytes [2009.04.23 20:46:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Media Player Classic [2009.12.29 00:44:30 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft [2009.09.01 22:20:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\MindMapper 2008 [2010.09.02 19:23:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Miranda [2005.08.11 23:03:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mozilla [2006.04.14 23:16:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Mp3tag [2010.04.19 18:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\NVIDIA [2009.02.26 19:09:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\OpenOffice.org [2008.09.06 10:52:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Opera [2010.09.08 16:32:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Password Solutions [2006.10.14 14:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\PPLive [2009.07.14 12:40:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\ppstream [2009.04.27 21:04:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\RapidSolution [2006.10.14 15:18:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Real [2008.10.16 12:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SanDisk [2007.04.09 23:13:34 | 000,000,000 | RH-D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SecuROM [2010.10.12 08:54:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Skype [2010.10.12 08:26:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\skypePM [2009.03.09 21:27:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\SlySoft [2009.04.23 19:49:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony [2007.04.20 14:37:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sony Ericsson [2005.11.05 20:07:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Steinberg [2005.08.23 14:14:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Sun [2006.01.03 20:26:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\T-Online [2006.01.22 11:46:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Talkback [2010.10.12 19:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\teamspeak2 [2009.01.21 18:52:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TeamViewer [2007.04.20 14:40:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Teleca [2010.02.24 16:30:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\The Creative Assembly [2010.07.06 13:14:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Thunderbird [2005.08.12 14:27:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\TuneUp Software [2009.06.28 19:50:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\U3 [2008.05.21 20:35:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\vlc [2008.02.12 20:54:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Vso [2010.10.12 10:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Xfire < %APPDATA%\*.exe /s > [2005.08.12 15:26:37 | 000,015,872 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe [2006.04.15 18:41:31 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{178A1098-E15E-4FCF-8748-B613DC687FF0}\_18be6784.exe [2006.04.15 18:41:31 | 000,001,078 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{178A1098-E15E-4FCF-8748-B613DC687FF0}\_294823.exe [2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_18be6784.exe [2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_294823.exe [2010.05.01 15:32:22 | 000,000,766 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{347C6ECC-7DB2-49CC-A344-1FB0606DA662}\_4ae13d6c.exe [2008.04.25 15:03:52 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe [2008.04.25 15:02:03 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{56918C0C-0D87-4CA6-92BF-4975A43AC719}\ARPPRODUCTICON.exe [2008.04.25 15:03:10 | 000,010,134 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe [2006.03.07 16:13:44 | 000,025,214 | R--- | M] () -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ARPPRODUCTICON.exe [2006.03.07 16:13:44 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_FineReader.exe [2006.03.07 16:13:44 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\Microsoft\Installer\{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}\ICON_ScreenshotReader.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys < MD5 for: ATAPI.SYS > [2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2002.08.29 03:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys [2004.08.04 01:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys [2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys < MD5 for: EVENTLOG.DLL > [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2004.08.04 00:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\system32\eventlog.dll [2002.08.29 03:43:22 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=B9358A1FB66CF656328FD8B792B2CCC4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: EXPLORER.EXE > [2002.08.29 03:43:36 | 001,007,104 | ---- | M] (Microsoft Corporation) MD5=22B0A56E6C5847292437078B484EC61B -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\explorer.exe [2004.08.04 00:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe < MD5 for: NETLOGON.DLL > [2002.08.29 03:43:26 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=BCA549B21E651111CE7BAD0FC8C45F4B -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2004.08.04 00:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\system32\netlogon.dll < MD5 for: NVATA.SYS > [2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys [2005.05.17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0030\DriverFiles\nvata.sys < MD5 for: NVATABUS.SYS > [2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys [2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\ReinstallBackups\0020\DriverFiles\nvatabus.sys [2004.09.02 09:24:38 | 000,082,816 | R--- | M] (NVIDIA Corporation) MD5=EEABD98AA887DD923546F20D400B2907 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvatabus.sys < MD5 for: NVGTS.SYS > [2008.08.18 19:54:00 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=EA98BFE4931BD13D747D647C1859796E -- C:\WINDOWS\system32\drivers\nvgts.sys < MD5 for: SCECLI.DLL > [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2004.08.04 00:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\system32\scecli.dll [2002.08.29 03:43:30 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=ADD49C10F5DADFA81912D124FE1C9A99 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll < MD5 for: USER32.DLL > [2005.03.02 20:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\system32\user32.dll [2005.03.02 20:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\$NtUninstallKB890859$\user32.dll [2004.08.04 00:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\WINDOWS\ServicePackFiles\i386\user32.dll [2002.08.29 03:43:32 | 000,561,664 | ---- | M] (Microsoft Corporation) MD5=E3DAFFDB1C86C1AEAC1B205F6CF67009 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll < MD5 for: USERINIT.EXE > [2002.08.29 03:43:42 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=BEBD3F08461F9A88E5ABCE0CB9707000 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe [2004.08.04 00:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\system32\userinit.exe < MD5 for: WINLOGON.EXE > [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe [2004.08.04 00:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\system32\winlogon.exe [2002.08.29 03:43:42 | 000,521,728 | ---- | M] (Microsoft Corporation) MD5=616896B708286DA98D6A099293F181D7 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe < MD5 for: WS2IFSL.SYS > [2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys [2001.08.18 12:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2008.02.11 19:14:45 | 000,716,272 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys < %systemroot%\System32\config\*.sav > [2005.08.11 05:01:06 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005.08.11 05:01:06 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005.08.11 05:01:06 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Files - Unicode (All) ========== [2010.02.01 20:35:19 | 000,015,371 | ---- | M] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf [2010.02.01 20:35:19 | 000,015,371 | ---- | C] ()(C:\Dokumente und Einstellungen\btsv\Eigene Dateien\?Interpretationshilfe_Farben.pdf) -- C:\Dokumente und Einstellungen\btsv\Eigene Dateien\Interpretationshilfe_Farben.pdf ========== Alternate Data Streams ========== @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wtsapi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\wsock32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winspool.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winscard.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\winlogon.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\vct3216.acm:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\uxtheme.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sxs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\svchost.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\smss.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\shsvcs.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sfc.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\services.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\sens.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\secur32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\schannel.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\rasapi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\psapi.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\oodag.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ntdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\netshell.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msvcrt.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msutb.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msimg32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msiexec.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\msacm32.drv:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\midimap.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\lsass.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\imm32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\processr.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ohci1394.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\nic1394.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\drivers\mssmbios.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\DRIVERS\ACPI.sys:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\CTSVCCDA.EXE:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\ctfmon.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\csrss.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\cscdll.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\apphelp.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\WINDOWS\System32\advapi32.dll:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\btsv\Startmenü\Programme\Autostart\desktop.ini:KAVICHS @Alternate Data Stream - 68 bytes -> C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini:KAVICHS @Alternate Data Stream - 48 bytes -> C:\WINDOWS:414D5E5B2C7E43DC @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\xpsp2res.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wzcsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshtcpip.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshirda.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshext.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wshde.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2help.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ws2_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wmi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wlnotify.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wldap32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wkssvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wintrust.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winsta.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winrnr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winmm.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winipsec.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\winhttp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\win32spl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiavusd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wiaservc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wfwnet.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\webcheck.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\wdigest.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\w32time.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vssapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vga.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\vfwwdm32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\version.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\userenv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\usbmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ups.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\upnp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\uniplat.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdmat.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\unimdm.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tssoft32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tsbyuv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\trkwks.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tlntsvr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\timer.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\themeui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\termsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tcpmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapisrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\tapi32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\system.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stobject.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\stdole32.tlb:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ssdpapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\srclient.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\spoolss.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sound.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\smlogsvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sl_anet.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shmgrate.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shimeng.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shfolder.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shellstyle.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\shdoclc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sfc_os.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sessmgr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\sensapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\seclogon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scesrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scecli.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\scardsvr.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\samlib.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rundll32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rtutils.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsvp.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rsaenh.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\riched20.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\resutils.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvr32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\regapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastls.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rastapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasppp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasman.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\rasdlg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\raschap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pstorsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\psbase.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\progman.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\profmap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\powrprof.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\pjlmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\perfproc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oodagrs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\olepro32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oledlg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oleaut32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbcint.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\odbc32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\oakley.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntshrui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntmarta.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntlanman.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ntdsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\notepad.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netui0.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netrap.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netlogon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netdde.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\netcfgx.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ndptsp.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\nddeapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ncobjapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mydocs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msyuv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mswsock.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvidc32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp61.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msvcp60.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msv1_0.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mstlsapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msrle32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msprivs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msisip.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msimsg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh263.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msh261.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgsm32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msgina.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg723.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msg711.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msdtc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msctf.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msaud32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msasn1.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msadp32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\msacm32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mprapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mpr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\MPG4C32.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mouse.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\modemui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mnmsrvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmsystem.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mmdrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfcsubs.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42loc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mfc42.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\mapi32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\locator.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\localspl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lmhsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\lhacm.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\kmddsp.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\keyboard.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\javasup.vxd:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iyuv_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\irmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir50_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir41_32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ir32_32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipsecsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ipconf.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\inetpp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imapi.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imagehlp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\imaadp32.acm:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ie4uinit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icmp.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iccvid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\icaapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\iac25_32.ax:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hpzlnt04.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hnetcfg.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hidphone.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\hid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\h323.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eventlog.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\eumex4sp.tsp:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\duser.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dssenh.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drwtsn32.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drprov.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WSTCODEC.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmXlCore.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmVirHid.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\WmBEnum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\wanarp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\vga.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\USBSTOR.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbohci.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbehci.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usbccgp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\usb8023.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\update.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ulisa.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\termdd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sysaudio.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swmidi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\swenum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\StreamIP.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SSHDRV62.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\sr.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SONYPVU1.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\SLIP.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\sfhlp01.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serial.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\serenum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\secdrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\scsiport.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rootmdm.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\redbook.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpdr.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rdpcdd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspti.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspptp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\raspppoe.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasl2tp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasirda.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\rasacd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ptilink.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\psched.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prosync1.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prohlp02.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\prodrv06.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\pciide.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\parport.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkfwd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nwlnkflt.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\nmnt.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbt.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\netbios.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndiswan.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndisuio.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ndistapi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NdisIP.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\NABTSFEC.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSTEE.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPQM.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSPCLOCK.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\MSKSSRV.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\msgpc.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\mrxdav.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LVSound2.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\lvce.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LMouFlt2.Sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDUSB.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\LHIDFLT2.SYS:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\L8042pr2.Sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\isapnp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irsir.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irenum.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\irda.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipsec.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipinip.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ipfltdrv.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\ip6fw.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\imapi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\HIDSwvd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\GcKernel.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\ftdisk.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\flpydisk.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\fdc.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\drmkaud.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\DMusic.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmload.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmio.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\dmboot.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\disk.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\detewecp.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\cdrom.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\CCDECODE.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\Capi20.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\audstub.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\atmarpc.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\DRIVERS\atapi.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\asyncmac.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\arp1394.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\drivers\afd.sys:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dnsrslvr.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmserver.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dmadmin.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\dllhost.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\davclnt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\csrsrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cscui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptsvc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cryptdll.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\crypt32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\credui.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comres.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\COMNCTR.DLL:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comm.drv:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\comdlg32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cnbjmon.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clusapi.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\clipsrv.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cisvc.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cfgmgr32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\certcli.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\cabinet.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1253.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1251.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\c_1250.nls:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browser.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\browselc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\bootvid.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\batmeter.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\basesrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\autochk.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\audiosrv.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\atl.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asycfilt.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\asfsipc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\alg.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\adsldpc.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\actxprxy.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\activeds.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\ACDV.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\System32\12kCUusd.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\regedit.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\LOGI_MWX.EXE:KAVICHS @Alternate Data Stream - 36 bytes -> C:\WINDOWS\$NtUninstallKB890859$\user32.dll:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Eigene Dateien\desktop.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\TeamSpeak 2 RC2.lnk:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Desktop\(E).lnk:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\btsv\Anwendungsdaten\desktop.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Dokumente\desktop.ini:KAVICHS @Alternate Data Stream - 36 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\desktop.ini:KAVICHS @Alternate Data Stream - 146 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:054B9966 @Alternate Data Stream - 100 bytes -> C:\WINDOWS\System32\setupapi.dll:KAVICHS @Alternate Data Stream - 100 bytes -> C:\WINDOWS\explorer.exe:KAVICHS < End of report > |
|
13.10.2010, 19:39
| #7 |
| | Backdoor.Bot ist nach jedem Neustart wieder da OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.10.10 12:11:33 - Run 2
OTL by OldTimer - Version 3.2.15.2 Folder = C:\Dokumente und Einstellungen\btsv\Desktop\MFTools
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yy
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 77,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = c:\Programme
Drive C: | 19,53 Gb Total Space | 4,66 Gb Free Space | 23,87% Space Free | Partition Type: NTFS
Drive E: | 100,08 Gb Total Space | 11,93 Gb Free Space | 11,92% Space Free | Partition Type: NTFS
Drive F: | 33,77 Gb Total Space | 20,78 Gb Free Space | 61,55% Space Free | Partition Type: NTFS
Drive H: | 172,79 Gb Total Space | 7,64 Gb Free Space | 4,42% Space Free | Partition Type: NTFS
Drive I: | 292,96 Gb Total Space | 18,11 Gb Free Space | 6,18% Space Free | Partition Type: NTFS
Computer Name: LUGL | User Name: btsv | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "e:\Programme\ACD Systems\ACDSee\6.0\ACDSee6.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mp3tag] -- "e:\Programme\Mp3tag\Mp3tag.exe" "/fp:%1" (Florian Heidenreich)
Directory [Winamp.Bookmark] -- "e:\Programme\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "e:\Programme\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "e:\Programme\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"F:\Programme\Miranda IM\miranda32.exe" = F:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"E:\Programme\Valve\Steam\Steam.exe" = E:\Programme\Valve\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"f:\Programme\BitTorrent\bittorrent.exe" = f:\Programme\BitTorrent\bittorrent.exe:*:Disabled:BitTorrent -- File not found
"E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = E:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- File not found
"I:\Programme\Unreal Tournament 3\Binaries\UT3.exe" = I:\Programme\Unreal Tournament 3\Binaries\UT3.exe:*:Enabled:Unreal Tournament 3 -- File not found
"E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = E:\Programme\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2 -- (Ubisoft Entertainment)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater -- (Ubisoft)
"I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe" = I:\Programme\Ubisoft\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor -- (Ubisoft Entertainment)
"H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe" = H:\Programme\Ubisoft\Techland\Call of Juarez - Bound in Blood\CoJBiBGame_x86.exe:*:Enabled:Call of Juarez - Bound in Blood -- (Techland)
"C:\Programme\TeamViewer\Version5\TeamViewer.exe" = C:\Programme\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"E:\Programme\Sony Ericsson\Update Service\Update Service.exe" = E:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe" = E:\Programme\Valve\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)
"I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe" = I:\Programme\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2 -- (EA Digital Illusions CE AB)
"E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe" = E:\Programme\Password Solutions\Office Password Recovery PRO\OfficePasswordRecoveryPRO.exe:*:Enabled:Office Password Recovery PRO -- File not found
"E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe" = E:\Programme\Valve\Steam\SteamApps\common\dawn of war 2\DOW2.exe:*:Enabled:Warhammer® 40,000™: Dawn of War® II -- (THQ Canada Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01E9CBDA-5480-4FE8-BBC9-BE29BB8AB4C0}" =
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{06204E2A-6369-43ED-A9CF-49B5F49915FA}" = Twin Digital GamePad
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{178A1098-E15E-4FCF-8748-B613DC687FF0}" = MarkAble
"{1850E508-D6C3-4820-AD23-7F73A2BC606C}_is1" = Elcomsoft Password Recovery Studio
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A20BC22-8F21-4A2A-9F4A-E31FC0E5C7E3}" = ACDSee 6.0 PowerPack
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{347C6ECC-7DB2-49CC-A344-1FB0606DA662}" = WW-Essensplaner
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3648253A-C2C4-4CFB-8BE5-381D1C638B94}" = GameSpy Comrade
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = Logitech Registration
"{4300EF0D-2041-4179-AFFF-21E01160740F}" = Eumex 504PC USB
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A684677-2EB8-41DF-941D-BEA07D50D545}" = Videoraptor
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4CE4B975-A5C1-43C0-A565-C00F0ABFC94C}" = PC-Bibliothek 3.0
"{52809086-618D-4F0B-8BF1-B75A5BB817A4}" = Sony Ericsson PC Suite
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53480520-7555-470E-8C69-750B0472B4BB}" = O&O Defrag Professional Edition
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{54971F17-9D16-4D43-95D6-3A86E3D20EDB}" = Office-Bibliothek 4.1
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio
"{5D956474-97AD-4E03-87F6-37F06437359E}" = MindMapper 2009
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68F19BCC-49D3-49FF-BAAC-A147C66A9710}" = AMD Power Monitor
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{80157B54-DB3E-4EE9-8AD8-63A905765FF4}_is1" = Opti Drive Control 1.47
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{93EC14D5-7AAA-4EAD-BB75-013817A96598}" = Logitech Gaming Software
"{9665B325-3F96-11D6-A1FA-000374890932}" = TuneUp Utilities 2003
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C450606-ED24-4958-92BA-B8940C99D441}" = PixiePack Codec Pack
"{9E2514D9-DC24-4634-B348-61F3EF0F1628}" = Sound Blaster Audigy 2 ZS
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}" = Unreal Tournament 3
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC4729BF-0396-47EF-AA0B-3A04111F19F9}" = FightBoard Advanced 1.00
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Evaluation
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EA08048C-3823-4DC8-B169-1D5D11FFC19F}_is1" = PDF-XChange 4
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"{FFAB5ABB-8AAB-42E2-847F-1743E51E01E9}" = Disc2Phone
"3B18191663CDFABAA2A93D4267E54D683153FF60" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"5A46830178E35AB63403A85E361CCD6FA32C9078" = Windows-Treiberpaket - Sony Ericsson (seehcri) USB (01/09/2008 1.1.0.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Advanced RAR Password Recovery" = Advanced RAR Password Recovery (remove only)
"Advanced RAR Repair v1.0" = Advanced RAR Repair v1.0
"Anotha ID3 Editor" = Anotha ID3 Editor 1.51
"Anti-Twin 2009-04-29 20.45.46" = Anti-Twin (Installation 29.04.2009)
"AnyDVD" = AnyDVD
"ASAPI Update" = ASAPI Update
"Ashampoo Photo Optimizer FREE_is1" = Ashampoo Photo Optimizer FREE
"AudioConSole" = Creative-Audiokonsole
"Audiograbber" = Audiograbber 1.83 SE
"AutoGK" = Auto Gordian Knot 2.45
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Azureus Vuze" = Azureus Vuze
"Bf2SP64 2.31" = Bf2SP64 2.31
"Biet-O-Matic v2.4.1" = Biet-O-Matic v2.4.1
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"BSPlayer1" = BSPlayer
"CDBF - DBF Viewer and Editor_is1" = Version 1.45.01
"CDex" = CDex extraction audio
"Clean 5" = Clean 5
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Das Neue Dr.Brain Gehirn Jogging" = Das Neue Dr.Brain Gehirn Jogging
"DBF Viewer 2000" = DBF Viewer 2000 2.45
"Digitale Bibliothek 3" = Digitale Bibliothek 3
"DirectVobSub" = DirectVobSub (remove only)
"DVD Identifier_is1" = DVD Identifier
"eMule" = eMule
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.2.4
"fotocommunity" = fotocommunity
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"FreeFileSync" = FreeFileSync
"Game Jackal v4_is1" = Game Jackal v4.1.0.8 (32 bit)
"GameSpy Arcade" = GameSpy Arcade
"Geschichtslexikon" = Geschichtslexikon
"GUI for dvdauthor" = GUI for dvdauthor 1.04
"Hamachi" = Hamachi 1.0.3.0
"HD Tune_is1" = HD Tune 2.54
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"hp deskjet 960c series" = hp deskjet 960c series (nur entfernen)
"iDump" = iDump v1.1.1
"ImgBurn" = ImgBurn
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{226CA5FA-D90E-4B78-9325-2DDA68BA691A}" = Duden Korrektor PLUS 3
"InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{3D047C15-C859-45F7-81CE-F2681778069B}" = iPod for Windows 2006-01-10
"InstallShield_{59C4F14F-7590-45FC-BE9F-A67AB3590709}" = iTunes
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}" = Call of Juarez - Bound in Blood
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.5.5
"jv16 PowerTools_is1" = jv16 PowerTools 2007
"KeyView for Lotus" = KeyView for Lotus 97
"LabelEditor" = Label Editor
"MAGIX Foto Manager" = MAGIX Foto Manager
"MAGIX Music Manager" = MAGIX Music Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Miranda IM" = Miranda IM 0.9.4
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"Mp3tag" = Mp3tag v2.41
"MusicBrainz Picard" = MusicBrainz Picard 0.11
"MUSTEK 1200 CU v2.0a" = MUSTEK 1200 CU v2.0a
"Nero - Burning Rom!UninstallKey" = Ahead Nero - Burning Rom
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.0b
"PDFCreator Toolbar" = PDFCreator Toolbar
"Photo to Sketch Pro_is1" = Photo to Sketch Pro 3.6
"Picasa 3" = Picasa 3
"Product_Name" = sbPlus
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"SCHLECKER Foto-Digital-Service" = SCHLECKER Foto-Digital-Service
"SCOLA-Zeugnis 2008" = SCOLA-Zeugnis 2008 Dezember 2007
"SiSoftware Sandra Professional_is1" = SiSoftware Sandra Professional 2003
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SUPER ©" = SUPER © Version 2008.bld.25 (Feb 5, 2008)
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 5" = TeamViewer 5
"Untis 2011" = Untis 2011
"Update Service" = Update Service
"VLC media player" = VideoLAN VLC media player 0.8.6f
"VobSub" = VobSub v2.23 (Remove Only)
"WaveLabLite" = WaveLab Lite
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Weight Watchers MP5_is1" = Weight Watchers MP5
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Winamp 5.02 Deutsche Sprachdatei v14" = Deutsche Sprachdatei für Winamp 5.02 v14
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"WW3C" = WebWeaver Client
"Xfire" = Xfire (remove only)
"XMedia Recode" = XMedia Recode 2.0.5.3
"xp-AntiSpy" = xp-AntiSpy 3.94-2
"XpertVision_is1" = XpertVision 5.9
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"XVid;-)" = XVid;-)
"XviD_is1" = XviD MPEG-4 Video Codec
"XviDDec" = Nic's XviD Decoder
"ZoomPlayer" = Zoom Player (remove only)
"ZoomPlayerLang" = Zoom Player German language (remove only)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-746137067-583907252-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Advanced PDF Password Recovery" = Advanced PDF Password Recovery
"Sansa Updater" = Sansa Updater
"Skat-Online V4" = Skat-Online V4
"Skat-Online V7" = Skat-Online V7
========== Last 10 Event Log Errors ==========
[ System Events ]
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Machine Debug Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "O&O Defrag" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Game Jackal Server" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 13.10.10 04:28:27 | Computer Name = LUGL | Source = Service Control Manager | ID = 7034
Description = Dienst "Sony Ericsson OMSI download service" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
Error - 13.10.10 04:32:23 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
Error - 13.10.10 06:58:19 | Computer Name = LUGL | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Systemwiederherstellungsdienst" wurde mit folgendem Fehler
beendet: %%2
Error - 13.10.10 06:58:19 | Computer Name = LUGL | Source = SRService | ID = 104
Description = Die Initialisierung der Systemwiederherstellung ist fehlgeschlagen.
< End of report >
Rest folgt... |
|
13.10.2010, 19:40
| #8 |
| /// Malware-holic | Backdoor.Bot ist nach jedem Neustart wieder da ok und dann gehts weiter :-) |
|
13.10.2010, 22:00
| #9 |
| | Backdoor.Bot ist nach jedem Neustart wieder da So, hier ist noch der letzte fehlende Log. |
|
14.10.2010, 11:08
| #10 |
| /// Malware-holic | Backdoor.Bot ist nach jedem Neustart wieder da nutze dieses tool von kaspersky Wie bekämpft man Schadprogramme Trojan-Spy.Win32.ZBot? |
|
14.10.2010, 11:18
| #11 |
| | Backdoor.Bot ist nach jedem Neustart wieder da Habe ich gemacht, hat aber nichts gefunden. "1 Unhooked Action", ansonsten nichts. Bin ich es jetzt los, oder? |
|
14.10.2010, 11:25
| #12 |
| /// Malware-holic | Backdoor.Bot ist nach jedem Neustart wieder da |
|
14.10.2010, 12:06
| #13 |
| | Backdoor.Bot ist nach jedem Neustart wieder da GMER 1.0.15.15281 - hxxp://www.gmer.net Rootkit quick scan 2010-10-14 13:04:13 Windows 5.1.2600 Service Pack 2 Running: gmer.exe; Driver: e:\Temp\pxtdapod.sys ---- System - GMER 1.0.15 ---- SSDT spkw.sys ZwEnumerateKey [0xB7EC8CA2] SSDT spkw.sys ZwEnumerateValueKey [0xB7EC9030] ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A7561F8 ---- EOF - GMER 1.0.15 ---- |
|
14.10.2010, 12:10
| #14 |
| /// Malware-holic | Backdoor.Bot ist nach jedem Neustart wieder da jo und jetzt den vollständigen scan starten |
|
14.10.2010, 18:43
| #15 |
| | Backdoor.Bot ist nach jedem Neustart wieder da Sorry, aber nach jetzt 6,5 h habe ich den scan abgebrochen. Leider konnte ich nicht mal das log sichern, da danach mein Rechner eingefroren war. Hm. Wenn man bedenkt, wie viel Zeit man in die Scans steckt, dann frage ich mich, warum man nicht gleich neuinstalliert. |
|
| Themen zu Backdoor.Bot ist nach jedem Neustart wieder da |
| 0 bytes, 0x00000001, ad-aware, adblock, adobe, afd.sys, alternate, antivir, antivir guard, avg, avgntflt.sys, avira, bearbeitung, bho, c:\windows\system32\rundll32.exe, components, computer, desktop, dllhost.exe, einstellungen, excel, firefox, fontcache, gainward, google, hijack, hijackthis, hkus\s-1-5-18, internet, internet explorer, langsam, location, mozilla, mozilla thunderbird, msiexec.exe, msimg32.dll, nt.dll, ntdll.dll, oldtimer, oledlg.dll, plug-in, prozesse, registry, rundll, schannel.dll, searchplugins, software, sptd.sys, system restore, tracker, ups.exe, verweise, virus gefunden, windows, windows xp, wintrust.dll |
Linear-Darstellung
