| rockingbert | 03.05.2013 23:29 |
Hier die Logfile von OTL:OTL Logfile: Code:
OTL logfile created on: 04.05.2013 00:15:45 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 3,27 Gb Available Physical Memory | 93,36% Memory free
5,34 Gb Paging File | 5,29 Gb Available in Paging File | 99,10% Paging File free
Paging file location(s): C:\\PAGEFILE.SYS 2046 4092 [binary data]
%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = C:\\PROGRAMME
Drive C: | 26,24 Gb Total Space | 1,54 Gb Free Space | 5,85% Space Free | Partition Type: NTFS
Drive D: | 146,49 Gb Total Space | 7,52 Gb Free Space | 5,13% Space Free | Partition Type: NTFS
Drive E: | 89,19 Gb Total Space | 8,57 Gb Free Space | 9,60% Space Free | Partition Type: NTFS
Drive F: | 12,42 Gb Total Space | 12,33 Gb Free Space | 99,27% Space Free | Partition Type: NTFS
Drive G: | 146,49 Gb Total Space | 11,03 Gb Free Space | 7,53% Space Free | Partition Type: NTFS
Drive H: | 24,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 44,94 Gb Total Space | 18,31 Gb Free Space | 40,75% Space Free | Partition Type: NTFS
Computer Name: SOLARENE-14885C | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\otl.exe (OldTimer Tools)
PRC - J:\WINDOWS\system32\WgaTray.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
========== Modules (No Company Name) ==========
========== Services (SafeList) ==========
SRV - (Yontoo Desktop Updater) -- C:\PROGRAMME\Yontoo\Y2Desktop.Updater.exe J:\Dokumente und Einstellungen\bert\Anwendungsdaten\Yontoo\YontooDesktop.exe File not found
SRV - (SDWSCService) -- C:\PROGRAMME\Spybot File not found
SRV - (SDUpdateService) -- C:\PROGRAMME\Spybot File not found
SRV - (SDScannerService) -- C:\PROGRAMME\Spybot File not found
SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (winmgmt) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rnir3.dat (Корпорация Майкрософт2)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- J:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Norton PC Checkup Application Launcher) -- J:\Programme\Norton PC Checkup 3.0\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (MozillaMaintenance) -- J:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (a2AntiMalware) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (N360) -- J:\Programme\Norton 360\Engine\20.3.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- J:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (AVM WLAN Connection Service) -- J:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (WMPNetworkSvc) -- J:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ImapiService) -- C:\\WINDOWS\SYSTEM32\IMAPI.EXE ()
SRV - (ose) -- J:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV - (WDICA) -- File not found
DRV - (USBAAPL) -- System32\Drivers\usbaapl.sys File not found
DRV - (SYMTDI) -- J:\WINDOWS\System32\Drivers\N360\1403000.024\SYMTDI.SYS File not found
DRV - (SRTSP) -- J:\WINDOWS\System32\Drivers\N360\1403000.024\SRTSP.SYS File not found
DRV - (SANDRA) -- J:\Programme\SiSoftware\SiSoftware Sandra Lite 2013.SP2\WNt500x86\Sandra.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (fjehn) -- System32\drivers\kulj.sys File not found
DRV - (Changer) -- File not found
DRV - (AsrCDDrv) -- J:\WINDOWS\system32\Drivers\AsrCDDrv.sys File not found
DRV - (mbamswissarmy) -- J:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mbamchameleon) -- J:\WINDOWS\system32\drivers\mbamchameleon.sys ()
DRV - (MBAMProtector) -- J:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SymEFA) -- J:\WINDOWS\system32\drivers\N360\1403010.016\symefa.sys (Symantec Corporation)
DRV - (SRTSPX) -- J:\WINDOWS\system32\drivers\N360\1403010.016\srtspx.sys (Symantec Corporation)
DRV - (NAVEX15) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.025\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.025\NAVENG.SYS (Symantec Corporation)
DRV - (SymDS) -- J:\WINDOWS\system32\drivers\N360\1403010.016\symds.sys (Symantec Corporation)
DRV - (SymEvent) -- J:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130413.001\IDSXpx86.sys (Symantec Corporation)
DRV - (ati2mtag) -- J:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (SymIRON) -- J:\WINDOWS\system32\drivers\N360\1403010.016\ironx86.sys (Symantec Corporation)
DRV - (ccSet_N360) -- J:\WINDOWS\system32\drivers\N360\1403010.016\ccsetx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- J:\Programme\Gemeinsame Dateien\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (AtiHDAudioService) -- J:\WINDOWS\system32\drivers\AtihdXP3.sys (Advanced Micro Devices)
DRV - (FNETTBOH_305) -- J:\WINDOWS\system32\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV - (FNETURPX) -- J:\WINDOWS\system32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (a2acc) -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (atksgt) -- J:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- J:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (A2DDA) -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (NPF) -- J:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (FlashUSB) -- J:\WINDOWS\system32\drivers\FlashUSB.sys (Danish Wireless Design A/S)
DRV - (Tcpip6) -- J:\WINDOWS\system32\drivers\tcpip6.sys (Microsoft Corporation)
DRV - (VIAHdAudAddService) -- J:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AMBFilt) -- J:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (MonFilt) -- J:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (USBModem) -- J:\WINDOWS\system32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- J:\WINDOWS\system32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- J:\WINDOWS\system32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (nvgts) -- J:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (fwlanusbn) -- J:\WINDOWS\system32\drivers\fwlanusbn.sys (AVM GmbH)
DRV - (avmeject) -- J:\WINDOWS\system32\drivers\avmeject.sys (AVM Berlin)
DRV - (AmdPPM) -- J:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-115176313-682003330-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-823518204-115176313-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: J:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\\PROGRAMME\GOOGLE\GOOGLE EARTH\PLUGIN\NPGEPLUGIN.DLL ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\\WINDOWS\SYSTEM32\NPDEPLOYJAVA1.DLL File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\\PROGRAMME\JAVA\JRE6\BIN\PLUGIN2\NPJP2.DLL File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\NPWPF.DLL ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\\PROGRAMME\REAL\REALPLAYER\NETSCAPE6\NPPL3260.DLL File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\MOZILLAPLUGINS\NPRNDLCHROMEBROWSERRECORDEXT.DLL File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\MOZILLAPLUGINS\NPRNDLHTML5VIDEOSHIM.DLL File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\MOZILLAPLUGINS\NPRNDLPEPPERFLASHVIDEOSHIM.DLL File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\\PROGRAMME\REAL\REALPLAYER\NETSCAPE6\NPRPPLUGIN.DLL File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\NPDLPLUGIN.DLL File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\\PROGRAMME\GOOGLE\UPDATE\1.3.21.135\NPGOOGLEUPDATE3.DLL File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\\PROGRAMME\GOOGLE\UPDATE\1.3.21.135\NPGOOGLEUPDATE3.DLL File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\\PROGRAMME\VIDEOLAN\VLC\NPVLC.DLL File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: J:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.16 09:53:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\\DOKUMENTE UND EINSTELLUNGEN\ALL USERS\ANWENDUNGSDATEN\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.02 17:40:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.03.19 17:16:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.07.15 12:09:04 | 000,000,000 | ---D | M]
[2011.12.13 10:05:44 | 000,000,000 | ---D | M] (No name found) -- C:\\PROGRAMME\mozilla firefox\extensions
[2013.03.19 17:16:16 | 000,097,208 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 09:23:30 | 000,686,592 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\plugins\npmieze.dll
[2013.03.19 17:16:05 | 000,001,392 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.03.19 17:16:05 | 000,002,252 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\bing.xml
[2013.03.19 17:16:05 | 000,001,153 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.29 17:19:17 | 000,000,143 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\foxsearch.src
[2013.03.19 17:16:05 | 000,006,805 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.23 13:50:36 | 000,000,158 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\Search the web.src
[2013.03.19 17:16:05 | 000,001,178 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.03.19 17:16:05 | 000,001,105 | ---- | M] () -- C:\\PROGRAMME\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2004.08.04 12:00:00 | 000,000,820 | ---- | M]) - J:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\\PROGRAMME\GEMEINSAME DATEIEN\ADOBE\ACROBAT\ACTIVEX\ACROIEHELPERSHIM.DLL ()
O2 - BHO: (no name) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - J:\Programme\Norton 360\Engine\20.3.0.36\coIEPlg.dll File not found
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - J:\Programme\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\\PROGRAMME\JAVA\JRE6\BIN\SSV.DLL ()
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - J:\Programme\Norton 360\Engine\20.3.0.36\coIEPlg.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [AVMWlanClient] C:\\PROGRAMME\AVMWLANSTICK\WLANGUI.EXE ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] J:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Emsisoft Anti-Malware] c:\programme\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [SpywareTerminatorShield] C:\Programme\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SpywareTerminatorUpdater] C:\Programme\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [StartCCC] C:\PROGRAMME\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CLISTART.EXE (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\\WINDOWS\SYSTEM32\CTFMON.EXE ()
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\\WINDOWS\SYSTEM32\CTFMON.EXE ()
O4 - HKU\S-1-5-20..\Run: [CTFMON.EXE] C:\\WINDOWS\SYSTEM32\CTFMON.EXE ()
O4 - HKU\S-1-5-21-823518204-115176313-682003330-500..\Run: [WinPatrol] C:\PROGRAMME\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\PROGRAMME\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-115176313-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - RES://C:\\PROGRAMME\BABYLON\BABYLON-PRO\UTILS\BABYLONIEPI.DLL/ACTIONTU.HTM File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - RES://C:\\PROGRAMME\BABYLON\BABYLON-PRO\UTILS\BABYLONIEPI.DLL/ACTIONTU.HTM File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Reg Error: Key error.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\\WINDOWS\SYSTEM32\MSVIDCTL.DLL ()
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\\WINDOWS\SYSTEM32\URLMON.DLL ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL ()
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\\WINDOWS\SYSTEM32\ITSS.DLL ()
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL ()
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\\PROGRA~1\GEMEIN~1\SYSTEM\OLEDB~1\MSDAIPP.DLL ()
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\\WINDOWS\SYSTEM32\ITSS.DLL ()
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\\WINDOWS\SYSTEM32\MSVIDCTL.DLL ()
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\\WINDOWS\SYSTEM32\WIASCR.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - J:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\\WINDOWS\SYSTEM32\USERINIT.EXE) - C:\\WINDOWS\SYSTEM32\USERINIT.EXE ()
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - J:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\\WINDOWS\SYSTEM32\STOBJECT.DLL ()
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\\WINDOWS\SYSTEM32\WPDSHSERVICEOBJ.DLL ()
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.15 23:29:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (AUTOCHECK XMNT2002 /BAT="C:\\WINDOWS\TEMP\PQ_BATCH.PQB" /WIN="C:\\WINDOWS" /DBG="C:\\WINDOWS\TEMP\PQ_DEBUG.TXT" /VER=262144 /PRD="PARTITIONMAGIC")
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.05.03 14:40:05 | 000,143,688 | ---- | C] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.05.03 14:38:46 | 000,033,792 | ---- | C] (Microsoft Corporation) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe
[2013.05.03 12:57:22 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2013.05.03 12:57:15 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2013.05.03 12:57:13 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbam.sys
[2013.05.03 12:57:12 | 000,000,000 | ---D | C] -- C:\\PROGRAMME\Malwarebytes' Anti-Malware
[2013.05.03 11:27:43 | 000,000,000 | R--D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Eigene Dateien
[2013.05.03 11:03:55 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Anwendungsdaten\WinPatrol
[2013.05.03 11:03:50 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WinPatrol
[2013.05.03 11:03:48 | 000,000,000 | ---D | C] -- C:\\PROGRAMME\WinPatrol
[2013.05.03 11:03:48 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\InstallMate
[2013.05.02 10:55:28 | 000,000,000 | ---D | C] -- C:\\PROGRAMME\Emsisoft Anti-Malware
[2013.05.02 10:25:01 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2013.05.02 10:23:54 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy 2
[2013.05.02 10:23:44 | 000,015,224 | ---- | C] (Safer Networking Limited) -- J:\WINDOWS\System32\sdnclean.exe
[2013.05.02 10:23:31 | 000,000,000 | ---D | C] -- C:\\PROGRAMME\Spybot - Search & Destroy 2
[2013.04.30 18:26:26 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spyware Terminator
[2013.04.30 18:26:26 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Anwendungsdaten\Spyware Terminator
[2013.04.30 18:26:24 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spyware Terminator 2012
[2013.04.30 18:26:20 | 000,000,000 | ---D | C] -- C:\\PROGRAMME\Spyware Terminator
[2013.04.29 12:56:07 | 000,000,000 | -HSD | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\PrivacIE
[2013.04.29 12:56:05 | 000,000,000 | -HSD | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\IETldCache
[2013.04.29 12:54:51 | 000,000,000 | --SD | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Anwendungsdaten\Microsoft
[2013.04.29 12:54:51 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\SendTo
[2013.04.29 12:54:51 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Anwendungsdaten
[2013.04.29 12:54:51 | 000,000,000 | R--D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Startmenü\Programme\Zubehör
[2013.04.29 12:54:51 | 000,000,000 | R--D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Startmenü
[2013.04.29 12:54:51 | 000,000,000 | R--D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Startmenü\Programme\Autostart
[2013.04.29 12:54:51 | 000,000,000 | -HSD | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Cookies
[2013.04.29 12:54:51 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Vorlagen
[2013.04.29 12:54:51 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Recent
[2013.04.29 12:54:51 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Netzwerkumgebung
[2013.04.29 12:54:51 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Lokale Einstellungen
[2013.04.29 12:54:51 | 000,000,000 | -H-D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Druckumgebung
[2013.04.29 12:54:51 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2013.04.29 12:54:51 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Favoriten
[2013.04.29 12:54:51 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Desktop
[2013.04.29 12:18:54 | 000,000,000 | -HSD | C] -- J:\WINDOWS\CSC
[2013.04.29 11:35:22 | 000,127,488 | ---- | C] (Корпорация Майкрософт2) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rnir3.dat
[2013.04.29 11:35:22 | 000,127,488 | ---- | C] (Корпорация Майкрософт2) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\niljmj.dat
[2013.04.28 15:19:00 | 000,000,000 | ---D | C] -- J:\VLC
[2013.04.28 14:55:33 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ElsterFormular
[2013.04.28 14:55:08 | 000,000,000 | ---D | C] -- C:\\PROGRAMME\ElsterFormular
[4 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.05.04 00:15:45 | 000,012,598 | ---- | M] () -- J:\WINDOWS\System32\wpa.dbl
[2013.05.04 00:14:58 | 000,002,048 | --S- | M] () -- J:\WINDOWS\bootstat.dat
[2013.05.03 15:00:45 | 000,143,688 | ---- | M] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2013.05.03 14:40:05 | 000,035,144 | ---- | M] () -- J:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.05.03 14:38:46 | 000,033,792 | ---- | M] (Microsoft Corporation) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rundll32.exe
[2013.05.03 14:27:32 | 000,134,872 | ---- | M] () -- J:\WINDOWS\System32\FNTCACHE.DAT
[2013.05.03 12:57:23 | 000,000,630 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.03 10:58:40 | 095,023,320 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3rinr.pad
[2013.05.03 10:58:28 | 000,001,084 | ---- | M] () -- J:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 10:58:28 | 000,000,612 | ---- | M] () -- J:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.05.03 10:58:28 | 000,000,268 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-115176313-682003330-1003.job
[2013.05.03 10:58:28 | 000,000,268 | ---- | M] () -- J:\WINDOWS\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-823518204-115176313-682003330-1003.job
[2013.05.03 10:58:27 | 000,000,270 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-115176313-682003330-1005.job
[2013.05.03 10:58:27 | 000,000,268 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-823518204-115176313-682003330-1006.job
[2013.05.03 10:33:00 | 000,001,088 | ---- | M] () -- J:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.03 10:25:15 | 000,000,884 | ---- | M] () -- J:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.05.02 23:21:46 | 000,000,000 | ---- | M] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\defogger_reenable
[2013.05.02 11:13:23 | 000,000,608 | ---- | M] () -- J:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.05.02 11:13:23 | 000,000,438 | ---- | M] () -- J:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.05.02 10:56:32 | 000,000,616 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013.05.02 10:53:50 | 000,002,233 | ---- | M] () -- J:\WINDOWS\wininit.ini
[2013.05.02 10:23:55 | 000,000,874 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.05.02 08:32:09 | 000,000,569 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.04.29 12:56:04 | 000,000,792 | ---- | M] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Startmenü\Programme\Autostart\msconfig.lnk
[2013.04.29 12:55:52 | 000,000,754 | RHS- | M] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\ntuser.pol
[2013.04.29 11:35:26 | 095,023,320 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jmjlin.pad
[2013.04.29 11:35:22 | 000,127,488 | ---- | M] (Корпорация Майкрософт2) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\rnir3.dat
[2013.04.29 11:35:22 | 000,127,488 | ---- | M] (Корпорация Майкрософт2) -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\niljmj.dat
[2013.04.28 21:43:57 | 000,001,572 | ---- | M] () -- J:\WINDOWS\WISO.INI
[2013.04.28 19:35:00 | 000,000,276 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-115176313-682003330-1006.job
[2013.04.28 19:25:00 | 000,000,278 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-115176313-682003330-1005.job
[2013.04.28 15:19:36 | 000,000,450 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2013.04.28 14:55:34 | 000,000,756 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.27 18:24:37 | 000,000,452 | ---- | M] () -- J:\WINDOWS\tasks\PC Checkup 3 Weekly Scan.job
[2013.04.27 14:51:00 | 000,000,276 | ---- | M] () -- J:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-823518204-115176313-682003330-1003.job
[2013.04.24 16:42:00 | 000,000,276 | ---- | M] () -- J:\WINDOWS\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-823518204-115176313-682003330-1003.job
[2013.04.17 10:42:36 | 000,001,324 | ---- | M] () -- J:\WINDOWS\System32\d3d9caps.dat
[2013.04.16 14:40:36 | 000,648,747 | ---- | M] () -- J:\WINDOWS\System32\drivers\N360\1403010.016\Cat.DB
[2013.04.16 14:40:19 | 000,014,818 | ---- | M] () -- J:\WINDOWS\System32\drivers\N360\1403010.016\VT20130115.021
[2013.04.11 14:36:18 | 000,001,374 | ---- | M] () -- J:\WINDOWS\imsins.BAK
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbam.sys
[4 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.05.03 14:40:05 | 000,035,144 | ---- | C] () -- J:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013.05.03 12:57:23 | 000,000,630 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.02 23:21:46 | 000,000,000 | ---- | C] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\defogger_reenable
[2013.05.02 10:56:32 | 000,000,616 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Emsisoft Anti-Malware.lnk
[2013.05.02 10:53:47 | 000,002,233 | ---- | C] () -- J:\WINDOWS\wininit.ini
[2013.05.02 10:23:58 | 000,000,612 | ---- | C] () -- J:\WINDOWS\tasks\Check for updates (Spybot - Search & Destroy).job
[2013.05.02 10:23:58 | 000,000,608 | ---- | C] () -- J:\WINDOWS\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013.05.02 10:23:58 | 000,000,438 | ---- | C] () -- J:\WINDOWS\tasks\Scan the system (Spybot - Search & Destroy).job
[2013.05.02 10:23:55 | 000,000,874 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot-S&D Start Center.lnk
[2013.05.02 10:23:55 | 000,000,874 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Spybot-S&D Start Center.lnk
[2013.04.30 18:26:25 | 000,000,569 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Spyware Terminator 2012.lnk
[2013.04.29 12:56:04 | 000,000,792 | ---- | C] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Startmenü\Programme\Autostart\msconfig.lnk
[2013.04.29 12:55:52 | 000,000,754 | RHS- | C] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\ntuser.pol
[2013.04.29 12:54:51 | 000,000,713 | ---- | C] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Startmenü\Programme\Remoteunterstützung.lnk
[2013.04.29 12:54:51 | 000,000,656 | ---- | C] () -- J:\Dokumente und Einstellungen\Administrator.SOLARENE-14885C\Startmenü\Programme\Windows Media Player.lnk
[2013.04.29 11:35:22 | 095,023,320 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\jmjlin.pad
[2013.04.29 11:35:22 | 095,023,320 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\3rinr.pad
[2013.04.28 15:19:36 | 000,000,450 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\VLC media player.lnk
[2013.04.28 14:55:34 | 000,000,756 | ---- | C] () -- J:\Dokumente und Einstellungen\All Users\Desktop\ElsterFormular.lnk
[2013.04.11 14:33:54 | 000,001,374 | ---- | C] () -- J:\WINDOWS\imsins.BAK
[2013.03.15 02:23:31 | 000,126,034 | ---- | C] () -- J:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-823518204-115176313-682003330-1004-0.dat
[2013.01.29 17:19:17 | 000,819,200 | ---- | C] () -- J:\WINDOWS\System32\xvidcore.dll
[2013.01.29 17:19:17 | 000,180,224 | ---- | C] () -- J:\WINDOWS\System32\xvidvfw.dll
[2013.01.29 17:18:55 | 000,085,504 | ---- | C] () -- J:\WINDOWS\System32\ff_vfw.dll
[2013.01.29 17:17:29 | 000,033,019 | ---- | C] () -- J:\WINDOWS\System32\CoreAAC-uninstall.exe
[2012.09.04 14:17:10 | 000,001,572 | ---- | C] () -- J:\WINDOWS\WISO.INI
[2012.08.04 08:04:06 | 000,011,264 | ---- | C] () -- J:\WINDOWS\System32\rockusbCoInstaller.dll
[2012.05.02 20:36:21 | 000,021,840 | ---- | C] () -- J:\WINDOWS\System32\SIntfNT.dll
[2012.05.02 20:36:21 | 000,017,212 | ---- | C] () -- J:\WINDOWS\System32\SIntf32.dll
[2012.05.02 20:36:21 | 000,012,067 | ---- | C] () -- J:\WINDOWS\System32\SIntf16.dll
[2012.05.02 20:19:39 | 000,000,192 | ---- | C] () -- J:\WINDOWS\SCHMIDT.INI
[2012.04.13 18:10:12 | 000,278,984 | ---- | C] () -- J:\WINDOWS\System32\drivers\atksgt.sys
[2012.04.13 18:10:12 | 000,025,416 | ---- | C] () -- J:\WINDOWS\System32\drivers\lirsgt.sys
[2012.04.04 11:50:17 | 000,053,248 | ---- | C] () -- J:\WINDOWS\System32\CommonDL.dll
[2012.04.04 11:50:17 | 000,002,413 | ---- | C] () -- J:\WINDOWS\System32\lgAxconfig.ini
[2012.02.15 10:15:14 | 000,003,072 | ---- | C] () -- J:\WINDOWS\System32\iacenc.dll
[2012.02.07 01:00:56 | 000,126,034 | ---- | C] () -- J:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.02.07 01:00:56 | 000,125,254 | ---- | C] () -- J:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-823518204-115176313-682003330-1003-0.dat
[2012.01.18 18:40:51 | 000,354,816 | ---- | C] () -- J:\WINDOWS\System32\psisdecd.dll
[2012.01.09 14:43:20 | 000,000,043 | ---- | C] () -- J:\WINDOWS\gswin32.ini
[2012.01.05 15:33:19 | 000,116,224 | ---- | C] () -- J:\WINDOWS\System32\redmonnt.dll
[2012.01.05 15:33:19 | 000,045,056 | ---- | C] () -- J:\WINDOWS\System32\unredmon.exe
[2012.01.03 14:07:37 | 000,116,224 | ---- | C] () -- J:\WINDOWS\System32\pdfcmnnt.dll
[2012.01.02 18:08:34 | 000,000,406 | ---- | C] () -- J:\WINDOWS\ODBC.INI
[2011.12.28 19:10:47 | 000,000,000 | ---- | C] () -- J:\WINDOWS\ativpsrm.bin
[2011.12.28 19:10:42 | 000,887,724 | ---- | C] () -- J:\WINDOWS\System32\ativva6x.dat
[2011.12.28 19:10:41 | 000,618,823 | ---- | C] () -- J:\WINDOWS\System32\atiicdxx.dat
[2011.12.28 19:10:41 | 000,000,003 | ---- | C] () -- J:\WINDOWS\System32\ativva5x.dat
[2011.12.28 18:51:11 | 000,003,948 | R--- | C] () -- J:\WINDOWS\System32\drivers\nvphy.bin
[2011.12.22 10:43:57 | 000,001,324 | ---- | C] () -- J:\WINDOWS\System32\d3d9caps.dat
[2011.12.22 09:19:07 | 000,015,573 | ---- | C] () -- J:\WINDOWS\System32\drivers\fwlanusbn.bin
[2011.12.21 19:18:54 | 000,002,048 | --S- | C] () -- J:\WINDOWS\bootstat.dat
[2011.12.21 19:12:54 | 000,021,740 | ---- | C] () -- J:\WINDOWS\System32\emptyregdb.dat
[2011.12.21 19:06:41 | 000,004,205 | ---- | C] () -- J:\WINDOWS\ODBCINST.INI
[2011.12.21 19:05:21 | 000,134,872 | ---- | C] () -- J:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.09 23:39:44 | 000,059,904 | ---- | C] () -- J:\WINDOWS\System32\OpenVideo.dll
[2011.11.09 23:39:32 | 000,054,784 | ---- | C] () -- J:\WINDOWS\System32\OVDecode.dll
========== ZeroAccess Check ==========
[2011.12.28 19:14:10 | 000,000,227 | RHS- | M] () -- J:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2013.02.06 12:48:32 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\\WINDOWS\SYSTEM32\WBEM\FASTPROX.DLL -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] ()
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\\WINDOWS\SYSTEM32\WBEM\WBEMESS.DLL -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] ()
"ThreadingModel" = Both
< End of report >
--- --- --- |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
Malwarebytes Anti-Malware